Auto-Update: 2023-09-05T06:00:25.814920+00:00

2025-05-08 19:47:09 +00:00 · 2023-09-05 06:00:29 +00:00 · 2023-09-05 06:00:29 +00:00 · 6253fe4795
commit 6253fe4795
parent 53942d9f82
9 changed files with 108 additions and 29 deletions
--- a/CVE-2019/CVE-2019-134xx/CVE-2019-13473.json
+++ b/CVE-2019/CVE-2019-134xx/CVE-2019-13473.json
@ -2,8 +2,8 @@
  "id": "CVE-2019-13473",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-09-11T19:15:11.593",
-  "lastModified": "2020-08-27T17:36:56.420",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-05T05:15:07.517",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -411,6 +411,10 @@
        "VDB Entry"
      ]
    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Sep/1",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.vulnerability-lab.com/get_content.php?id=2183",
      "source": "cve@mitre.org",
--- a/CVE-2019/CVE-2019-134xx/CVE-2019-13474.json
+++ b/CVE-2019/CVE-2019-134xx/CVE-2019-13474.json
@ -2,8 +2,8 @@
  "id": "CVE-2019-13474",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-09-16T12:15:10.847",
-  "lastModified": "2020-08-24T17:37:01.140",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-05T05:15:07.703",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -383,6 +383,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Sep/1",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.vulnerability-lab.com/get_content.php?id=2183",
      "source": "cve@mitre.org",
--- a/CVE-2022/CVE-2022-485xx/CVE-2022-48554.json
+++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48554.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-48554",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-22T19:16:31.757",
-  "lastModified": "2023-08-26T02:16:23.107",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-05T05:15:07.883",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -72,6 +72,10 @@
        "Exploit",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.debian.org/security/2023/dsa-5489",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36307.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36307.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-36307",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-05T05:15:07.983",
+  "lastModified": "2023-09-05T05:15:07.983",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** DISPUTED ** ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/SimonWaldherr/zplgfa/pull/6",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36308.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36308.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-36308",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-05T04:15:08.703",
+  "lastModified": "2023-09-05T04:15:08.703",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** DISPUTED ** disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/disintegration/imaging/issues/165",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/disintegration/imaging/releases/tag/v1.6.2",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-381xx/CVE-2023-38199.json
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38199.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-38199",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T03:15:10.023",
-  "lastModified": "2023-07-25T14:44:20.033",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-05T04:15:09.017",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion.\" This occurs when the web application relies on only the last Content-Type header."
+      "value": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion\" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40936.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40936.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-40936",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-05T04:15:09.200",
+  "lastModified": "2023-09-05T04:15:09.200",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40937.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40937.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-40937",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-05T04:15:09.260",
+  "lastModified": "2023-09-05T04:15:09.260",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-05T04:00:25.475382+00:00
+2023-09-05T06:00:25.814920+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-05T03:15:12.293000+00:00
+2023-09-05T05:15:07.983000+00:00
 ```

 ### Last Data Feed Release
@ -29,34 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-224138
+224142
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

-* [CVE-2023-4636](CVE-2023/CVE-2023-46xx/CVE-2023-4636.json) (`2023-09-05T03:15:12.293`)
+* [CVE-2023-36308](CVE-2023/CVE-2023-363xx/CVE-2023-36308.json) (`2023-09-05T04:15:08.703`)
+* [CVE-2023-40936](CVE-2023/CVE-2023-409xx/CVE-2023-40936.json) (`2023-09-05T04:15:09.200`)
+* [CVE-2023-40937](CVE-2023/CVE-2023-409xx/CVE-2023-40937.json) (`2023-09-05T04:15:09.260`)
+* [CVE-2023-36307](CVE-2023/CVE-2023-363xx/CVE-2023-36307.json) (`2023-09-05T05:15:07.983`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `14`
+Recently modified CVEs: `4`

-* [CVE-2020-21722](CVE-2020/CVE-2020-217xx/CVE-2020-21722.json) (`2023-09-05T03:15:07.637`)
-* [CVE-2021-41803](CVE-2021/CVE-2021-418xx/CVE-2021-41803.json) (`2023-09-05T03:15:08.497`)
-* [CVE-2022-3064](CVE-2022/CVE-2022-30xx/CVE-2022-3064.json) (`2023-09-05T03:15:08.797`)
-* [CVE-2022-40716](CVE-2022/CVE-2022-407xx/CVE-2022-40716.json) (`2023-09-05T03:15:09.110`)
-* [CVE-2022-41717](CVE-2022/CVE-2022-417xx/CVE-2022-41717.json) (`2023-09-05T03:15:09.377`)
-* [CVE-2023-0845](CVE-2023/CVE-2023-08xx/CVE-2023-0845.json) (`2023-09-05T03:15:09.740`)
-* [CVE-2023-25173](CVE-2023/CVE-2023-251xx/CVE-2023-25173.json) (`2023-09-05T03:15:10.060`)
-* [CVE-2023-26054](CVE-2023/CVE-2023-260xx/CVE-2023-26054.json) (`2023-09-05T03:15:10.427`)
-* [CVE-2023-28840](CVE-2023/CVE-2023-288xx/CVE-2023-28840.json) (`2023-09-05T03:15:10.760`)
-* [CVE-2023-28841](CVE-2023/CVE-2023-288xx/CVE-2023-28841.json) (`2023-09-05T03:15:10.997`)
-* [CVE-2023-28842](CVE-2023/CVE-2023-288xx/CVE-2023-28842.json) (`2023-09-05T03:15:11.240`)
-* [CVE-2023-36328](CVE-2023/CVE-2023-363xx/CVE-2023-36328.json) (`2023-09-05T03:15:11.540`)
-* [CVE-2023-3899](CVE-2023/CVE-2023-38xx/CVE-2023-3899.json) (`2023-09-05T03:15:11.630`)
-* [CVE-2023-40587](CVE-2023/CVE-2023-405xx/CVE-2023-40587.json) (`2023-09-05T03:15:11.787`)
+* [CVE-2019-13473](CVE-2019/CVE-2019-134xx/CVE-2019-13473.json) (`2023-09-05T05:15:07.517`)
+* [CVE-2019-13474](CVE-2019/CVE-2019-134xx/CVE-2019-13474.json) (`2023-09-05T05:15:07.703`)
+* [CVE-2022-48554](CVE-2022/CVE-2022-485xx/CVE-2022-48554.json) (`2023-09-05T05:15:07.883`)
+* [CVE-2023-38199](CVE-2023/CVE-2023-381xx/CVE-2023-38199.json) (`2023-09-05T04:15:09.017`)


 ## Download and Usage