From 973be3a096bf25f6817102a138529f69681479cb Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 5 Jul 2023 10:00:33 +0000 Subject: [PATCH] Auto-Update: 2023-07-05T10:00:29.905126+00:00 --- CVE-2022/CVE-2022-08xx/CVE-2022-0833.json | 12 +++-- CVE-2023/CVE-2023-341xx/CVE-2023-34150.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37201.json | 32 ++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37202.json | 32 ++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37207.json | 32 ++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37208.json | 32 ++++++++++++ README.md | 19 ++++--- 7 files changed, 202 insertions(+), 12 deletions(-) create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34150.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37201.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37202.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37207.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37208.json diff --git a/CVE-2022/CVE-2022-08xx/CVE-2022-0833.json b/CVE-2022/CVE-2022-08xx/CVE-2022-0833.json index c48cec404f4..060df259112 100644 --- a/CVE-2022/CVE-2022-08xx/CVE-2022-0833.json +++ b/CVE-2022/CVE-2022-08xx/CVE-2022-0833.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0833", "sourceIdentifier": "contact@wpscan.com", "published": "2022-03-28T18:15:09.893", - "lastModified": "2023-06-27T16:38:36.147", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-05T08:15:08.953", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-352" + }, { "lang": "en", "value": "CWE-862" diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34150.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34150.json new file mode 100644 index 00000000000..7864a98196c --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34150.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34150", + "sourceIdentifier": "security@apache.org", + "published": "2023-07-05T08:15:09.143", + "lastModified": "2023-07-05T08:15:09.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/713tk23khbtbg940pb2ql8ggd4cvh6j1", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37201.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37201.json new file mode 100644 index 00000000000..45aa1ec6d0f --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37201.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37201", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-07-05T09:15:09.510", + "lastModified": "2023-07-05T09:15:09.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826002", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37202.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37202.json new file mode 100644 index 00000000000..24e17aed84d --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37202.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37202", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-07-05T09:15:09.897", + "lastModified": "2023-07-05T09:15:09.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1834711", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37207.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37207.json new file mode 100644 index 00000000000..356a91125eb --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37207.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37207", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-07-05T09:15:09.963", + "lastModified": "2023-07-05T09:15:09.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816287", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37208.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37208.json new file mode 100644 index 00000000000..1c506fcb82c --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37208.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37208", + "sourceIdentifier": "security@mozilla.org", + "published": "2023-07-05T09:15:10.023", + "lastModified": "2023-07-05T09:15:10.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837675", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-22/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-23/", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-24/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 04281fe0547..21605ac4ba3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-05T08:00:39.518795+00:00 +2023-07-05T10:00:29.905126+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-05T07:15:11.047000+00:00 +2023-07-05T09:15:10.023000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -219156 +219161 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-35786](CVE-2023/CVE-2023-357xx/CVE-2023-35786.json) (`2023-07-05T06:15:21.090`) +* [CVE-2023-34150](CVE-2023/CVE-2023-341xx/CVE-2023-34150.json) (`2023-07-05T08:15:09.143`) +* [CVE-2023-37201](CVE-2023/CVE-2023-372xx/CVE-2023-37201.json) (`2023-07-05T09:15:09.510`) +* [CVE-2023-37202](CVE-2023/CVE-2023-372xx/CVE-2023-37202.json) (`2023-07-05T09:15:09.897`) +* [CVE-2023-37207](CVE-2023/CVE-2023-372xx/CVE-2023-37207.json) (`2023-07-05T09:15:09.963`) +* [CVE-2023-37208](CVE-2023/CVE-2023-372xx/CVE-2023-37208.json) (`2023-07-05T09:15:10.023`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `1` -* [CVE-2023-36262](CVE-2023/CVE-2023-362xx/CVE-2023-36262.json) (`2023-07-05T07:15:10.967`) -* [CVE-2023-36675](CVE-2023/CVE-2023-366xx/CVE-2023-36675.json) (`2023-07-05T07:15:11.047`) +* [CVE-2022-0833](CVE-2022/CVE-2022-08xx/CVE-2022-0833.json) (`2023-07-05T08:15:08.953`) ## Download and Usage