Auto-Update: 2023-06-05T06:00:25.484512+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-05 06:00:28 +00:00 · 2023-06-05 06:00:28 +00:00 · 73eca6e139
commit 73eca6e139
parent d01af4c2fa
8 changed files with 225 additions and 26 deletions
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0635.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0635.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-0635",
+  "sourceIdentifier": "cybersecurity@ch.abb.com",
+  "published": "2023-06-05T04:15:09.493",
+  "lastModified": "2023-06-05T04:15:09.493",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Privilege Management vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cybersecurity@ch.abb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cybersecurity@ch.abb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch",
+      "source": "cybersecurity@ch.abb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-0636",
+  "sourceIdentifier": "cybersecurity@ch.abb.com",
+  "published": "2023-06-05T04:15:10.587",
+  "lastModified": "2023-06-05T04:15:10.587",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cybersecurity@ch.abb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cybersecurity@ch.abb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch",
+      "source": "cybersecurity@ch.abb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-2124",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-05-15T22:15:12.150",
-  "lastModified": "2023-05-25T17:34:31.447",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-05T05:15:09.130",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -82,6 +82,10 @@
        "Mailing List",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32217",
+  "sourceIdentifier": "psirt@sailpoint.com",
+  "published": "2023-06-05T04:15:10.927",
+  "lastModified": "2023-06-05T04:15:10.927",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u00a0allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@sailpoint.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@sailpoint.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-470"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/",
+      "source": "psirt@sailpoint.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34255.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34255.json
@ -2,23 +2,14 @@
  "id": "CVE-2023-34255",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-05-31T20:15:10.767",
-  "lastModified": "2023-06-01T01:17:03.663",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-05T05:15:09.927",
+  "vulnStatus": "Rejected",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue was discovered in the Linux kernel through 6.3.5. There is a use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c because fs/xfs/xfs_buf_item_recover.c does not perform buffer content verification when log replay is skipped."
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2124. Reason: This candidate is a duplicate of CVE-2023-2124. Notes: All CVE users should reference CVE-2023-2124 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
    }
  ],
  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22ed903eee23a5b174e240f1cdfa9acf393a5210",
-      "source": "cve@mitre.org"
-    },
-    {
-      "url": "https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e",
-      "source": "cve@mitre.org"
-    }
-  ]
+  "references": []
 }
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34362.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34362.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-34362",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-06-02T14:15:09.487",
-  "lastModified": "2023-06-02T14:32:29.847",
+  "lastModified": "2023-06-05T05:15:09.987",
  "vulnStatus": "Awaiting Analysis",
+  "cisaExploitAdd": "2023-06-02",
+  "cisaActionDue": "2023-06-23",
+  "cisaRequiredAction": "Apply updates per vendor instructions.",
+  "cisaVulnerabilityName": "Progress MOVEit Transfer SQL Injection Vulnerability",
  "descriptions": [
    {
      "lang": "en",
-      "value": "In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS."
+      "value": "In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions."
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-34411",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-05T04:15:11.153",
+  "lastModified": "2023-06-05T04:15:11.153",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/netvl/xml-rs/pull/226",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-05T04:00:24.493001+00:00
+2023-06-05T06:00:25.484512+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-05T03:15:09.390000+00:00
+2023-06-05T05:15:09.987000+00:00
 ```

 ### Last Data Feed Release
@ -29,23 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-216831
+216835
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `4`

-* [CVE-2023-34407](CVE-2023/CVE-2023-344xx/CVE-2023-34407.json) (`2023-06-05T02:15:09.407`)
-* [CVE-2023-34408](CVE-2023/CVE-2023-344xx/CVE-2023-34408.json) (`2023-06-05T02:15:09.537`)
-* [CVE-2023-34410](CVE-2023/CVE-2023-344xx/CVE-2023-34410.json) (`2023-06-05T03:15:09.390`)
+* [CVE-2023-0635](CVE-2023/CVE-2023-06xx/CVE-2023-0635.json) (`2023-06-05T04:15:09.493`)
+* [CVE-2023-0636](CVE-2023/CVE-2023-06xx/CVE-2023-0636.json) (`2023-06-05T04:15:10.587`)
+* [CVE-2023-32217](CVE-2023/CVE-2023-322xx/CVE-2023-32217.json) (`2023-06-05T04:15:10.927`)
+* [CVE-2023-34411](CVE-2023/CVE-2023-344xx/CVE-2023-34411.json) (`2023-06-05T04:15:11.153`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `3`

-* [CVE-2023-0041](CVE-2023/CVE-2023-00xx/CVE-2023-0041.json) (`2023-06-05T03:15:09.207`)
+* [CVE-2023-2124](CVE-2023/CVE-2023-21xx/CVE-2023-2124.json) (`2023-06-05T05:15:09.130`)
+* [CVE-2023-34255](CVE-2023/CVE-2023-342xx/CVE-2023-34255.json) (`2023-06-05T05:15:09.927`)
+* [CVE-2023-34362](CVE-2023/CVE-2023-343xx/CVE-2023-34362.json) (`2023-06-05T05:15:09.987`)


 ## Download and Usage