From 634dfb4d0a6d18f34d7ae5462e1ae8a50e0c72f0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 31 Jul 2023 02:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-07-31T02:00:26.915123+00:00 --- CVE-2022/CVE-2022-438xx/CVE-2022-43831.json | 47 ++++++++++++++++ CVE-2023/CVE-2023-350xx/CVE-2023-35016.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-350xx/CVE-2023-35019.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4005.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4006.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4007.json | 59 +++++++++++++++++++++ README.md | 21 ++++---- 7 files changed, 354 insertions(+), 9 deletions(-) create mode 100644 CVE-2022/CVE-2022-438xx/CVE-2022-43831.json create mode 100644 CVE-2023/CVE-2023-350xx/CVE-2023-35016.json create mode 100644 CVE-2023/CVE-2023-350xx/CVE-2023-35019.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4005.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4006.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4007.json diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json new file mode 100644 index 00000000000..e2d583632bf --- /dev/null +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2022-43831", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T01:15:09.550", + "lastModified": "2023-07-31T01:15:09.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238941", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7015067", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json new file mode 100644 index 00000000000..7a2ff8ab7b8 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-35016", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T01:15:09.667", + "lastModified": "2023-07-31T01:15:09.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25772", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7014397", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json new file mode 100644 index 00000000000..039f1f0b6ec --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-35019", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-07-31T01:15:09.757", + "lastModified": "2023-07-31T01:15:09.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257873", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7014397", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json new file mode 100644 index 00000000000..7318860dfc2 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4005", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-07-31T01:15:09.840", + "lastModified": "2023-07-31T01:15:09.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json new file mode 100644 index 00000000000..dfb3fae6a35 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4006", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-07-31T01:15:09.937", + "lastModified": "2023-07-31T01:15:09.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4007.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4007.json new file mode 100644 index 00000000000..6ba6e4eae21 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4007.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4007", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-07-31T01:15:10.017", + "lastModified": "2023-07-31T01:15:10.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ba00727e4f4..44117b1b5a0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-30T22:00:25.174937+00:00 +2023-07-31T02:00:26.915123+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-30T21:15:10.047000+00:00 +2023-07-31T01:15:10.017000+00:00 ``` ### Last Data Feed Release @@ -23,28 +23,31 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-30T00:00:13.565276+00:00 +2023-07-31T00:00:13.543710+00:00 ``` ### Total Number of included CVEs ```plain -221282 +221288 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +* [CVE-2022-43831](CVE-2022/CVE-2022-438xx/CVE-2022-43831.json) (`2023-07-31T01:15:09.550`) +* [CVE-2023-35016](CVE-2023/CVE-2023-350xx/CVE-2023-35016.json) (`2023-07-31T01:15:09.667`) +* [CVE-2023-35019](CVE-2023/CVE-2023-350xx/CVE-2023-35019.json) (`2023-07-31T01:15:09.757`) +* [CVE-2023-4005](CVE-2023/CVE-2023-40xx/CVE-2023-4005.json) (`2023-07-31T01:15:09.840`) +* [CVE-2023-4006](CVE-2023/CVE-2023-40xx/CVE-2023-4006.json) (`2023-07-31T01:15:09.937`) +* [CVE-2023-4007](CVE-2023/CVE-2023-40xx/CVE-2023-4007.json) (`2023-07-31T01:15:10.017`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-30T21:15:09.810`) -* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-07-30T21:15:09.910`) -* [CVE-2023-3610](CVE-2023/CVE-2023-36xx/CVE-2023-3610.json) (`2023-07-30T21:15:10.047`) ## Download and Usage