From 920314e21f8a18934024dcd6997db8f7981bb7ba Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 18 Sep 2023 18:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-18T18:00:24.997265+00:00 --- CVE-2016/CVE-2016-49xx/CVE-2016-4992.json | 6 +- CVE-2021/CVE-2021-442xx/CVE-2021-44226.json | 6 +- CVE-2022/CVE-2022-476xx/CVE-2022-47631.json | 6 +- CVE-2022/CVE-2022-476xx/CVE-2022-47632.json | 6 +- CVE-2023/CVE-2023-205xx/CVE-2023-20588.json | 26 +- CVE-2023/CVE-2023-325xx/CVE-2023-32560.json | 6 +- CVE-2023/CVE-2023-415xx/CVE-2023-41595.json | 28 ++ CVE-2023/CVE-2023-423xx/CVE-2023-42320.json | 20 ++ CVE-2023/CVE-2023-423xx/CVE-2023-42328.json | 28 ++ CVE-2023/CVE-2023-42xx/CVE-2023-4296.json | 6 +- CVE-2023/CVE-2023-45xx/CVE-2023-4527.json | 47 +++ CVE-2023/CVE-2023-48xx/CVE-2023-4806.json | 47 +++ CVE-2023/CVE-2023-48xx/CVE-2023-4863.json | 309 ++++++++++++++++++-- README.md | 30 +- 14 files changed, 516 insertions(+), 55 deletions(-) create mode 100644 CVE-2023/CVE-2023-415xx/CVE-2023-41595.json create mode 100644 CVE-2023/CVE-2023-423xx/CVE-2023-42320.json create mode 100644 CVE-2023/CVE-2023-423xx/CVE-2023-42328.json create mode 100644 CVE-2023/CVE-2023-45xx/CVE-2023-4527.json create mode 100644 CVE-2023/CVE-2023-48xx/CVE-2023-4806.json diff --git a/CVE-2016/CVE-2016-49xx/CVE-2016-4992.json b/CVE-2016/CVE-2016-49xx/CVE-2016-4992.json index c877eb300b9..623f059d95b 100644 --- a/CVE-2016/CVE-2016-49xx/CVE-2016-4992.json +++ b/CVE-2016/CVE-2016-49xx/CVE-2016-4992.json @@ -2,7 +2,7 @@ "id": "CVE-2016-4992", "sourceIdentifier": "secalert@redhat.com", "published": "2017-06-08T19:29:00.260", - "lastModified": "2023-02-13T04:50:09.763", + "lastModified": "2023-09-18T16:15:43.090", "vulnStatus": "Modified", "descriptions": [ { @@ -149,6 +149,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-442xx/CVE-2021-44226.json b/CVE-2021/CVE-2021-442xx/CVE-2021-44226.json index b18fd0db2c4..72e43b8c17c 100644 --- a/CVE-2021/CVE-2021-442xx/CVE-2021-44226.json +++ b/CVE-2021/CVE-2021-442xx/CVE-2021-44226.json @@ -2,7 +2,7 @@ "id": "CVE-2021-44226", "sourceIdentifier": "cve@mitre.org", "published": "2022-03-23T22:15:12.937", - "lastModified": "2023-09-18T13:15:07.290", + "lastModified": "2023-09-18T16:15:44.463", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "Not Applicable" ] }, + { + "url": "http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2022/Mar/51", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47631.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47631.json index 4dcb19a1d40..32ce681ed06 100644 --- a/CVE-2022/CVE-2022-476xx/CVE-2022-47631.json +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47631.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47631", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T22:15:07.733", - "lastModified": "2023-09-18T13:15:07.700", + "lastModified": "2023-09-18T16:15:44.813", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Sep/6", "source": "cve@mitre.org" diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47632.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47632.json index 141ebe329aa..cefe75d374b 100644 --- a/CVE-2022/CVE-2022-476xx/CVE-2022-47632.json +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47632.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47632", "sourceIdentifier": "cve@mitre.org", "published": "2023-01-27T15:15:09.303", - "lastModified": "2023-09-18T13:15:07.903", + "lastModified": "2023-09-18T16:15:44.993", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Sep/6", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json index e758f1406a4..498e51cc201 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20588", "sourceIdentifier": "psirt@amd.com", "published": "2023-08-08T18:15:11.653", - "lastModified": "2023-09-10T12:15:44.913", - "vulnStatus": "Modified", + "lastModified": "2023-09-18T17:57:01.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 1.8, "impactScore": 3.6 } ] @@ -57,6 +57,11 @@ "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" } ] } @@ -917,7 +922,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5492", - "source": "psirt@amd.com" + "source": "psirt@amd.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json index 45ae0a9d9a5..37b3388dbbf 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32560", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T20:15:10.200", - "lastModified": "2023-09-04T19:15:43.413", + "lastModified": "2023-09-18T16:15:45.240", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,10 @@ "url": "http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html", "source": "support@hackerone.com" }, + { + "url": "http://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html", + "source": "support@hackerone.com" + }, { "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41595.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41595.json new file mode 100644 index 00000000000..78b6ce4411d --- /dev/null +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41595.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41595", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-18T16:15:45.577", + "lastModified": "2023-09-18T16:15:45.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://xui-xray.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/dubin12345/xui-xary/blob/main/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/vaxilu/x-ui", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42320.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42320.json new file mode 100644 index 00000000000..63871641a7c --- /dev/null +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42320.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42320", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-18T16:15:45.797", + "lastModified": "2023-09-18T16:15:45.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42328.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42328.json new file mode 100644 index 00000000000..27a49ed2dec --- /dev/null +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42328.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42328", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-18T16:15:45.943", + "lastModified": "2023-09-18T16:15:45.