From 95c772d94124b2e7a3b07d3a9bac7c3f3de0ca01 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 8 Aug 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-08-08T23:55:25.499786+00:00 --- CVE-2023/CVE-2023-392xx/CVE-2023-39209.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39210.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39211.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39212.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39213.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39214.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-399xx/CVE-2023-39951.json | 63 +++++++++++++++++++++ README.md | 44 ++++---------- 8 files changed, 405 insertions(+), 32 deletions(-) create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39209.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39210.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39211.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39212.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39213.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39214.json create mode 100644 CVE-2023/CVE-2023-399xx/CVE-2023-39951.json diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json new file mode 100644 index 00000000000..c4e7bac47bc --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39209.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39209", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:09.517", + "lastModified": "2023-08-08T22:15:09.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json new file mode 100644 index 00000000000..89a42140c05 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39210.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39210", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:10.380", + "lastModified": "2023-08-08T22:15:10.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json new file mode 100644 index 00000000000..e9c6d73e142 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39211.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39211", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:10.473", + "lastModified": "2023-08-08T22:15:10.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json new file mode 100644 index 00000000000..ff57c566342 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39212.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39212", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:10.567", + "lastModified": "2023-08-08T22:15:10.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-144" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json new file mode 100644 index 00000000000..0cc5cb2f7a4 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39213.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39213", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:10.657", + "lastModified": "2023-08-08T22:15:10.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json new file mode 100644 index 00000000000..aba32ff4e1e --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39214.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39214", + "sourceIdentifier": "security@zoom.us", + "published": "2023-08-08T22:15:10.737", + "lastModified": "2023-08-08T22:15:10.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nExposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json new file mode 100644 index 00000000000..22812a0d9ba --- /dev/null +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39951.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-39951", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-08T22:15:10.827", + "lastModified": "2023-08-08T22:15:10.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES\u2019s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/issues/8956", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/8931", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-hghr-r469-gfq6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a1338f65bf1..73855e3c804 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-08T22:00:34.933677+00:00 +2023-08-08T23:55:25.499786+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-08T21:15:10.807000+00:00 +2023-08-08T22:15:10.827000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222107 +222114 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `7` -* [CVE-2023-26961](CVE-2023/CVE-2023-269xx/CVE-2023-26961.json) (`2023-08-08T20:15:10.080`) -* [CVE-2023-36344](CVE-2023/CVE-2023-363xx/CVE-2023-36344.json) (`2023-08-08T20:15:10.170`) -* [CVE-2023-36482](CVE-2023/CVE-2023-364xx/CVE-2023-36482.json) (`2023-08-08T20:15:10.230`) -* [CVE-2023-39086](CVE-2023/CVE-2023-390xx/CVE-2023-39086.json) (`2023-08-08T20:15:10.303`) +* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-08T22:15:09.517`) +* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-08T22:15:10.380`) +* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-08T22:15:10.473`) +* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-08T22:15:10.567`) +* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-08T22:15:10.657`) +* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-08T22:15:10.737`) +* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-08T22:15:10.827`) ### CVEs modified in the last Commit -Recently modified CVEs: `23` +Recently modified CVEs: `0` -* [CVE-2010-1685](CVE-2010/CVE-2010-16xx/CVE-2010-1685.json) (`2023-08-08T20:15:09.693`) -* [CVE-2022-41401](CVE-2022/CVE-2022-414xx/CVE-2022-41401.json) (`2023-08-08T20:32:08.363`) -* [CVE-2023-39143](CVE-2023/CVE-2023-391xx/CVE-2023-39143.json) (`2023-08-08T20:07:16.543`) -* [CVE-2023-39112](CVE-2023/CVE-2023-391xx/CVE-2023-39112.json) (`2023-08-08T20:09:47.073`) -* [CVE-2023-0956](CVE-2023/CVE-2023-09xx/CVE-2023-0956.json) (`2023-08-08T20:10:03.717`) -* [CVE-2023-33666](CVE-2023/CVE-2023-336xx/CVE-2023-33666.json) (`2023-08-08T20:13:33.970`) -* [CVE-2023-38964](CVE-2023/CVE-2023-389xx/CVE-2023-38964.json) (`2023-08-08T20:22:36.270`) -* [CVE-2023-38494](CVE-2023/CVE-2023-384xx/CVE-2023-38494.json) (`2023-08-08T20:24:08.943`) -* [CVE-2023-35081](CVE-2023/CVE-2023-350xx/CVE-2023-35081.json) (`2023-08-08T20:25:09.337`) -* [CVE-2023-4158](CVE-2023/CVE-2023-41xx/CVE-2023-4158.json) (`2023-08-08T20:36:47.257`) -* [CVE-2023-35391](CVE-2023/CVE-2023-353xx/CVE-2023-35391.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-36873](CVE-2023/CVE-2023-368xx/CVE-2023-36873.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-36899](CVE-2023/CVE-2023-368xx/CVE-2023-36899.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-38180](CVE-2023/CVE-2023-381xx/CVE-2023-38180.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-39518](CVE-2023/CVE-2023-395xx/CVE-2023-39518.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-39533](CVE-2023/CVE-2023-395xx/CVE-2023-39533.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-40041](CVE-2023/CVE-2023-400xx/CVE-2023-40041.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-40042](CVE-2023/CVE-2023-400xx/CVE-2023-40042.json) (`2023-08-08T20:39:01.517`) -* [CVE-2023-36213](CVE-2023/CVE-2023-362xx/CVE-2023-36213.json) (`2023-08-08T20:39:53.627`) -* [CVE-2023-38948](CVE-2023/CVE-2023-389xx/CVE-2023-38948.json) (`2023-08-08T20:53:51.983`) -* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-08T21:15:09.367`) -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-08-08T21:15:10.133`) -* [CVE-2023-22403](CVE-2023/CVE-2023-224xx/CVE-2023-22403.json) (`2023-08-08T21:15:10.807`) ## Download and Usage