Auto-Update: 2023-06-19T04:00:26.707456+00:00

2025-07-11 16:13:34 +00:00 · 2023-06-19 04:00:30 +00:00 · 2023-06-19 04:00:30 +00:00 · 84ae8b3d4b
commit 84ae8b3d4b
parent acbebdffba
6 changed files with 122 additions and 8 deletions
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35844.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-35844",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T02:15:08.903",
+  "lastModified": "2023-06-19T02:15:08.903",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://advisory.dw1.io/59",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/lightdash/lightdash/pull/5090",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35846.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-35846",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T03:15:09.227",
+  "lastModified": "2023-06-19T03:15:09.227",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/virtualsquare/picotcp/commit/d561990a358899178115e156871cc054a1c55ffe",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35847.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35847.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-35847",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T03:15:09.280",
+  "lastModified": "2023-06-19T03:15:09.280",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/virtualsquare/picotcp/commit/eaf166009e44641e6570c576ba071217f100fd99",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35848.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35848.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-35848",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T03:15:09.327",
+  "lastModified": "2023-06-19T03:15:09.327",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/virtualsquare/picotcp/pull/15/files",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35849.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35849.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-35849",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T03:15:09.370",
+  "lastModified": "2023-06-19T03:15:09.370",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-19T02:00:26.734266+00:00
+2023-06-19T04:00:26.707456+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-19T01:15:08.710000+00:00
+2023-06-19T03:15:09.370000+00:00
 ```

 ### Last Data Feed Release
@ -29,22 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-217993
+217998
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `5`

-* [CVE-2023-35839](CVE-2023/CVE-2023-358xx/CVE-2023-35839.json) (`2023-06-19T01:15:08.667`)
-* [CVE-2023-35840](CVE-2023/CVE-2023-358xx/CVE-2023-35840.json) (`2023-06-19T01:15:08.710`)
+* [CVE-2023-35844](CVE-2023/CVE-2023-358xx/CVE-2023-35844.json) (`2023-06-19T02:15:08.903`)
+* [CVE-2023-35846](CVE-2023/CVE-2023-358xx/CVE-2023-35846.json) (`2023-06-19T03:15:09.227`)
+* [CVE-2023-35847](CVE-2023/CVE-2023-358xx/CVE-2023-35847.json) (`2023-06-19T03:15:09.280`)
+* [CVE-2023-35848](CVE-2023/CVE-2023-358xx/CVE-2023-35848.json) (`2023-06-19T03:15:09.327`)
+* [CVE-2023-35849](CVE-2023/CVE-2023-358xx/CVE-2023-35849.json) (`2023-06-19T03:15:09.370`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-34096](CVE-2023/CVE-2023-340xx/CVE-2023-34096.json) (`2023-06-19T01:15:08.563`)


 ## Download and Usage