Auto-Update: 2023-09-19T10:00:24.712860+00:00

2025-07-09 16:05:11 +00:00 · 2023-09-19 10:00:28 +00:00 · 2023-09-19 10:00:28 +00:00 · 6111b518ad
commit 6111b518ad
parent 5e73e00b61
5 changed files with 129 additions and 28 deletions
--- a/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json
+++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json
@ -2,18 +2,22 @@
  "id": "CVE-2023-3935",
  "sourceIdentifier": "info@cert.vde.com",
  "published": "2023-09-13T14:15:09.147",
-  "lastModified": "2023-09-15T14:53:30.693",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-19T08:15:44.727",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
-        "source": "nvd@nist.gov",
+        "source": "info@cert.vde.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
@ -33,24 +37,24 @@
        "impactScore": 5.9
      },
      {
-        "source": "info@cert.vde.com",
+        "source": "nvd@nist.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
-          "scope": "CHANGED",
+          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
-          "baseScore": 10.0,
+          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
-        "impactScore": 6.0
+        "impactScore": 5.9
      }
    ]
  },
@ -217,6 +221,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://cert.vde.com/en/advisories/VDE-2023-030/",
+      "source": "info@cert.vde.com"
+    },
    {
      "url": "https://cert.vde.com/en/advisories/VDE-2023-031/",
      "source": "info@cert.vde.com",
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41387.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41387.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-41387",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-19T09:15:07.860",
+  "lastModified": "2023-09-19T09:15:07.860",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://pub.dev/packages/flutter_downloader/changelog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-47xx/CVE-2023-4701.json
+++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4701.json
@ -2,18 +2,22 @@
  "id": "CVE-2023-4701",
  "sourceIdentifier": "info@cert.vde.com",
  "published": "2023-09-13T14:15:09.297",
-  "lastModified": "2023-09-15T15:17:23.393",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-19T08:15:57.143",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de Gesti\u00f3n de Privilegios Inadecuada a trav\u00e9s de un uso incorrecto de API privilegiadas en versiones de CodeMeter Runtime anteriores a 7.60c permite a un atacante local con pocos privilegios utilizar una llamada API para escalar privilegios con el fin de obtener acceso completo de administrador en el sistema host."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
-        "source": "nvd@nist.gov",
+        "source": "info@cert.vde.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
@ -33,45 +37,45 @@
        "impactScore": 5.9
      },
      {
-        "source": "info@cert.vde.com",
+        "source": "nvd@nist.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
-          "scope": "CHANGED",
+          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
-          "baseScore": 8.8,
+          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
-        "exploitabilityScore": 2.0,
-        "impactScore": 6.0
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
-      "source": "nvd@nist.gov",
+      "source": "info@cert.vde.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
-          "value": "NVD-CWE-noinfo"
+          "value": "CWE-269"
        }
      ]
    },
    {
-      "source": "info@cert.vde.com",
+      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-269"
+          "value": "NVD-CWE-noinfo"
        }
      ]
    }
@ -227,6 +231,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://cert.vde.com/en/advisories/VDE-2023-030/",
+      "source": "info@cert.vde.com"
+    },
    {
      "url": "https://cert.vde.com/en/advisories/VDE-2023-031/",
      "source": "info@cert.vde.com",
--- a/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json
+++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5009",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2023-09-19T08:16:07.203",
+  "lastModified": "2023-09-19T08:16:07.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425304",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://hackerone.com/reports/2147126",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-19T08:00:25.430890+00:00
+2023-09-19T10:00:24.712860+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-19T07:15:51.917000+00:00
+2023-09-19T09:15:07.860000+00:00
 ```

 ### Last Data Feed Release
@ -29,21 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-225796
+225798
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

-* [CVE-2023-5054](CVE-2023/CVE-2023-50xx/CVE-2023-5054.json) (`2023-09-19T07:15:51.917`)
+* [CVE-2023-5009](CVE-2023/CVE-2023-50xx/CVE-2023-5009.json) (`2023-09-19T08:16:07.203`)
+* [CVE-2023-41387](CVE-2023/CVE-2023-413xx/CVE-2023-41387.json) (`2023-09-19T09:15:07.860`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `2`

-* [CVE-2023-0125](CVE-2023/CVE-2023-01xx/CVE-2023-0125.json) (`2023-09-19T06:15:45.807`)
+* [CVE-2023-3935](CVE-2023/CVE-2023-39xx/CVE-2023-3935.json) (`2023-09-19T08:15:44.727`)
+* [CVE-2023-4701](CVE-2023/CVE-2023-47xx/CVE-2023-4701.json) (`2023-09-19T08:15:57.143`)


 ## Download and Usage