Auto-Update: 2023-10-30T05:00:24.579211+00:00

CVE-2021/CVE-2021-257xx/CVE-2021-25736.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2021-25736",
+  "sourceIdentifier": "jordan@liggitt.net",
+  "published": "2023-10-30T03:15:07.653",
+  "lastModified": "2023-10-30T03:15:07.653",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "jordan@liggitt.net",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/kubernetes/kubernetes/pull/99958",
+      "source": "jordan@liggitt.net"
+    },
+    {
+      "url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ",
+      "source": "jordan@liggitt.net"
+    }
+  ]
+}

CVE-2023/CVE-2023-441xx/CVE-2023-44141.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-44141",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-10-30T04:15:10.340",
+  "lastModified": "2023-10-30T04:15:10.340",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN48057522/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.inkdrop.app/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2023/CVE-2023-468xx/CVE-2023-46866.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-46866",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-30T03:15:07.783",
+  "lastModified": "2023-10-30T03:15:07.783",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-468xx/CVE-2023-46867.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-46867",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-30T03:15:07.830",
+  "lastModified": "2023-10-30T03:15:07.830",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-10-30T03:00:33.911697+00:00
+2023-10-30T05:00:24.579211+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-10-30T02:18:05.193000+00:00
+2023-10-30T04:15:10.340000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,24 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-229124
+229128
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `4`
 
-* [CVE-2023-46865](CVE-2023/CVE-2023-468xx/CVE-2023-46865.json) (`2023-10-30T01:15:21.967`)
-* [CVE-2023-5842](CVE-2023/CVE-2023-58xx/CVE-2023-5842.json) (`2023-10-30T01:15:22.013`)
+* [CVE-2021-25736](CVE-2021/CVE-2021-257xx/CVE-2021-25736.json) (`2023-10-30T03:15:07.653`)
+* [CVE-2023-46866](CVE-2023/CVE-2023-468xx/CVE-2023-46866.json) (`2023-10-30T03:15:07.783`)
+* [CVE-2023-46867](CVE-2023/CVE-2023-468xx/CVE-2023-46867.json) (`2023-10-30T03:15:07.830`)
+* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-10-30T04:15:10.340`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `3`
+Recently modified CVEs: `0`
 
-* [CVE-2022-44729](CVE-2022/CVE-2022-447xx/CVE-2022-44729.json) (`2023-10-30T02:17:57.743`)
-* [CVE-2022-44730](CVE-2022/CVE-2022-447xx/CVE-2022-44730.json) (`2023-10-30T02:18:01.513`)
-* [CVE-2022-38398](CVE-2022/CVE-2022-383xx/CVE-2022-38398.json) (`2023-10-30T02:18:05.193`)
 
 
 ## Download and Usage