From a2319456e88d1ec631e43b4208dc773dc95a2817 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 4 Oct 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-04T10:00:25.387016+00:00 --- CVE-2022/CVE-2022-232xx/CVE-2022-23223.json | 14 ++--- CVE-2023/CVE-2023-394xx/CVE-2023-39410.json | 22 ++++---- CVE-2023/CVE-2023-442xx/CVE-2023-44272.json | 32 +++++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4540.json | 8 ++- CVE-2023/CVE-2023-53xx/CVE-2023-5375.json | 59 +++++++++++++++++++++ README.md | 17 +++--- 6 files changed, 123 insertions(+), 29 deletions(-) create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44272.json create mode 100644 CVE-2023/CVE-2023-53xx/CVE-2023-5375.json diff --git a/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json b/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json index d0e8d0a9097..116e5f74b7a 100644 --- a/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json +++ b/CVE-2022/CVE-2022-232xx/CVE-2022-23223.json @@ -2,12 +2,12 @@ "id": "CVE-2022-23223", "sourceIdentifier": "security@apache.org", "published": "2022-01-25T13:15:08.137", - "lastModified": "2023-07-13T14:26:22.183", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-04T09:15:31.480", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1." + "value": "On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later." }, { "lang": "es", @@ -65,22 +65,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-319" + "value": "CWE-522" } ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-522" + "value": "CWE-319" } ] } diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json index 6c3d70b4f21..84d68d1469b 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39410.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39410", "sourceIdentifier": "security@apache.org", "published": "2023-09-29T17:15:46.923", - "lastModified": "2023-10-03T20:00:06.703", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-04T09:15:31.680", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -50,12 +50,12 @@ ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-502" } ] } @@ -79,14 +79,6 @@ } ], "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/09/29/6", - "source": "security@apache.org", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, { "url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds", "source": "security@apache.org", @@ -94,6 +86,10 @@ "Mailing List", "Vendor Advisory" ] + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6", + "source": "security@apache.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json new file mode 100644 index 00000000000..45f6952460f --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44272.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-44272", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-04T09:15:31.810", + "lastModified": "2023-10-04T09:15:31.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://code.citadel.org/citadel/citadel", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN08237727/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.citadel.org/download.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json index 4113be6a22f..0617c9a3628 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4540.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4540", "sourceIdentifier": "cvd@cert.pl", "published": "2023-09-05T08:15:40.017", - "lastModified": "2023-09-08T16:48:35.933", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-04T09:15:31.897", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -88,6 +88,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/", + "source": "cvd@cert.pl" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json new file mode 100644 index 00000000000..9dc1f46f905 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5375.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5375", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-04T09:15:31.980", + "lastModified": "2023-10-04T09:15:31.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 795a5aa97a0..23c458e9919 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-04T08:00:25.380815+00:00 +2023-10-04T10:00:25.387016+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-04T07:15:27.697000+00:00 +2023-10-04T09:15:31.980000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226938 +226940 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `2` +* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-04T09:15:31.810`) +* [CVE-2023-5375](CVE-2023/CVE-2023-53xx/CVE-2023-5375.json) (`2023-10-04T09:15:31.980`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `3` -* [CVE-2023-3932](CVE-2023/CVE-2023-39xx/CVE-2023-3932.json) (`2023-10-04T06:15:10.537`) -* [CVE-2023-30534](CVE-2023/CVE-2023-305xx/CVE-2023-30534.json) (`2023-10-04T07:15:27.697`) +* [CVE-2022-23223](CVE-2022/CVE-2022-232xx/CVE-2022-23223.json) (`2023-10-04T09:15:31.480`) +* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-04T09:15:31.680`) +* [CVE-2023-4540](CVE-2023/CVE-2023-45xx/CVE-2023-4540.json) (`2023-10-04T09:15:31.897`) ## Download and Usage