Auto-Update: 2023-06-27T23:55:27.402679+00:00

CVE-2022/CVE-2022-328xx/CVE-2022-32885.json

@@ -2,14 +2,27 @@
   "id": "CVE-2022-32885",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-05-08T20:15:15.003",
-  "lastModified": "2023-05-08T20:15:15.003",
-  "vulnStatus": "Rejected",
+  "lastModified": "2023-06-27T23:15:09.447",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none."
+      "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution"
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [
+    {
+      "url": "https://support.apple.com/en-us/HT213341",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support.apple.com/en-us/HT213345",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support.apple.com/en-us/HT213346",
+      "source": "cve@mitre.org"
+    }
+  ]
 }

CVE-2023/CVE-2023-250xx/CVE-2023-25001.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-25001",
+  "sourceIdentifier": "psirt@autodesk.com",
+  "published": "2023-06-27T23:15:09.537",
+  "lastModified": "2023-06-27T23:15:09.537",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002",
+      "source": "psirt@autodesk.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-250xx/CVE-2023-25002.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-25002",
+  "sourceIdentifier": "psirt@autodesk.com",
+  "published": "2023-06-27T23:15:09.590",
+  "lastModified": "2023-06-27T23:15:09.590",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002",
+      "source": "psirt@autodesk.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-331xx/CVE-2023-33137.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-33137",
   "sourceIdentifier": "secure@microsoft.com",
   "published": "2023-06-14T00:15:12.323",
-  "lastModified": "2023-06-27T18:15:13.380",
+  "lastModified": "2023-06-27T22:15:11.607",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -99,10 +99,6 @@
     }
   ],
   "references": [
-    {
-      "url": "http://packetstormsecurity.com/files/173148/Microsoft-Excel-365-MSO-Remote-Code-Execution.html",
-      "source": "secure@microsoft.com"
-    },
     {
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137",
       "source": "secure@microsoft.com",

CVE-2023/CVE-2023-33xx/CVE-2023-3327.json

@@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-3327",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-27T23:15:09.657",
+  "lastModified": "2023-06-27T23:15:09.657",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}

CVE-2023/CVE-2023-364xx/CVE-2023-36464.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-36464",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-06-27T22:15:11.790",
+  "lastModified": "2023-06-27T22:15:11.790",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b\"\\r\", b\"\\n\")` in `pypdf/generic/_data_structures.py` to `while peek not in (b\"\\r\", b\"\\n\", b\"\")`."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-835"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/py-pdf/pypdf/pull/1828",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/py-pdf/pypdf/pull/969",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-27T22:00:27.807785+00:00
+2023-06-27T23:55:27.402679+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-27T21:15:16.047000+00:00
+2023-06-27T23:31:19.107000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,55 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-218694
+218698
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `11`
+Recently added CVEs: `4`
 
-* [CVE-2020-18406](CVE-2020/CVE-2020-184xx/CVE-2020-18406.json) (`2023-06-27T20:15:09.297`)
-* [CVE-2020-18410](CVE-2020/CVE-2020-184xx/CVE-2020-18410.json) (`2023-06-27T20:15:09.373`)
-* [CVE-2020-18413](CVE-2020/CVE-2020-184xx/CVE-2020-18413.json) (`2023-06-27T20:15:09.423`)
-* [CVE-2020-18416](CVE-2020/CVE-2020-184xx/CVE-2020-18416.json) (`2023-06-27T20:15:09.473`)
-* [CVE-2020-19902](CVE-2020/CVE-2020-199xx/CVE-2020-19902.json) (`2023-06-27T20:15:09.520`)
-* [CVE-2020-18404](CVE-2020/CVE-2020-184xx/CVE-2020-18404.json) (`2023-06-27T21:15:15.650`)
-* [CVE-2020-18409](CVE-2020/CVE-2020-184xx/CVE-2020-18409.json) (`2023-06-27T21:15:15.717`)
-* [CVE-2020-18414](CVE-2020/CVE-2020-184xx/CVE-2020-18414.json) (`2023-06-27T21:15:15.763`)
-* [CVE-2023-30993](CVE-2023/CVE-2023-309xx/CVE-2023-30993.json) (`2023-06-27T20:15:09.620`)
-* [CVE-2023-36463](CVE-2023/CVE-2023-364xx/CVE-2023-36463.json) (`2023-06-27T20:15:09.727`)
-* [CVE-2023-3436](CVE-2023/CVE-2023-34xx/CVE-2023-3436.json) (`2023-06-27T21:15:16.047`)
+* [CVE-2023-36464](CVE-2023/CVE-2023-364xx/CVE-2023-36464.json) (`2023-06-27T22:15:11.790`)
+* [CVE-2023-25001](CVE-2023/CVE-2023-250xx/CVE-2023-25001.json) (`2023-06-27T23:15:09.537`)
+* [CVE-2023-25002](CVE-2023/CVE-2023-250xx/CVE-2023-25002.json) (`2023-06-27T23:15:09.590`)
+* [CVE-2023-3327](CVE-2023/CVE-2023-33xx/CVE-2023-3327.json) (`2023-06-27T23:15:09.657`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `41`
+Recently modified CVEs: `12`
 
