From a0669d64de20b405ab5f3c7ff2c22e505533d67e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 3 Jul 2023 10:00:53 +0000 Subject: [PATCH] Auto-Update: 2023-07-03T10:00:49.788486+00:00 --- CVE-2023/CVE-2023-33xx/CVE-2023-3313.json | 55 +++++++++++++++++++++++ CVE-2023/CVE-2023-33xx/CVE-2023-3314.json | 55 +++++++++++++++++++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3438.json | 55 +++++++++++++++++++++++ README.md | 21 ++++----- 4 files changed, 173 insertions(+), 13 deletions(-) create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3313.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3314.json create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3438.json diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json new file mode 100644 index 00000000000..7469f6809a1 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3313", + "sourceIdentifier": "trellixpsirt@trellix.com", + "published": "2023-07-03T08:15:09.013", + "lastModified": "2023-07-03T08:15:09.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAn OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10403", + "source": "trellixpsirt@trellix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json new file mode 100644 index 00000000000..6fd7922a126 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3314", + "sourceIdentifier": "trellixpsirt@trellix.com", + "published": "2023-07-03T09:15:09.590", + "lastModified": "2023-07-03T09:15:09.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10403", + "source": "trellixpsirt@trellix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json new file mode 100644 index 00000000000..b57fb04aec4 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3438", + "sourceIdentifier": "trellixpsirt@trellix.com", + "published": "2023-07-03T08:15:09.670", + "lastModified": "2023-07-03T08:15:09.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). \nThe misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + } + ], + "references": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10404", + "source": "trellixpsirt@trellix.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 69a0c41270d..8c7a47db147 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-03T04:00:25.922386+00:00 +2023-07-03T10:00:49.788486+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-03T03:15:10.110000+00:00 +2023-07-03T09:15:09.590000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -219051 +219054 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `3` +* [CVE-2023-3313](CVE-2023/CVE-2023-33xx/CVE-2023-3313.json) (`2023-07-03T08:15:09.013`) +* [CVE-2023-3438](CVE-2023/CVE-2023-34xx/CVE-2023-3438.json) (`2023-07-03T08:15:09.670`) +* [CVE-2023-3314](CVE-2023/CVE-2023-33xx/CVE-2023-3314.json) (`2023-07-03T09:15:09.590`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `0` -* [CVE-2023-36191](CVE-2023/CVE-2023-361xx/CVE-2023-36191.json) (`2023-07-03T03:15:09.370`) -* [CVE-2023-3330](CVE-2023/CVE-2023-33xx/CVE-2023-3330.json) (`2023-07-03T03:15:09.473`) -* [CVE-2023-3331](CVE-2023/CVE-2023-33xx/CVE-2023-3331.json) (`2023-07-03T03:15:09.560`) -* [CVE-2023-3332](CVE-2023/CVE-2023-33xx/CVE-2023-3332.json) (`2023-07-03T03:15:09.633`) -* [CVE-2023-3333](CVE-2023/CVE-2023-33xx/CVE-2023-3333.json) (`2023-07-03T03:15:09.713`) -* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-07-03T03:15:09.797`) -* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-07-03T03:15:09.883`) -* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-07-03T03:15:10.110`) ## Download and Usage