admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-03T06:00:24.639489+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-03 06:00:28 +00:00
parent dfb993c198
commit 70abf92d85
14 changed files with 285 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2023/CVE-2023-261xx/CVE-2023-26150.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-26150",
"sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:49.963",
"lastModified": "2023-10-03T05:15:49.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.\r\r**Note:**\r\rThis issue is a result of missing checks for services that require an active session."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1014",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1015",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435",
"source": "report@snyk.io"
}
]
}

63
CVE-2023/CVE-2023-261xx/CVE-2023-26151.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-26151",
"sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:50.507",
"lastModified": "2023-10-03T05:15:50.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039",
"source": "report@snyk.io"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709",
"source": "report@snyk.io"
}
]
}

51
CVE-2023/CVE-2023-261xx/CVE-2023-26152.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-26152",
"sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:50.580",
"lastModified": "2023-10-03T05:15:50.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d",
"source": "report@snyk.io"
},
{
"url": "https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341",
"source": "report@snyk.io"
}
]
}

10
CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.800",
"lastModified": "2023-09-28T15:15:10.797",
"lastModified": "2023-10-03T05:15:50.657",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17, Safari 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {
@ -95,6 +99,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com"

8
CVE-2023/CVE-2023-404xx/CVE-2023-40417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40417",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.143",
"lastModified": "2023-09-28T17:36:53.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-03T05:15:50.827",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -93,6 +93,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-404xx/CVE-2023-40451.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40451",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:17.090",
"lastModified": "2023-09-28T15:15:11.547",
"lastModified": "2023-10-03T05:15:50.903",
"vulnStatus": "Modified",
"descriptions": [
{
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com"

8
CVE-2023/CVE-2023-410xx/CVE-2023-41074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:26.570",
"lastModified": "2023-09-28T16:58:52.080",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-03T05:15:50.993",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2023-10-01T06:15:10.300",
"lastModified": "2023-10-03T05:15:51.083",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-25",
"cisaActionDue": "2023-10-16",
@ -95,6 +95,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com"

6
CVE-2023/CVE-2023-428xx/CVE-2023-42811.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42811",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T16:15:10.583",
"lastModified": "2023-10-03T03:15:09.580",
"lastModified": "2023-10-03T04:15:10.433",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/",
"source": "security-advisories@github.com"

28
CVE-2023/CVE-2023-42xx/CVE-2023-4211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4211",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-01T18:15:09.927",
"lastModified": "2023-10-02T00:44:36.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T05:15:51.343",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"
},
{
"lang": "es",
"value": "Un usuario local sin privilegios puede realizar operaciones inadecuadas de procesamiento de la memoria de la GPU para obtener acceso a la memoria ya liberada."
}
],
"metrics": {},
@ -24,9 +28,29 @@
}
],
"references": [
{
"url": "https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/",
"source": "arm-security@arm.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html",
"source": "arm-security@arm.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html",
"source": "arm-security@arm.com"
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
},
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-09-01",
"source": "arm-security@arm.com"
},
{
"url": "https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/",
"source": "arm-security@arm.com"
}
]
}

6
CVE-2023/CVE-2023-436xx/CVE-2023-43669.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43669",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:13.833",
"lastModified": "2023-10-03T03:15:09.677",
"lastModified": "2023-10-03T04:15:10.697",
"vulnStatus": "Modified",
"descriptions": [
{
@ -126,6 +126,10 @@
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R77EUWPZVP5WSMNXUXUDNHR7G7OI5NGM/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THK6G6CD4VW6RCROWUV2C4HSINKK3XAK/",
"source": "cve@mitre.org"

