Auto-Update: 2023-06-23T23:55:25.396838+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-23 23:55:28 +00:00 · 2023-06-23 23:55:28 +00:00 · 8db4ddcf9a
commit 8db4ddcf9a
parent f66ea586e1
3 changed files with 125 additions and 45 deletions
--- a/CVE-2023/CVE-2023-17xx/CVE-2023-1783.json
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1783.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-1783",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-06-23T22:15:08.897",
+  "lastModified": "2023-06-23T22:15:08.897",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/stirling/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://github.com/Orangescrum/orangescrum/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-359xx/CVE-2023-35932.json
+++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35932.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-35932",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-06-23T22:15:08.987",
+  "lastModified": "2023-06-23T22:15:08.987",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-23T22:00:28.895218+00:00
+2023-06-23T23:55:25.396838+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-23T21:27:39.787000+00:00
+2023-06-23T22:15:08.987000+00:00
 ```

 ### Last Data Feed Release
@ -29,59 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-218502
+218504
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `21`
+Recently added CVEs: `2`

-* [CVE-2023-27908](CVE-2023/CVE-2023-279xx/CVE-2023-27908.json) (`2023-06-23T20:15:08.997`)
-* [CVE-2023-34188](CVE-2023/CVE-2023-341xx/CVE-2023-34188.json) (`2023-06-23T20:15:09.053`)
-* [CVE-2023-34203](CVE-2023/CVE-2023-342xx/CVE-2023-34203.json) (`2023-06-23T20:15:09.103`)
-* [CVE-2023-34460](CVE-2023/CVE-2023-344xx/CVE-2023-34460.json) (`2023-06-23T20:15:09.147`)
-* [CVE-2023-35167](CVE-2023/CVE-2023-351xx/CVE-2023-35167.json) (`2023-06-23T20:15:09.227`)
-* [CVE-2023-35759](CVE-2023/CVE-2023-357xx/CVE-2023-35759.json) (`2023-06-23T20:15:09.307`)
-* [CVE-2023-35931](CVE-2023/CVE-2023-359xx/CVE-2023-35931.json) (`2023-06-23T20:15:09.357`)
-* [CVE-2023-36345](CVE-2023/CVE-2023-363xx/CVE-2023-36345.json) (`2023-06-23T20:15:09.427`)
-* [CVE-2023-36346](CVE-2023/CVE-2023-363xx/CVE-2023-36346.json) (`2023-06-23T20:15:09.473`)
-* [CVE-2023-36348](CVE-2023/CVE-2023-363xx/CVE-2023-36348.json) (`2023-06-23T20:15:09.517`)
-* [CVE-2023-3212](CVE-2023/CVE-2023-32xx/CVE-2023-3212.json) (`2023-06-23T20:15:09.563`)
-* [CVE-2023-34254](CVE-2023/CVE-2023-342xx/CVE-2023-34254.json) (`2023-06-23T21:15:09.320`)
-* [CVE-2023-35154](CVE-2023/CVE-2023-351xx/CVE-2023-35154.json) (`2023-06-23T21:15:09.400`)
-* [CVE-2023-35163](CVE-2023/CVE-2023-351xx/CVE-2023-35163.json) (`2023-06-23T21:15:09.473`)
-* [CVE-2023-35165](CVE-2023/CVE-2023-351xx/CVE-2023-35165.json) (`2023-06-23T21:15:09.553`)
-* [CVE-2023-35169](CVE-2023/CVE-2023-351xx/CVE-2023-35169.json) (`2023-06-23T21:15:09.627`)
-* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-06-23T21:15:09.703`)
-* [CVE-2023-35172](CVE-2023/CVE-2023-351xx/CVE-2023-35172.json) (`2023-06-23T21:15:09.777`)
-* [CVE-2023-35173](CVE-2023/CVE-2023-351xx/CVE-2023-35173.json) (`2023-06-23T21:15:09.853`)
-* [CVE-2023-35927](CVE-2023/CVE-2023-359xx/CVE-2023-35927.json) (`2023-06-23T21:15:09.927`)
-* [CVE-2023-35928](CVE-2023/CVE-2023-359xx/CVE-2023-35928.json) (`2023-06-23T21:15:10.007`)
+* [CVE-2023-1783](CVE-2023/CVE-2023-17xx/CVE-2023-1783.json) (`2023-06-23T22:15:08.897`)
+* [CVE-2023-35932](CVE-2023/CVE-2023-359xx/CVE-2023-35932.json) (`2023-06-23T22:15:08.987`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `19`
+Recently modified CVEs: `0`

-* [CVE-2022-28550](CVE-2022/CVE-2022-285xx/CVE-2022-28550.json) (`2023-06-23T20:10:56.137`)
-* [CVE-2022-24063](CVE-2022/CVE-2022-240xx/CVE-2022-24063.json) (`2023-06-23T20:24:12.420`)
-* [CVE-2022-24915](CVE-2022/CVE-2022-249xx/CVE-2022-24915.json) (`2023-06-23T20:25:06.257`)
-* [CVE-2022-23994](CVE-2022/CVE-2022-239xx/CVE-2022-23994.json) (`2023-06-23T20:25:30.300`)
-* [CVE-2022-24002](CVE-2022/CVE-2022-240xx/CVE-2022-24002.json) (`2023-06-23T20:29:06.967`)
-* [CVE-2022-24923](CVE-2022/CVE-2022-249xx/CVE-2022-24923.json) (`2023-06-23T20:29:11.290`)
-* [CVE-2022-24924](CVE-2022/CVE-2022-249xx/CVE-2022-24924.json) (`2023-06-23T20:29:15.917`)
-* [CVE-2023-29562](CVE-2023/CVE-2023-295xx/CVE-2023-29562.json) (`2023-06-23T20:04:20.847`)
-* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T20:21:15.293`)
-* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-06-23T21:19:19.510`)
-* [CVE-2023-33438](CVE-2023/CVE-2023-334xx/CVE-2023-33438.json) (`2023-06-23T21:19:32.180`)
-* [CVE-2023-34832](CVE-2023/CVE-2023-348xx/CVE-2023-34832.json) (`2023-06-23T21:19:44.893`)
-* [CVE-2023-34660](CVE-2023/CVE-2023-346xx/CVE-2023-34660.json) (`2023-06-23T21:24:20.913`)
-* [CVE-2023-34659](CVE-2023/CVE-2023-346xx/CVE-2023-34659.json) (`2023-06-23T21:25:28.887`)
-* [CVE-2023-3294](CVE-2023/CVE-2023-32xx/CVE-2023-3294.json) (`2023-06-23T21:26:49.927`)
-* [CVE-2023-25974](CVE-2023/CVE-2023-259xx/CVE-2023-25974.json) (`2023-06-23T21:27:01.080`)
-* [CVE-2023-27420](CVE-2023/CVE-2023-274xx/CVE-2023-27420.json) (`2023-06-23T21:27:11.370`)
-* [CVE-2023-33307](CVE-2023/CVE-2023-333xx/CVE-2023-33307.json) (`2023-06-23T21:27:26.713`)
-* [CVE-2023-33306](CVE-2023/CVE-2023-333xx/CVE-2023-33306.json) (`2023-06-23T21:27:39.787`)


 ## Download and Usage