Auto-Update: 2023-05-05T10:00:26.392083+00:00

2025-05-07 19:16:29 +00:00 · 2023-05-05 12:00:29 +02:00 · 2023-05-05 12:00:29 +02:00 · 8672f15116
commit 8672f15116
parent 25d142b841
9 changed files with 190 additions and 45 deletions
--- a/CVE-2021/CVE-2021-403xx/CVE-2021-40331.json
+++ b/CVE-2021/CVE-2021-403xx/CVE-2021-40331.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2021-40331",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-05-05T08:15:08.683",
+  "lastModified": "2023-05-05T08:15:08.683",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-732"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-34169",
  "sourceIdentifier": "security@apache.org",
  "published": "2022-07-19T18:15:11.740",
-  "lastModified": "2023-04-27T17:36:52.673",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-05-05T08:15:08.767",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
+      "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
    },
    {
      "lang": "es",
@ -1020,52 +1020,28 @@
      ]
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
+      "source": "security@apache.org"
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
+      "source": "security@apache.org"
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
+      "source": "security@apache.org"
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
+      "source": "security@apache.org"
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
+      "source": "security@apache.org"
    },
    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
+      "source": "security@apache.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
--- a/CVE-2022/CVE-2022-450xx/CVE-2022-45048.json
+++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45048.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2022-45048",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-05-05T08:15:09.080",
+  "lastModified": "2023-05-05T08:15:09.080",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.\u00a0This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2535.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2535.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-2535",
+  "sourceIdentifier": "security@knime.com",
+  "published": "2023-05-05T08:15:09.163",
+  "lastModified": "2023-05-05T09:15:11.603",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2536.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2536.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-2536",
+  "sourceIdentifier": "security@knime.com",
+  "published": "2023-05-05T09:15:11.917",
+  "lastModified": "2023-05-05T09:15:11.917",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2537.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2537.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-2537",
+  "sourceIdentifier": "security@knime.com",
+  "published": "2023-05-05T09:15:12.007",
+  "lastModified": "2023-05-05T09:15:12.007",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2539.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2539.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-2539",
+  "sourceIdentifier": "security@knime.com",
+  "published": "2023-05-05T09:15:12.057",
+  "lastModified": "2023-05-05T09:15:12.057",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2540.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2540.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-2540",
+  "sourceIdentifier": "security@knime.com",
+  "published": "2023-05-05T09:15:12.107",
+  "lastModified": "2023-05-05T09:15:12.107",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-05-05T08:00:24.363400+00:00
+2023-05-05T10:00:26.392083+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-05-05T07:15:08.887000+00:00
+2023-05-05T09:15:12.107000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,27 @@ Download and Changelog: [Click](releases/latest)
 ### Total Number of included CVEs

 ```plain
-214127
+214134
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `7`

-* [CVE-2023-28068](CVE-2023/CVE-2023-280xx/CVE-2023-28068.json) (`2023-05-05T07:15:08.887`)
+* [CVE-2021-40331](CVE-2021/CVE-2021-403xx/CVE-2021-40331.json) (`2023-05-05T08:15:08.683`)
+* [CVE-2022-45048](CVE-2022/CVE-2022-450xx/CVE-2022-45048.json) (`2023-05-05T08:15:09.080`)
+* [CVE-2023-2535](CVE-2023/CVE-2023-25xx/CVE-2023-2535.json) (`2023-05-05T08:15:09.163`)
+* [CVE-2023-2536](CVE-2023/CVE-2023-25xx/CVE-2023-2536.json) (`2023-05-05T09:15:11.917`)
+* [CVE-2023-2537](CVE-2023/CVE-2023-25xx/CVE-2023-2537.json) (`2023-05-05T09:15:12.007`)
+* [CVE-2023-2539](CVE-2023/CVE-2023-25xx/CVE-2023-2539.json) (`2023-05-05T09:15:12.057`)
+* [CVE-2023-2540](CVE-2023/CVE-2023-25xx/CVE-2023-2540.json) (`2023-05-05T09:15:12.107`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2022-34169](CVE-2022/CVE-2022-341xx/CVE-2022-34169.json) (`2023-05-05T08:15:08.767`)


 ## Download and Usage