From 7903b6fe9f9a30ad161f875870999efd1e3d87ab Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 12 Jan 2024 05:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-12T05:00:24.610868+00:00 --- CVE-2016/CVE-2016-200xx/CVE-2016-20021.json | 28 +++++++ CVE-2021/CVE-2021-422xx/CVE-2021-42260.json | 6 +- CVE-2022/CVE-2022-486xx/CVE-2022-48619.json | 24 ++++++ CVE-2022/CVE-2022-486xx/CVE-2022-48620.json | 28 +++++++ CVE-2022/CVE-2022-49xx/CVE-2022-4960.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34194.json | 6 +- CVE-2023/CVE-2023-517xx/CVE-2023-51766.json | 12 ++- CVE-2023/CVE-2023-60xx/CVE-2023-6040.json | 6 +- README.md | 43 +++------- 9 files changed, 206 insertions(+), 35 deletions(-) create mode 100644 CVE-2016/CVE-2016-200xx/CVE-2016-20021.json create mode 100644 CVE-2022/CVE-2022-486xx/CVE-2022-48619.json create mode 100644 CVE-2022/CVE-2022-486xx/CVE-2022-48620.json create mode 100644 CVE-2022/CVE-2022-49xx/CVE-2022-4960.json diff --git a/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json new file mode 100644 index 00000000000..12254d06629 --- /dev/null +++ b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2016-20021", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T03:15:08.410", + "lastModified": "2024-01-12T03:15:08.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugs.gentoo.org/597800", + "source": "cve@mitre.org" + }, + { + "url": "https://gitweb.gentoo.org/proj/portage.git/tree/NEWS", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.gentoo.org/wiki/Portage", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json b/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json index f10438f420c..778d28e2c4a 100644 --- a/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json +++ b/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42260", "sourceIdentifier": "cve@mitre.org", "published": "2021-10-11T20:15:07.433", - "lastModified": "2024-01-08T03:15:12.927", + "lastModified": "2024-01-12T03:15:08.540", "vulnStatus": "Modified", "descriptions": [ { @@ -145,6 +145,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/", + "source": "cve@mitre.org" + }, { "url": "https://sourceforge.net/p/tinyxml/bugs/141/", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json new file mode 100644 index 00000000000..24f60be06d7 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-48619", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T03:15:08.633", + "lastModified": "2024-01-12T03:15:08.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48620.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48620.json new file mode 100644 index 00000000000..61fbede5110 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48620.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2022-48620", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T04:15:08.123", + "lastModified": "2024-01-12T04:15:08.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/troglobit/libuev/issues/27", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4960.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4960.json new file mode 100644 index 00000000000..9b089cb2c4e --- /dev/null +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4960.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2022-4960", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T03:15:08.683", + "lastModified": "2024-01-12T03:15:08.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudfavorites/favorites-web/issues/127", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250238", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250238", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json index e52f6e10ac6..c462c4e2807 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34194", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T14:15:43.680", - "lastModified": "2024-01-08T03:15:13.160", + "lastModified": "2024-01-12T03:15:08.950", "vulnStatus": "Modified", "descriptions": [ { @@ -77,6 +77,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/", + "source": "cve@mitre.org" + }, { "url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json index 8e36b1cfc41..b06309cc418 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51766", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T06:15:07.673", - "lastModified": "2024-01-05T23:15:08.963", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T03:15:09.037", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -209,6 +209,14 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00002.