Auto-Update: 2023-08-22T04:00:33.919170+00:00

2025-05-08 11:37:26 +00:00 · 2023-08-22 04:00:37 +00:00 · 2023-08-22 04:00:37 +00:00 · 8ff14d6fba
commit 8ff14d6fba
parent a80f216645
4 changed files with 212 additions and 46 deletions
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35082.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-35082",
  "sourceIdentifier": "support@hackerone.com",
  "published": "2023-08-15T16:15:11.633",
-  "lastModified": "2023-08-15T17:15:47.060",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-22T02:16:30.973",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -11,6 +11,28 @@
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "support@hackerone.com",
@ -34,10 +56,43 @@
      }
    ]
  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
+              "versionEndIncluding": "11.10.0",
+              "matchCriteriaId": "6B41E29D-8E92-4DEC-B2B9-375BFF248A13"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US",
-      "source": "support@hackerone.com"
+      "source": "support@hackerone.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38860.json
@ -2,19 +2,75 @@
  "id": "CVE-2023-38860",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-15T17:15:11.737",
-  "lastModified": "2023-08-15T17:15:41.713",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-22T02:22:07.450",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:langchain:langchain:0.0.231:*:*:*:*:*:*:*",
+              "matchCriteriaId": "F477D71B-7192-463A-94B4-99EB77D322C5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/hwchase17/langchain/issues/7641",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit",
+        "Issue Tracking"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json
+++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json
@ -2,31 +2,111 @@
  "id": "CVE-2023-40283",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-14T03:15:09.257",
-  "lastModified": "2023-08-19T18:17:08.550",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-22T02:06:18.883",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-416"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "6.4.10",
+              "matchCriteriaId": "C26BB101-2CAD-4F3C-9EE4-7865C5B8A1AA"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Release Notes"
+      ]
    },
    {
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Patch"
+      ]
    },
    {
      "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Patch"
+      ]
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5480",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-22T02:00:29.579652+00:00
+2023-08-22T04:00:33.919170+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-22T01:58:46.843000+00:00
+2023-08-22T02:22:07.450000+00:00
 ```

 ### Last Data Feed Release
@ -34,42 +34,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `0`

-* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T00:15:07.920`)
-* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T01:15:08.153`)
-* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T01:15:08.537`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `30`
+Recently modified CVEs: `3`

-* [CVE-2023-28622](CVE-2023/CVE-2023-286xx/CVE-2023-28622.json) (`2023-08-22T00:55:23.717`)
-* [CVE-2023-30874](CVE-2023/CVE-2023-308xx/CVE-2023-30874.json) (`2023-08-22T00:55:37.513`)
-* [CVE-2023-30876](CVE-2023/CVE-2023-308xx/CVE-2023-30876.json) (`2023-08-22T00:55:49.987`)
-* [CVE-2023-30877](CVE-2023/CVE-2023-308xx/CVE-2023-30877.json) (`2023-08-22T00:56:01.303`)
-* [CVE-2023-31071](CVE-2023/CVE-2023-310xx/CVE-2023-31071.json) (`2023-08-22T00:56:09.750`)
-* [CVE-2023-31076](CVE-2023/CVE-2023-310xx/CVE-2023-31076.json) (`2023-08-22T00:56:19.440`)
-* [CVE-2023-26530](CVE-2023/CVE-2023-265xx/CVE-2023-26530.json) (`2023-08-22T00:56:35.657`)
-* [CVE-2023-31074](CVE-2023/CVE-2023-310xx/CVE-2023-31074.json) (`2023-08-22T00:56:44.707`)
-* [CVE-2023-31091](CVE-2023/CVE-2023-310xx/CVE-2023-31091.json) (`2023-08-22T00:56:52.430`)
-* [CVE-2023-38838](CVE-2023/CVE-2023-388xx/CVE-2023-38838.json) (`2023-08-22T00:57:04.490`)
-* [CVE-2023-28693](CVE-2023/CVE-2023-286xx/CVE-2023-28693.json) (`2023-08-22T00:57:12.023`)
-* [CVE-2023-28783](CVE-2023/CVE-2023-287xx/CVE-2023-28783.json) (`2023-08-22T00:57:19.960`)
-* [CVE-2023-31079](CVE-2023/CVE-2023-310xx/CVE-2023-31079.json) (`2023-08-22T00:57:29.870`)
-* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-22T00:57:39.623`)
-* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-22T00:58:18.610`)
-* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-22T00:58:46.030`)
-* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-22T00:58:55.880`)
-* [CVE-2023-23208](CVE-2023/CVE-2023-232xx/CVE-2023-23208.json) (`2023-08-22T01:00:04.300`)
-* [CVE-2023-35689](CVE-2023/CVE-2023-356xx/CVE-2023-35689.json) (`2023-08-22T01:10:41.940`)
-* [CVE-2023-40518](CVE-2023/CVE-2023-405xx/CVE-2023-40518.json) (`2023-08-22T01:16:07.403`)
-* [CVE-2023-4347](CVE-2023/CVE-2023-43xx/CVE-2023-4347.json) (`2023-08-22T01:22:29.127`)
-* [CVE-2023-30498](CVE-2023/CVE-2023-304xx/CVE-2023-30498.json) (`2023-08-22T01:42:12.990`)
-* [CVE-2023-30747](CVE-2023/CVE-2023-307xx/CVE-2023-30747.json) (`2023-08-22T01:47:46.017`)
-* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-22T01:55:13.197`)
-* [CVE-2023-30778](CVE-2023/CVE-2023-307xx/CVE-2023-30778.json) (`2023-08-22T01:58:46.843`)
+* [CVE-2023-40283](CVE-2023/CVE-2023-402xx/CVE-2023-40283.json) (`2023-08-22T02:06:18.883`)
+* [CVE-2023-35082](CVE-2023/CVE-2023-350xx/CVE-2023-35082.json) (`2023-08-22T02:16:30.973`)
+* [CVE-2023-38860](CVE-2023/CVE-2023-388xx/CVE-2023-38860.json) (`2023-08-22T02:22:07.450`)


 ## Download and Usage