Auto-Update: 2023-10-04T10:00:25.387016+00:00

2025-07-09 16:05:11 +00:00 · 2023-10-04 10:00:28 +00:00 · 2023-10-04 10:00:28 +00:00 · a2319456e8
commit a2319456e8
parent 9f08fb7613
6 changed files with 123 additions and 29 deletions
--- a/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json
+++ b/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-23223",
  "sourceIdentifier": "security@apache.org",
  "published": "2022-01-25T13:15:08.137",
-  "lastModified": "2023-07-13T14:26:22.183",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-04T09:15:31.480",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1."
+      "value": "On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later."
    },
    {
      "lang": "es",
@ -65,22 +65,22 @@
  },
  "weaknesses": [
    {
-      "source": "nvd@nist.gov",
+      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-319"
+          "value": "CWE-522"
        }
      ]
    },
    {
-      "source": "security@apache.org",
+      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-522"
+          "value": "CWE-319"
        }
      ]
    }
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-39410",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-09-29T17:15:46.923",
-  "lastModified": "2023-10-03T20:00:06.703",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-04T09:15:31.680",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -40,7 +40,7 @@
  },
  "weaknesses": [
    {
-      "source": "nvd@nist.gov",
+      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
@ -50,12 +50,12 @@
      ]
    },
    {
-      "source": "security@apache.org",
+      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-20"
+          "value": "CWE-502"
        }
      ]
    }
@ -79,14 +79,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://www.openwall.com/lists/oss-security/2023/09/29/6",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds",
      "source": "security@apache.org",
@ -94,6 +86,10 @@
        "Mailing List",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6",
+      "source": "security@apache.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json
+++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-44272",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-10-04T09:15:31.810",
+  "lastModified": "2023-10-04T09:15:31.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://code.citadel.org/citadel/citadel",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN08237727/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.citadel.org/download.html",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-4540",
  "sourceIdentifier": "cvd@cert.pl",
  "published": "2023-09-05T08:15:40.017",
-  "lastModified": "2023-09-08T16:48:35.933",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-04T09:15:31.897",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -88,6 +88,10 @@
      "tags": [
        "Patch"
      ]
+    },
+    {
+      "url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/",
+      "source": "cvd@cert.pl"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json
+++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5375",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-10-04T09:15:31.980",
+  "lastModified": "2023-10-04T09:15:31.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-04T08:00:25.380815+00:00
+2023-10-04T10:00:25.387016+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-04T07:15:27.697000+00:00
+2023-10-04T09:15:31.980000+00:00
 ```

 ### Last Data Feed Release
@ -29,21 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226938
+226940
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-04T09:15:31.810`)
+* [CVE-2023-5375](CVE-2023/CVE-2023-53xx/CVE-2023-5375.json) (`2023-10-04T09:15:31.980`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `3`

-* [CVE-2023-3932](CVE-2023/CVE-2023-39xx/CVE-2023-3932.json) (`2023-10-04T06:15:10.537`)
-* [CVE-2023-30534](CVE-2023/CVE-2023-305xx/CVE-2023-30534.json) (`2023-10-04T07:15:27.697`)
+* [CVE-2022-23223](CVE-2022/CVE-2022-232xx/CVE-2022-23223.json) (`2023-10-04T09:15:31.480`)
+* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-04T09:15:31.680`)
+* [CVE-2023-4540](CVE-2023/CVE-2023-45xx/CVE-2023-4540.json) (`2023-10-04T09:15:31.897`)


 ## Download and Usage