Auto-Update: 2023-07-03T10:00:49.788486+00:00

2025-07-09 16:05:11 +00:00 · 2023-07-03 10:00:53 +00:00 · 2023-07-03 10:00:53 +00:00 · a0669d64de
commit a0669d64de
parent 0f3d110c61
4 changed files with 173 additions and 13 deletions
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3313",
+  "sourceIdentifier": "trellixpsirt@trellix.com",
+  "published": "2023-07-03T08:15:09.013",
+  "lastModified": "2023-07-03T08:15:09.013",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nAn OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "trellixpsirt@trellix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "trellixpsirt@trellix.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10403",
+      "source": "trellixpsirt@trellix.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3314",
+  "sourceIdentifier": "trellixpsirt@trellix.com",
+  "published": "2023-07-03T09:15:09.590",
+  "lastModified": "2023-07-03T09:15:09.590",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "trellixpsirt@trellix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "trellixpsirt@trellix.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10403",
+      "source": "trellixpsirt@trellix.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3438",
+  "sourceIdentifier": "trellixpsirt@trellix.com",
+  "published": "2023-07-03T08:15:09.670",
+  "lastModified": "2023-07-03T08:15:09.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). \nThe misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "trellixpsirt@trellix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "trellixpsirt@trellix.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-428"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10404",
+      "source": "trellixpsirt@trellix.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-03T04:00:25.922386+00:00
+2023-07-03T10:00:49.788486+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-03T03:15:10.110000+00:00
+2023-07-03T09:15:09.590000+00:00
 ```

 ### Last Data Feed Release
@ -29,27 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-219051
+219054
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `3`

+* [CVE-2023-3313](CVE-2023/CVE-2023-33xx/CVE-2023-3313.json) (`2023-07-03T08:15:09.013`)
+* [CVE-2023-3438](CVE-2023/CVE-2023-34xx/CVE-2023-3438.json) (`2023-07-03T08:15:09.670`)
+* [CVE-2023-3314](CVE-2023/CVE-2023-33xx/CVE-2023-3314.json) (`2023-07-03T09:15:09.590`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `8`
+Recently modified CVEs: `0`

-* [CVE-2023-36191](CVE-2023/CVE-2023-361xx/CVE-2023-36191.json) (`2023-07-03T03:15:09.370`)
-* [CVE-2023-3330](CVE-2023/CVE-2023-33xx/CVE-2023-3330.json) (`2023-07-03T03:15:09.473`)
-* [CVE-2023-3331](CVE-2023/CVE-2023-33xx/CVE-2023-3331.json) (`2023-07-03T03:15:09.560`)
-* [CVE-2023-3332](CVE-2023/CVE-2023-33xx/CVE-2023-3332.json) (`2023-07-03T03:15:09.633`)
-* [CVE-2023-3333](CVE-2023/CVE-2023-33xx/CVE-2023-3333.json) (`2023-07-03T03:15:09.713`)
-* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-07-03T03:15:09.797`)
-* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-07-03T03:15:09.883`)
-* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-07-03T03:15:10.110`)


 ## Download and Usage