12
CVE-2023/CVE-2023-442xx/CVE-2023-44216.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44216",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:39.583",
"lastModified": "2023-09-27T15:41:31.350",
"lastModified": "2023-10-03T05:15:51.193",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
},
{
"lang": "es",
"value": "PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresi\u00f3n transparente por software que permite ataques de robo de p\u00edxeles de origen cruzado contra feTurbulence y feBlend en la especificaci\u00f3n del filtro SVG. Por ejemplo, los atacantes a veces pueden determinar con precisi\u00f3n el texto contenido en una p\u00e1gina web de un origen si controlan un recurso de un origen diferente."
}
],
"metrics": {},
@ -32,6 +36,10 @@
"url": "https://news.ycombinator.com/item?id=37663159",
"source": "cve@mitre.org"
},
{
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/",
"source": "cve@mitre.org"
},
{
"url": "https://www.hertzbleed.com/gpu.zip/",
"source": "cve@mitre.org"

10
CVE-2023/CVE-2023-444xx/CVE-2023-44488.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-30T20:15:10.200",
"lastModified": "2023-10-01T22:15:09.967",
"lastModified": "2023-10-03T05:15:51.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding."
},
{
"lang": "es",
"value": "VP9 en libvpx anterior a 1.13.1 maneja mal las anchuras, lo que provoca un bloqueo relacionado con la codificaci\u00f3n."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/30/4",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
"source": "cve@mitre.org"

31
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-03T04:00:25.721863+00:00
2023-10-03T06:00:24.639489+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-03T03:15:09.750000+00:00
2023-10-03T05:15:51.343000+00:00
```
### Last Data Feed Release
@ -29,27 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226792
226795
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
* [CVE-2023-3335](CVE-2023/CVE-2023-33xx/CVE-2023-3335.json) (`2023-10-03T02:15:09.377`)
* [CVE-2023-3440](CVE-2023/CVE-2023-34xx/CVE-2023-3440.json) (`2023-10-03T02:15:09.537`)
* [CVE-2023-3967](CVE-2023/CVE-2023-39xx/CVE-2023-3967.json) (`2023-10-03T02:15:09.710`)
* [CVE-2023-5334](CVE-2023/CVE-2023-53xx/CVE-2023-5334.json) (`2023-10-03T02:15:10.360`)
* [CVE-2023-5345](CVE-2023/CVE-2023-53xx/CVE-2023-5345.json) (`2023-10-03T03:15:09.750`)
* [CVE-2023-26150](CVE-2023/CVE-2023-261xx/CVE-2023-26150.json) (`2023-10-03T05:15:49.963`)
* [CVE-2023-26151](CVE-2023/CVE-2023-261xx/CVE-2023-26151.json) (`2023-10-03T05:15:50.507`)
* [CVE-2023-26152](CVE-2023/CVE-2023-261xx/CVE-2023-26152.json) (`2023-10-03T05:15:50.580`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `10`
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-10-03T02:15:09.110`)
* [CVE-2023-42811](CVE-2023/CVE-2023-428xx/CVE-2023-42811.json) (`2023-10-03T03:15:09.580`)
* [CVE-2023-43669](CVE-2023/CVE-2023-436xx/CVE-2023-43669.json) (`2023-10-03T03:15:09.677`)
* [CVE-2023-42811](CVE-2023/CVE-2023-428xx/CVE-2023-42811.json) (`2023-10-03T04:15:10.433`)
* [CVE-2023-43669](CVE-2023/CVE-2023-436xx/CVE-2023-43669.json) (`2023-10-03T04:15:10.697`)
* [CVE-2023-35074](CVE-2023/CVE-2023-350xx/CVE-2023-35074.json) (`2023-10-03T05:15:50.657`)
* [CVE-2023-40417](CVE-2023/CVE-2023-404xx/CVE-2023-40417.json) (`2023-10-03T05:15:50.827`)
* [CVE-2023-40451](CVE-2023/CVE-2023-404xx/CVE-2023-40451.json) (`2023-10-03T05:15:50.903`)
* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2023-10-03T05:15:50.993`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-10-03T05:15:51.083`)
* [CVE-2023-44216](CVE-2023/CVE-2023-442xx/CVE-2023-44216.json) (`2023-10-03T05:15:51.193`)
* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-10-03T05:15:51.277`)
* [CVE-2023-4211](CVE-2023/CVE-2023-42xx/CVE-2023-4211.json) (`2023-10-03T05:15:51.343`)
## Download and Usage