diff --git a/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json b/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json new file mode 100644 index 00000000000..a590eb2bc61 --- /dev/null +++ b/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2021-25736", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-10-30T03:15:07.653", + "lastModified": "2023-10-30T03:15:07.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://github.com/kubernetes/kubernetes/pull/99958", + "source": "jordan@liggitt.net" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json new file mode 100644 index 00000000000..89954c093d3 --- /dev/null +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-44141", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-30T04:15:10.340", + "lastModified": "2023-10-30T04:15:10.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN48057522/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.inkdrop.app/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json new file mode 100644 index 00000000000..c7683bce7ff --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46866", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T03:15:07.783", + "lastModified": "2023-10-30T03:15:07.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json new file mode 100644 index 00000000000..441e305d4ca --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46867", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T03:15:07.830", + "lastModified": "2023-10-30T03:15:07.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 546c2ccab5e..17f668400f5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-30T03:00:33.911697+00:00 +2023-10-30T05:00:24.579211+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-30T02:18:05.193000+00:00 +2023-10-30T04:15:10.340000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229124 +229128 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `4` -* [CVE-2023-46865](CVE-2023/CVE-2023-468xx/CVE-2023-46865.json) (`2023-10-30T01:15:21.967`) -* [CVE-2023-5842](CVE-2023/CVE-2023-58xx/CVE-2023-5842.json) (`2023-10-30T01:15:22.013`) +* [CVE-2021-25736](CVE-2021/CVE-2021-257xx/CVE-2021-25736.json) (`2023-10-30T03:15:07.653`) +* [CVE-2023-46866](CVE-2023/CVE-2023-468xx/CVE-2023-46866.json) (`2023-10-30T03:15:07.783`) +* [CVE-2023-46867](CVE-2023/CVE-2023-468xx/CVE-2023-46867.json) (`2023-10-30T03:15:07.830`) +* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-10-30T04:15:10.340`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -* [CVE-2022-44729](CVE-2022/CVE-2022-447xx/CVE-2022-44729.json) (`2023-10-30T02:17:57.743`) -* [CVE-2022-44730](CVE-2022/CVE-2022-447xx/CVE-2022-44730.json) (`2023-10-30T02:18:01.513`) -* [CVE-2022-38398](CVE-2022/CVE-2022-383xx/CVE-2022-38398.json) (`2023-10-30T02:18:05.193`) ## Download and Usage