-* [CVE-2022-22715](CVE-2022/CVE-2022-227xx/CVE-2022-22715.json) (`2023-06-27T20:23:36.597`)
-* [CVE-2022-26125](CVE-2022/CVE-2022-261xx/CVE-2022-26125.json) (`2023-06-27T20:23:49.610`)
-* [CVE-2022-26127](CVE-2022/CVE-2022-261xx/CVE-2022-26127.json) (`2023-06-27T20:26:26.217`)
-* [CVE-2022-26128](CVE-2022/CVE-2022-261xx/CVE-2022-26128.json) (`2023-06-27T20:38:30.520`)
-* [CVE-2022-25817](CVE-2022/CVE-2022-258xx/CVE-2022-25817.json) (`2023-06-27T20:39:56.397`)
-* [CVE-2022-25959](CVE-2022/CVE-2022-259xx/CVE-2022-25959.json) (`2023-06-27T20:40:57.613`)
-* [CVE-2022-26090](CVE-2022/CVE-2022-260xx/CVE-2022-26090.json) (`2023-06-27T20:42:45.240`)
-* [CVE-2022-1441](CVE-2022/CVE-2022-14xx/CVE-2022-1441.json) (`2023-06-27T20:43:05.850`)
-* [CVE-2022-3724](CVE-2022/CVE-2022-37xx/CVE-2022-3724.json) (`2023-06-27T20:44:18.853`)
-* [CVE-2022-2566](CVE-2022/CVE-2022-25xx/CVE-2022-2566.json) (`2023-06-27T20:44:29.407`)
-* [CVE-2022-25649](CVE-2022/CVE-2022-256xx/CVE-2022-25649.json) (`2023-06-27T20:44:35.397`)
-* [CVE-2022-22034](CVE-2022/CVE-2022-220xx/CVE-2022-22034.json) (`2023-06-27T20:44:45.057`)
-* [CVE-2022-2639](CVE-2022/CVE-2022-26xx/CVE-2022-2639.json) (`2023-06-27T20:52:02.907`)
-* [CVE-2022-36099](CVE-2022/CVE-2022-360xx/CVE-2022-36099.json) (`2023-06-27T20:52:09.843`)
-* [CVE-2022-36100](CVE-2022/CVE-2022-361xx/CVE-2022-36100.json) (`2023-06-27T20:52:21.010`)
-* [CVE-2022-36110](CVE-2022/CVE-2022-361xx/CVE-2022-36110.json) (`2023-06-27T20:52:26.647`)
-* [CVE-2022-36113](CVE-2022/CVE-2022-361xx/CVE-2022-36113.json) (`2023-06-27T20:52:33.817`)
-* [CVE-2023-22593](CVE-2023/CVE-2023-225xx/CVE-2023-22593.json) (`2023-06-27T20:45:06.090`)
-* [CVE-2023-23468](CVE-2023/CVE-2023-234xx/CVE-2023-23468.json) (`2023-06-27T20:45:06.090`)
-* [CVE-2023-25004](CVE-2023/CVE-2023-250xx/CVE-2023-25004.json) (`2023-06-27T20:45:06.090`)
-* [CVE-2023-29068](CVE-2023/CVE-2023-290xx/CVE-2023-29068.json) (`2023-06-27T20:45:06.090`)
-* [CVE-2023-32542](CVE-2023/CVE-2023-325xx/CVE-2023-32542.json) (`2023-06-27T20:49:23.610`)
-* [CVE-2023-32538](CVE-2023/CVE-2023-325xx/CVE-2023-32538.json) (`2023-06-27T20:50:08.593`)
-* [CVE-2023-27439](CVE-2023/CVE-2023-274xx/CVE-2023-27439.json) (`2023-06-27T20:54:24.717`)
-* [CVE-2023-27429](CVE-2023/CVE-2023-274xx/CVE-2023-27429.json) (`2023-06-27T20:54:54.337`)
+* [CVE-2022-32885](CVE-2022/CVE-2022-328xx/CVE-2022-32885.json) (`2023-06-27T23:15:09.447`)
+* [CVE-2023-33137](CVE-2023/CVE-2023-331xx/CVE-2023-33137.json) (`2023-06-27T22:15:11.607`)
+* [CVE-2023-25938](CVE-2023/CVE-2023-259xx/CVE-2023-25938.json) (`2023-06-27T23:29:40.213`)
+* [CVE-2023-28060](CVE-2023/CVE-2023-280xx/CVE-2023-28060.json) (`2023-06-27T23:30:04.077`)
+* [CVE-2023-28058](CVE-2023/CVE-2023-280xx/CVE-2023-28058.json) (`2023-06-27T23:30:17.987`)
+* [CVE-2023-28050](CVE-2023/CVE-2023-280xx/CVE-2023-28050.json) (`2023-06-27T23:30:31.847`)
+* [CVE-2023-28044](CVE-2023/CVE-2023-280xx/CVE-2023-28044.json) (`2023-06-27T23:30:45.577`)
+* [CVE-2023-28036](CVE-2023/CVE-2023-280xx/CVE-2023-28036.json) (`2023-06-27T23:30:48.873`)
+* [CVE-2023-28034](CVE-2023/CVE-2023-280xx/CVE-2023-28034.json) (`2023-06-27T23:30:51.980`)
+* [CVE-2023-28031](CVE-2023/CVE-2023-280xx/CVE-2023-28031.json) (`2023-06-27T23:31:09.543`)
+* [CVE-2023-28027](CVE-2023/CVE-2023-280xx/CVE-2023-28027.json) (`2023-06-27T23:31:14.353`)
+* [CVE-2023-28026](CVE-2023/CVE-2023-280xx/CVE-2023-28026.json) (`2023-06-27T23:31:19.107`)
 
 
 ## Download and Usage