Auto-Update: 2023-10-16T04:00:24.943361+00:00

CVE-2022/CVE-2022-417xx/CVE-2022-41727.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-41727",
   "sourceIdentifier": "security@golang.org",
   "published": "2023-02-28T18:15:10.200",
-  "lastModified": "2023-07-10T18:13:06.940",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-16T03:15:08.950",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -102,6 +102,14 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/",
+      "source": "security@golang.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/",
+      "source": "security@golang.org"
+    },
     {
       "url": "https://pkg.go.dev/vuln/GO-2023-1572",
       "source": "security@golang.org",

CVE-2023/CVE-2023-294xx/CVE-2023-29407.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-29407",
   "sourceIdentifier": "security@golang.org",
   "published": "2023-08-02T20:15:11.760",
-  "lastModified": "2023-08-31T19:15:08.927",
+  "lastModified": "2023-10-16T03:15:09.063",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -90,6 +90,14 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/",
+      "source": "security@golang.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/",
+      "source": "security@golang.org"
+    },
     {
       "url": "https://pkg.go.dev/vuln/GO-2023-1990",
       "source": "security@golang.org",

CVE-2023/CVE-2023-294xx/CVE-2023-29408.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-29408",
   "sourceIdentifier": "security@golang.org",
   "published": "2023-08-02T20:15:11.857",
-  "lastModified": "2023-08-31T19:15:09.037",
+  "lastModified": "2023-10-16T03:15:09.157",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -91,6 +91,14 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/",
+      "source": "security@golang.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/",
+      "source": "security@golang.org"
+    },
     {
       "url": "https://pkg.go.dev/vuln/GO-2023-1989",
       "source": "security@golang.org",

CVE-2023/CVE-2023-382xx/CVE-2023-38280.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-38280",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-10-16T02:15:47.757",
+  "lastModified": "2023-10-16T02:15:47.757",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell.  IBM X-Force ID:  260740."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260740",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7047713",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-407xx/CVE-2023-40790.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-40790",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-16T03:15:09.227",
+  "lastModified": "2023-10-16T03:15:09.227",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 6.5.7. kvm_arch_vcpu_ioctl_run in arch/x86/kvm/x86.c allows a WARN_ON_ONCE if userspace stuffs a nonsensical vCPU state."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b0151caf73a656b75b550e361648430233455a0",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lkml.org/lkml/2023/7/27/411",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lkml.org/lkml/2023/8/3/1361",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.spinics.net/lists/kernel/msg4892919.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-407xx/CVE-2023-40791.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-40791",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-16T03:15:09.273",
+  "lastModified": "2023-10-16T03:15:09.273",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.2 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lkml.org/lkml/2023/8/3/323",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-458xx/CVE-2023-45898.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-45898",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-16T03:15:09.320",
+  "lastModified": "2023-10-16T03:15:09.320",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lkml.org/lkml/2023/8/13/477",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a@huawei.com/T/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.spinics.net/lists/stable-commits/msg317086.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-10-16T02:00:26.532365+00:00
+2023-10-16T04:00:24.943361+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-10-16T01:15:09.857000+00:00
+2023-10-16T03:15:09.320000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,25 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-227829
+227833
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `4`
 
-* [CVE-2022-48612](CVE-2022/CVE-2022-486xx/CVE-2022-48612.json) (`2023-10-16T00:15:10.350`)
-* [CVE-2023-35013](CVE-2023/CVE-2023-350xx/CVE-2023-35013.json) (`2023-10-16T00:15:10.420`)
-* [CVE-2023-35018](CVE-2023/CVE-2023-350xx/CVE-2023-35018.json) (`2023-10-16T00:15:10.510`)
-* [CVE-2023-33836](CVE-2023/CVE-2023-338xx/CVE-2023-33836.json) (`2023-10-16T01:15:09.670`)
-* [CVE-2023-40377](CVE-2023/CVE-2023-403xx/CVE-2023-40377.json) (`2023-10-16T01:15:09.760`)
-* [CVE-2023-5591](CVE-2023/CVE-2023-55xx/CVE-2023-5591.json) (`2023-10-16T01:15:09.857`)
+* [CVE-2023-38280](CVE-2023/CVE-2023-382xx/CVE-2023-38280.json) (`2023-10-16T02:15:47.757`)
+* [CVE-2023-40790](CVE-2023/CVE-2023-407xx/CVE-2023-40790.json) (`2023-10-16T03:15:09.227`)
+* [CVE-2023-40791](CVE-2023/CVE-2023-407xx/CVE-2023-40791.json) (`2023-10-16T03:15:09.273`)
+* [CVE-2023-45898](CVE-2023/CVE-2023-458xx/CVE-2023-45898.json) (`2023-10-16T03:15:09.320`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `3`
 
+* [CVE-2022-41727](CVE-2022/CVE-2022-417xx/CVE-2022-41727.json) (`2023-10-16T03:15:08.950`)
+* [CVE-2023-29407](CVE-2023/CVE-2023-294xx/CVE-2023-29407.json) (`2023-10-16T03:15:09.063`)
+* [CVE-2023-29408](CVE-2023/CVE-2023-294xx/CVE-2023-29408.json) (`2023-10-16T03:15:09.157`)
 
 
 ## Download and Usage