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blockomat2100.github.io/posts/2023-09-04-damn-vulnerable-ticket-system/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Peppermint-Lab/peppermint/blob/446a20b870bc68157eaafcb7275c289d76bfb29e/apps/client/pages/api/auth/%5B...nextauth%5D.js#L65", + "source": "cve@mitre.org" + }, + { + "url": "https://peppermint.sh/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json index f95ded24ac1..2ab0d07168f 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4296.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4296", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-08-29T22:15:09.297", - "lastModified": "2023-09-18T13:15:08.847", + "lastModified": "2023-09-18T16:15:46.143", "vulnStatus": "Modified", "descriptions": [ { @@ -224,6 +224,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html", + "source": "ics-cert@hq.dhs.gov" + }, { "url": "http://seclists.org/fulldisclosure/2023/Sep/10", "source": "ics-cert@hq.dhs.gov" diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4527.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4527.json new file mode 100644 index 00000000000..3ef65d0a3a0 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4527.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-4527", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-18T17:15:55.067", + "lastModified": "2023-09-18T17:15:55.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4527", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4806.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4806.json new file mode 100644 index 00000000000..19c12a6acba --- /dev/null +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4806.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-4806", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-18T17:15:55.813", + "lastModified": "2023-09-18T17:15:55.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4806", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json index 3c2aa66a785..d0b6c08720a 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4863", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T15:15:24.327", - "lastModified": "2023-09-18T14:15:07.877", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-18T17:48:44.777", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-09-13", "cisaActionDue": "2023-10-04", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -18,107 +18,360 @@ "value": "El desbordamiento del b\u00fafer en WebP en Google Chrome anterior a la versi\u00f3n 116.0.5845.187 permit\u00eda a un atacante remoto realizar una escritura en memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML elaborada. (Severidad de seguridad de Chromium: Cr\u00edtica)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.187", + "matchCriteriaId": "856C1821-5D22-4A4E-859D-8F5305255AB7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "117.0.1", + "matchCriteriaId": "54A821DA-91BA-454E-BC32-2152CD7989AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.15.1", + "matchCriteriaId": "F5CB1076-9147-44A4-B32F-86841DEB85DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionStartIncluding": "115.0", + "versionEndExcluding": "115.2.1", + "matchCriteriaId": "D288632E-E2D5-4319-BE74-882D71D699C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.15.1", + "matchCriteriaId": "A073724D-52BD-4426-B58D-7A8BD24B8F8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionStartIncluding": "115.0", + "versionEndExcluding": "115.2.2", + "matchCriteriaId": "952BEC0C-2DB0-476A-AF62-1269F8635B4A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", + "versionEndExcluding": "117.0.2045.31", + "matchCriteriaId": "49AFFE24-5E30-46A4-A3AE-13D8EB15DE91" + } + ] + } + ] + } + ], "references": [ { "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1479274", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://en.bandisoft.com/honeyview/history/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] }, { "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://news.ycombinator.com/item?id=37478403", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://security.gentoo.org/glsa/202309-05", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5496", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5497", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5498", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index bde61ab524f..f6b09a8b81a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-18T16:00:24.921245+00:00 +2023-09-18T18:00:24.997265+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-18T15:15:47.033000+00:00 +2023-09-18T17:57:01.887000+00:00 ``` ### Last Data Feed Release @@ -29,26 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -225761 +225766 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -* [CVE-2023-42371](CVE-2023/CVE-2023-423xx/CVE-2023-42371.json) (`2023-09-18T15:15:46.870`) -* [CVE-2023-42387](CVE-2023/CVE-2023-423xx/CVE-2023-42387.json) (`2023-09-18T15:15:47.033`) +* [CVE-2023-41595](CVE-2023/CVE-2023-415xx/CVE-2023-41595.json) (`2023-09-18T16:15:45.577`) +* [CVE-2023-42320](CVE-2023/CVE-2023-423xx/CVE-2023-42320.json) (`2023-09-18T16:15:45.797`) +* [CVE-2023-42328](CVE-2023/CVE-2023-423xx/CVE-2023-42328.json) (`2023-09-18T16:15:45.943`) +* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-18T17:15:55.067`) +* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-09-18T17:15:55.813`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `8` -* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-09-18T14:07:23.540`) -* [CVE-2023-42469](CVE-2023/CVE-2023-424xx/CVE-2023-42469.json) (`2023-09-18T14:10:52.490`) -* [CVE-2023-41155](CVE-2023/CVE-2023-411xx/CVE-2023-41155.json) (`2023-09-18T14:12:15.923`) -* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-18T14:15:07.557`) -* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-18T14:15:07.877`) +* [CVE-2016-4992](CVE-2016/CVE-2016-49xx/CVE-2016-4992.json) (`2023-09-18T16:15:43.090`) +* [CVE-2021-44226](CVE-2021/CVE-2021-442xx/CVE-2021-44226.json) (`2023-09-18T16:15:44.463`) +* [CVE-2022-47631](CVE-2022/CVE-2022-476xx/CVE-2022-47631.json) (`2023-09-18T16:15:44.813`) +* [CVE-2022-47632](CVE-2022/CVE-2022-476xx/CVE-2022-47632.json) (`2023-09-18T16:15:44.993`) +* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-09-18T16:15:45.240`) +* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-09-18T16:15:46.143`) +* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-18T17:48:44.777`) +* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-09-18T17:57:01.887`) ## Download and Usage