Auto-Update: 2023-08-19T08:00:25.901899+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-19 08:00:29 +00:00 · 2023-08-19 08:00:29 +00:00 · a5174c3e39
commit a5174c3e39
parent 9dee59ea4a
6 changed files with 301 additions and 27 deletions
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2110.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2110.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2110",
+  "sourceIdentifier": "info@starlabs.sg",
+  "published": "2023-08-19T06:15:45.613",
+  "lastModified": "2023-08-19T06:15:45.613",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"app://local/<absolute-path>\". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@starlabs.sg",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@starlabs.sg",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/",
+      "source": "info@starlabs.sg"
+    },
+    {
+      "url": "https://starlabs.sg/advisories/23/23-2110/",
+      "source": "info@starlabs.sg"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-23xx/CVE-2023-2316.json
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2316.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2316",
+  "sourceIdentifier": "info@starlabs.sg",
+  "published": "2023-08-19T06:15:46.420",
+  "lastModified": "2023-08-19T06:15:46.420",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"typora://app/<absolute-path>\". \n\nThis vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.\n\n\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@starlabs.sg",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@starlabs.sg",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://starlabs.sg/advisories/23/23-2316/",
+      "source": "info@starlabs.sg"
+    },
+    {
+      "url": "https://support.typora.io/What's-New-1.6/",
+      "source": "info@starlabs.sg"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-23xx/CVE-2023-2317.json
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2317.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2317",
+  "sourceIdentifier": "info@starlabs.sg",
+  "published": "2023-08-19T06:15:46.687",
+  "lastModified": "2023-08-19T06:15:46.687",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@starlabs.sg",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@starlabs.sg",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://starlabs.sg/advisories/23/23-2317/",
+      "source": "info@starlabs.sg"
+    },
+    {
+      "url": "https://support.typora.io/What's-New-1.6/",
+      "source": "info@starlabs.sg"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-23xx/CVE-2023-2318.json
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2318.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2318",
+  "sourceIdentifier": "info@starlabs.sg",
+  "published": "2023-08-19T06:15:46.883",
+  "lastModified": "2023-08-19T06:15:46.883",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@starlabs.sg",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@starlabs.sg",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/marktext/marktext/issues/3618",
+      "source": "info@starlabs.sg"
+    },
+    {
+      "url": "https://starlabs.sg/advisories/23/23-2318/",
+      "source": "info@starlabs.sg"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2971.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2971.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-2971",
+  "sourceIdentifier": "info@starlabs.sg",
+  "published": "2023-08-19T06:15:47.037",
+  "lastModified": "2023-08-19T06:15:47.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"typora://app/typemark/\". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@starlabs.sg",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@starlabs.sg",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://starlabs.sg/advisories/23/23-2971/",
+      "source": "info@starlabs.sg"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-19T04:00:28.392937+00:00
+2023-08-19T08:00:25.901899+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-19T03:15:25.100000+00:00
+2023-08-19T06:15:47.037000+00:00
 ```

 ### Last Data Feed Release
@ -29,41 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-223004
+223009
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `5`

+* [CVE-2023-2110](CVE-2023/CVE-2023-21xx/CVE-2023-2110.json) (`2023-08-19T06:15:45.613`)
+* [CVE-2023-2316](CVE-2023/CVE-2023-23xx/CVE-2023-2316.json) (`2023-08-19T06:15:46.420`)
+* [CVE-2023-2317](CVE-2023/CVE-2023-23xx/CVE-2023-2317.json) (`2023-08-19T06:15:46.687`)
+* [CVE-2023-2318](CVE-2023/CVE-2023-23xx/CVE-2023-2318.json) (`2023-08-19T06:15:46.883`)
+* [CVE-2023-2971](CVE-2023/CVE-2023-29xx/CVE-2023-2971.json) (`2023-08-19T06:15:47.037`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `22`
+Recently modified CVEs: `0`

-* [CVE-2021-40393](CVE-2021/CVE-2021-403xx/CVE-2021-40393.json) (`2023-08-19T03:15:09.293`)
-* [CVE-2022-1919](CVE-2022/CVE-2022-19xx/CVE-2022-1919.json) (`2023-08-19T03:15:09.507`)
-* [CVE-2022-2477](CVE-2022/CVE-2022-24xx/CVE-2022-2477.json) (`2023-08-19T03:15:09.677`)
-* [CVE-2022-2478](CVE-2022/CVE-2022-24xx/CVE-2022-2478.json) (`2023-08-19T03:15:13.473`)
-* [CVE-2022-2479](CVE-2022/CVE-2022-24xx/CVE-2022-2479.json) (`2023-08-19T03:15:13.830`)
-* [CVE-2022-2480](CVE-2022/CVE-2022-24xx/CVE-2022-2480.json) (`2023-08-19T03:15:14.683`)
-* [CVE-2022-2481](CVE-2022/CVE-2022-24xx/CVE-2022-2481.json) (`2023-08-19T03:15:15.217`)
-* [CVE-2022-3443](CVE-2022/CVE-2022-34xx/CVE-2022-3443.json) (`2023-08-19T03:15:15.663`)
-* [CVE-2022-3444](CVE-2022/CVE-2022-34xx/CVE-2022-3444.json) (`2023-08-19T03:15:16.787`)
-* [CVE-2022-4911](CVE-2022/CVE-2022-49xx/CVE-2022-4911.json) (`2023-08-19T03:15:17.037`)
-* [CVE-2022-4912](CVE-2022/CVE-2022-49xx/CVE-2022-4912.json) (`2023-08-19T03:15:17.410`)
-* [CVE-2022-4913](CVE-2022/CVE-2022-49xx/CVE-2022-4913.json) (`2023-08-19T03:15:17.767`)
-* [CVE-2022-4914](CVE-2022/CVE-2022-49xx/CVE-2022-4914.json) (`2023-08-19T03:15:17.990`)
-* [CVE-2022-4915](CVE-2022/CVE-2022-49xx/CVE-2022-4915.json) (`2023-08-19T03:15:18.290`)
-* [CVE-2022-4916](CVE-2022/CVE-2022-49xx/CVE-2022-4916.json) (`2023-08-19T03:15:18.877`)
-* [CVE-2022-4917](CVE-2022/CVE-2022-49xx/CVE-2022-4917.json) (`2023-08-19T03:15:19.503`)
-* [CVE-2022-4918](CVE-2022/CVE-2022-49xx/CVE-2022-4918.json) (`2023-08-19T03:15:20.107`)
-* [CVE-2022-4919](CVE-2022/CVE-2022-49xx/CVE-2022-4919.json) (`2023-08-19T03:15:20.507`)
-* [CVE-2022-4920](CVE-2022/CVE-2022-49xx/CVE-2022-4920.json) (`2023-08-19T03:15:21.130`)
-* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-19T03:15:21.763`)
-* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-08-19T03:15:22.607`)
-* [CVE-2023-32006](CVE-2023/CVE-2023-320xx/CVE-2023-32006.json) (`2023-08-19T03:15:25.100`)


 ## Download and Usage