diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41727.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41727.json index 9ec36c93282..3824a55ba28 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41727.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41727.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41727", "sourceIdentifier": "security@golang.org", "published": "2023-02-28T18:15:10.200", - "lastModified": "2023-07-10T18:13:06.940", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T03:15:08.950", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -102,6 +102,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/", + "source": "security@golang.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2023-1572", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29407.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29407.json index c887c72e69b..8aa9ff593dd 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29407.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29407.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29407", "sourceIdentifier": "security@golang.org", "published": "2023-08-02T20:15:11.760", - "lastModified": "2023-08-31T19:15:08.927", + "lastModified": "2023-10-16T03:15:09.063", "vulnStatus": "Modified", "descriptions": [ { @@ -90,6 +90,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/", + "source": "security@golang.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2023-1990", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29408.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29408.json index 451acec84cf..7bbf34e5a3d 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29408.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29408", "sourceIdentifier": "security@golang.org", "published": "2023-08-02T20:15:11.857", - "lastModified": "2023-08-31T19:15:09.037", + "lastModified": "2023-10-16T03:15:09.157", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/", + "source": "security@golang.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2023-1989", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json new file mode 100644 index 00000000000..88f549c49fc --- /dev/null +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-38280", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-10-16T02:15:47.757", + "lastModified": "2023-10-16T02:15:47.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260740", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7047713", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40790.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40790.json new file mode 100644 index 00000000000..0760623eafa --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40790.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-40790", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T03:15:09.227", + "lastModified": "2023-10-16T03:15:09.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 6.5.7. kvm_arch_vcpu_ioctl_run in arch/x86/kvm/x86.c allows a WARN_ON_ONCE if userspace stuffs a nonsensical vCPU state." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b0151caf73a656b75b550e361648430233455a0", + "source": "cve@mitre.org" + }, + { + "url": "https://lkml.org/lkml/2023/7/27/411", + "source": "cve@mitre.org" + }, + { + "url": "https://lkml.org/lkml/2023/8/3/1361", + "source": "cve@mitre.org" + }, + { + "url": "https://www.spinics.net/lists/kernel/msg4892919.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json new file mode 100644 index 00000000000..e6fc9182dc1 --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-40791", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T03:15:09.273", + "lastModified": "2023-10-16T03:15:09.273", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.2 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12", + "source": "cve@mitre.org" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f", + "source": "cve@mitre.org" + }, + { + "url": "https://lkml.org/lkml/2023/8/3/323", + "source": "cve@mitre.org" + }, + { + "url": "https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45898.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45898.json new file mode 100644 index 00000000000..9d2ca9d0795 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45898.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-45898", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-16T03:15:09.320", + "lastModified": "2023-10-16T03:15:09.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec", + "source": "cve@mitre.org" + }, + { + "url": "https://lkml.org/lkml/2023/8/13/477", + "source": "cve@mitre.org" + }, + { + "url": "https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a@huawei.com/T/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.spinics.net/lists/stable-commits/msg317086.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9ef100209e0..4e956a0c430 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-16T02:00:26.532365+00:00 +2023-10-16T04:00:24.943361+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-16T01:15:09.857000+00:00 +2023-10-16T03:15:09.320000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227829 +227833 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `4` -* [CVE-2022-48612](CVE-2022/CVE-2022-486xx/CVE-2022-48612.json) (`2023-10-16T00:15:10.350`) -* [CVE-2023-35013](CVE-2023/CVE-2023-350xx/CVE-2023-35013.json) (`2023-10-16T00:15:10.420`) -* [CVE-2023-35018](CVE-2023/CVE-2023-350xx/CVE-2023-35018.json) (`2023-10-16T00:15:10.510`) -* [CVE-2023-33836](CVE-2023/CVE-2023-338xx/CVE-2023-33836.json) (`2023-10-16T01:15:09.670`) -* [CVE-2023-40377](CVE-2023/CVE-2023-403xx/CVE-2023-40377.json) (`2023-10-16T01:15:09.760`) -* [CVE-2023-5591](CVE-2023/CVE-2023-55xx/CVE-2023-5591.json) (`2023-10-16T01:15:09.857`) +* [CVE-2023-38280](CVE-2023/CVE-2023-382xx/CVE-2023-38280.json) (`2023-10-16T02:15:47.757`) +* [CVE-2023-40790](CVE-2023/CVE-2023-407xx/CVE-2023-40790.json) (`2023-10-16T03:15:09.227`) +* [CVE-2023-40791](CVE-2023/CVE-2023-407xx/CVE-2023-40791.json) (`2023-10-16T03:15:09.273`) +* [CVE-2023-45898](CVE-2023/CVE-2023-458xx/CVE-2023-45898.json) (`2023-10-16T03:15:09.320`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `3` +* [CVE-2022-41727](CVE-2022/CVE-2022-417xx/CVE-2022-41727.json) (`2023-10-16T03:15:08.950`) +* [CVE-2023-29407](CVE-2023/CVE-2023-294xx/CVE-2023-29407.json) (`2023-10-16T03:15:09.063`) +* [CVE-2023-29408](CVE-2023/CVE-2023-294xx/CVE-2023-29408.json) (`2023-10-16T03:15:09.157`) ## Download and Usage