diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2110.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2110.json new file mode 100644 index 00000000000..24cdbf121d5 --- /dev/null +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2110.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2110", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-08-19T06:15:45.613", + "lastModified": "2023-08-19T06:15:45.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"app://local/\". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-2110/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2316.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2316.json new file mode 100644 index 00000000000..7baa3b478a6 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2316.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2316", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-08-19T06:15:46.420", + "lastModified": "2023-08-19T06:15:46.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"typora://app/\". \n\nThis vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://starlabs.sg/advisories/23/23-2316/", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.typora.io/What's-New-1.6/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2317.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2317.json new file mode 100644 index 00000000000..3e8dde06cb5 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2317.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2317", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-08-19T06:15:46.687", + "lastModified": "2023-08-19T06:15:46.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://starlabs.sg/advisories/23/23-2317/", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.typora.io/What's-New-1.6/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2318.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2318.json new file mode 100644 index 00000000000..10ebe52e25a --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2318.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2318", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-08-19T06:15:46.883", + "lastModified": "2023-08-19T06:15:46.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/marktext/marktext/issues/3618", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-2318/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2971.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2971.json new file mode 100644 index 00000000000..2db943f926d --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2971.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2971", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-08-19T06:15:47.037", + "lastModified": "2023-08-19T06:15:47.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"typora://app/typemark/\". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://starlabs.sg/advisories/23/23-2971/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3c7f1003c61..909f719a515 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-19T04:00:28.392937+00:00 +2023-08-19T08:00:25.901899+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-19T03:15:25.100000+00:00 +2023-08-19T06:15:47.037000+00:00 ``` ### Last Data Feed Release @@ -29,41 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223004 +223009 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `5` +* [CVE-2023-2110](CVE-2023/CVE-2023-21xx/CVE-2023-2110.json) (`2023-08-19T06:15:45.613`) +* [CVE-2023-2316](CVE-2023/CVE-2023-23xx/CVE-2023-2316.json) (`2023-08-19T06:15:46.420`) +* [CVE-2023-2317](CVE-2023/CVE-2023-23xx/CVE-2023-2317.json) (`2023-08-19T06:15:46.687`) +* [CVE-2023-2318](CVE-2023/CVE-2023-23xx/CVE-2023-2318.json) (`2023-08-19T06:15:46.883`) +* [CVE-2023-2971](CVE-2023/CVE-2023-29xx/CVE-2023-2971.json) (`2023-08-19T06:15:47.037`) ### CVEs modified in the last Commit -Recently modified CVEs: `22` +Recently modified CVEs: `0` -* [CVE-2021-40393](CVE-2021/CVE-2021-403xx/CVE-2021-40393.json) (`2023-08-19T03:15:09.293`) -* [CVE-2022-1919](CVE-2022/CVE-2022-19xx/CVE-2022-1919.json) (`2023-08-19T03:15:09.507`) -* [CVE-2022-2477](CVE-2022/CVE-2022-24xx/CVE-2022-2477.json) (`2023-08-19T03:15:09.677`) -* [CVE-2022-2478](CVE-2022/CVE-2022-24xx/CVE-2022-2478.json) (`2023-08-19T03:15:13.473`) -* [CVE-2022-2479](CVE-2022/CVE-2022-24xx/CVE-2022-2479.json) (`2023-08-19T03:15:13.830`) -* [CVE-2022-2480](CVE-2022/CVE-2022-24xx/CVE-2022-2480.json) (`2023-08-19T03:15:14.683`) -* [CVE-2022-2481](CVE-2022/CVE-2022-24xx/CVE-2022-2481.json) (`2023-08-19T03:15:15.217`) -* [CVE-2022-3443](CVE-2022/CVE-2022-34xx/CVE-2022-3443.json) (`2023-08-19T03:15:15.663`) -* [CVE-2022-3444](CVE-2022/CVE-2022-34xx/CVE-2022-3444.json) (`2023-08-19T03:15:16.787`) -* [CVE-2022-4911](CVE-2022/CVE-2022-49xx/CVE-2022-4911.json) (`2023-08-19T03:15:17.037`) -* [CVE-2022-4912](CVE-2022/CVE-2022-49xx/CVE-2022-4912.json) (`2023-08-19T03:15:17.410`) -* [CVE-2022-4913](CVE-2022/CVE-2022-49xx/CVE-2022-4913.json) (`2023-08-19T03:15:17.767`) -* [CVE-2022-4914](CVE-2022/CVE-2022-49xx/CVE-2022-4914.json) (`2023-08-19T03:15:17.990`) -* [CVE-2022-4915](CVE-2022/CVE-2022-49xx/CVE-2022-4915.json) (`2023-08-19T03:15:18.290`) -* [CVE-2022-4916](CVE-2022/CVE-2022-49xx/CVE-2022-4916.json) (`2023-08-19T03:15:18.877`) -* [CVE-2022-4917](CVE-2022/CVE-2022-49xx/CVE-2022-4917.json) (`2023-08-19T03:15:19.503`) -* [CVE-2022-4918](CVE-2022/CVE-2022-49xx/CVE-2022-4918.json) (`2023-08-19T03:15:20.107`) -* [CVE-2022-4919](CVE-2022/CVE-2022-49xx/CVE-2022-4919.json) (`2023-08-19T03:15:20.507`) -* [CVE-2022-4920](CVE-2022/CVE-2022-49xx/CVE-2022-4920.json) (`2023-08-19T03:15:21.130`) -* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-19T03:15:21.763`) -* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-08-19T03:15:22.607`) -* [CVE-2023-32006](CVE-2023/CVE-2023-320xx/CVE-2023-32006.json) (`2023-08-19T03:15:25.100`) ## Download and Usage