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORN7OKEQPPBKUHYRQ6LR5PSNBQVDHAWB/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPDWHJPABVJCXDSNELSSVTIVAJU2MDUQ/", + "source": "cve@mitre.org" + }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json index 65dd2566314..98af94f824c 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6040", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-12T02:15:44.683", - "lastModified": "2024-01-12T02:15:44.683", + "lastModified": "2024-01-12T03:15:09.153", "vulnStatus": "Received", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1", + "source": "security@ubuntu.com" + }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "source": "security@ubuntu.com" diff --git a/README.md b/README.md index 7ea20cc75bd..5912da783c5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-12T03:00:24.718919+00:00 +2024-01-12T05:00:24.610868+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-12T02:15:44.867000+00:00 +2024-01-12T04:15:08.123000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235712 +235716 ``` ### CVEs added in the last Commit -Recently added CVEs: `27` +Recently added CVEs: `4` -* [CVE-2023-52339](CVE-2023/CVE-2023-523xx/CVE-2023-52339.json) (`2024-01-12T02:15:44.637`) -* [CVE-2023-6040](CVE-2023/CVE-2023-60xx/CVE-2023-6040.json) (`2024-01-12T02:15:44.683`) -* [CVE-2024-21585](CVE-2024/CVE-2024-215xx/CVE-2024-21585.json) (`2024-01-12T01:15:46.053`) -* [CVE-2024-21587](CVE-2024/CVE-2024-215xx/CVE-2024-21587.json) (`2024-01-12T01:15:46.290`) -* [CVE-2024-21589](CVE-2024/CVE-2024-215xx/CVE-2024-21589.json) (`2024-01-12T01:15:46.493`) -* [CVE-2024-21591](CVE-2024/CVE-2024-215xx/CVE-2024-21591.json) (`2024-01-12T01:15:46.697`) -* [CVE-2024-21594](CVE-2024/CVE-2024-215xx/CVE-2024-21594.json) (`2024-01-12T01:15:46.880`) -* [CVE-2024-21595](CVE-2024/CVE-2024-215xx/CVE-2024-21595.json) (`2024-01-12T01:15:47.063`) -* [CVE-2024-21596](CVE-2024/CVE-2024-215xx/CVE-2024-21596.json) (`2024-01-12T01:15:47.267`) -* [CVE-2024-21597](CVE-2024/CVE-2024-215xx/CVE-2024-21597.json) (`2024-01-12T01:15:47.460`) -* [CVE-2024-21599](CVE-2024/CVE-2024-215xx/CVE-2024-21599.json) (`2024-01-12T01:15:47.660`) -* [CVE-2024-21600](CVE-2024/CVE-2024-216xx/CVE-2024-21600.json) (`2024-01-12T01:15:47.857`) -* [CVE-2024-21601](CVE-2024/CVE-2024-216xx/CVE-2024-21601.json) (`2024-01-12T01:15:48.043`) -* [CVE-2024-21602](CVE-2024/CVE-2024-216xx/CVE-2024-21602.json) (`2024-01-12T01:15:48.270`) -* [CVE-2024-21603](CVE-2024/CVE-2024-216xx/CVE-2024-21603.json) (`2024-01-12T01:15:48.467`) -* [CVE-2024-21604](CVE-2024/CVE-2024-216xx/CVE-2024-21604.json) (`2024-01-12T01:15:48.677`) -* [CVE-2024-21606](CVE-2024/CVE-2024-216xx/CVE-2024-21606.json) (`2024-01-12T01:15:48.873`) -* [CVE-2024-21607](CVE-2024/CVE-2024-216xx/CVE-2024-21607.json) (`2024-01-12T01:15:49.057`) -* [CVE-2024-21611](CVE-2024/CVE-2024-216xx/CVE-2024-21611.json) (`2024-01-12T01:15:49.263`) -* [CVE-2024-21612](CVE-2024/CVE-2024-216xx/CVE-2024-21612.json) (`2024-01-12T01:15:49.457`) -* [CVE-2024-21613](CVE-2024/CVE-2024-216xx/CVE-2024-21613.json) (`2024-01-12T01:15:49.657`) -* [CVE-2024-21614](CVE-2024/CVE-2024-216xx/CVE-2024-21614.json) (`2024-01-12T01:15:49.837`) -* [CVE-2024-21616](CVE-2024/CVE-2024-216xx/CVE-2024-21616.json) (`2024-01-12T01:15:50.027`) -* [CVE-2024-21617](CVE-2024/CVE-2024-216xx/CVE-2024-21617.json) (`2024-01-12T01:15:50.230`) -* [CVE-2024-0454](CVE-2024/CVE-2024-04xx/CVE-2024-0454.json) (`2024-01-12T02:15:44.867`) +* [CVE-2016-20021](CVE-2016/CVE-2016-200xx/CVE-2016-20021.json) (`2024-01-12T03:15:08.410`) +* [CVE-2022-48619](CVE-2022/CVE-2022-486xx/CVE-2022-48619.json) (`2024-01-12T03:15:08.633`) +* [CVE-2022-4960](CVE-2022/CVE-2022-49xx/CVE-2022-4960.json) (`2024-01-12T03:15:08.683`) +* [CVE-2022-48620](CVE-2022/CVE-2022-486xx/CVE-2022-48620.json) (`2024-01-12T04:15:08.123`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `4` +* [CVE-2021-42260](CVE-2021/CVE-2021-422xx/CVE-2021-42260.json) (`2024-01-12T03:15:08.540`) +* [CVE-2023-34194](CVE-2023/CVE-2023-341xx/CVE-2023-34194.json) (`2024-01-12T03:15:08.950`) +* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-12T03:15:09.037`) +* [CVE-2023-6040](CVE-2023/CVE-2023-60xx/CVE-2023-6040.json) (`2024-01-12T03:15:09.153`) ## Download and Usage