Auto-Update: 2023-06-21T06:00:26.492826+00:00

2025-05-08 03:27:17 +00:00 · 2023-06-21 06:00:29 +00:00 · 2023-06-21 06:00:29 +00:00 · 7e30a9fcf6
commit 7e30a9fcf6
parent 82b6972b48
4 changed files with 77 additions and 25 deletions
--- a/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json
+++ b/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2022-25883",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2023-06-21T05:15:09.060",
+  "lastModified": "2023-06-21T05:15:09.060",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/npm/node-semver/pull/564",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795",
+      "source": "report@snyk.io"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-455xx/CVE-2022-45597.json
+++ b/CVE-2022/CVE-2022-455xx/CVE-2022-45597.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-45597",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-03-24T23:15:06.710",
-  "lastModified": "2023-03-30T16:21:28.063",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-21T04:15:36.597",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation."
+      "value": "** DISPUTED ** ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and \"Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn\u2019t as important as doing so for the transport layer certificates.\""
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0457.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0457.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-0457",
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "published": "2023-03-03T05:15:12.037",
-  "lastModified": "2023-03-14T16:01:41.457",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-21T05:15:09.193",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
+      "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
    }
  ],
  "metrics": {
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-21T04:00:26.011785+00:00
+2023-06-21T06:00:26.492826+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-21T03:15:09.253000+00:00
+2023-06-21T05:15:09.193000+00:00
 ```

 ### Last Data Feed Release
@ -29,33 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-218171
+218172
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `1`

+* [CVE-2022-25883](CVE-2022/CVE-2022-258xx/CVE-2022-25883.json) (`2023-06-21T05:15:09.060`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `14`
+Recently modified CVEs: `2`

-* [CVE-2019-6502](CVE-2019/CVE-2019-65xx/CVE-2019-6502.json) (`2023-06-21T02:15:09.040`)
-* [CVE-2021-42779](CVE-2021/CVE-2021-427xx/CVE-2021-42779.json) (`2023-06-21T02:15:09.177`)
-* [CVE-2021-42780](CVE-2021/CVE-2021-427xx/CVE-2021-42780.json) (`2023-06-21T02:15:09.270`)
-* [CVE-2021-42781](CVE-2021/CVE-2021-427xx/CVE-2021-42781.json) (`2023-06-21T02:15:09.360`)
-* [CVE-2021-42782](CVE-2021/CVE-2021-427xx/CVE-2021-42782.json) (`2023-06-21T02:15:09.443`)
-* [CVE-2023-0342](CVE-2023/CVE-2023-03xx/CVE-2023-0342.json) (`2023-06-21T02:00:33.950`)
-* [CVE-2023-34855](CVE-2023/CVE-2023-348xx/CVE-2023-34855.json) (`2023-06-21T02:11:43.127`)
-* [CVE-2023-2977](CVE-2023/CVE-2023-29xx/CVE-2023-2977.json) (`2023-06-21T02:15:09.563`)
-* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-21T02:15:20.727`)
-* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-21T02:20:04.797`)
-* [CVE-2023-3214](CVE-2023/CVE-2023-32xx/CVE-2023-3214.json) (`2023-06-21T02:24:53.437`)
-* [CVE-2023-3215](CVE-2023/CVE-2023-32xx/CVE-2023-3215.json) (`2023-06-21T02:29:33.547`)
-* [CVE-2023-3216](CVE-2023/CVE-2023-32xx/CVE-2023-3216.json) (`2023-06-21T02:34:10.360`)
-* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-21T03:15:09.253`)
+* [CVE-2022-45597](CVE-2022/CVE-2022-455xx/CVE-2022-45597.json) (`2023-06-21T04:15:36.597`)
+* [CVE-2023-0457](CVE-2023/CVE-2023-04xx/CVE-2023-0457.json) (`2023-06-21T05:15:09.193`)


 ## Download and Usage