From a9ff2852ce99edf8d21ee0b2981516812b16bf2c Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Fri, 2 Jun 2023 23:55:27 +0000
Subject: [PATCH] Auto-Update: 2023-06-02T23:55:24.031725+00:00

---
 CVE-2023/CVE-2023-12xx/CVE-2023-1297.json | 55 +++++++++++++++++++++
 CVE-2023/CVE-2023-28xx/CVE-2023-2816.json | 43 +++++++++++++++++
 CVE-2023/CVE-2023-30xx/CVE-2023-3044.json | 59 +++++++++++++++++++++++
 README.md                                 | 34 +++----------
 4 files changed, 165 insertions(+), 26 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1297.json
 create mode 100644 CVE-2023/CVE-2023-28xx/CVE-2023-2816.json
 create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3044.json

diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json
new file mode 100644
index 00000000000..81603ef78d1
--- /dev/null
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-1297",
+  "sourceIdentifier": "security@hashicorp.com",
+  "published": "2023-06-02T23:15:09.293",
+  "lastModified": "2023-06-02T23:15:09.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@hashicorp.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@hashicorp.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-826"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515",
+      "source": "security@hashicorp.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json
new file mode 100644
index 00000000000..5e30e4f0ea1
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json
@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-2816",
+  "sourceIdentifier": "security@hashicorp.com",
+  "published": "2023-06-02T23:15:09.503",
+  "lastModified": "2023-06-02T23:15:09.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@hashicorp.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525",
+      "source": "security@hashicorp.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3044.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3044.json
new file mode 100644
index 00000000000..0dc92d7896e
--- /dev/null
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3044.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3044",
+  "sourceIdentifier": "xpdf@xpdfreader.com",
+  "published": "2023-06-02T23:15:09.580",
+  "lastModified": "2023-06-02T23:15:09.580",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "xpdf@xpdfreader.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "xpdf@xpdfreader.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-369"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/baker221/poc-xpdf",
+      "source": "xpdf@xpdfreader.com"
+    },
+    {
+      "url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html",
+      "source": "xpdf@xpdfreader.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index ba9bd4eb910..1c02dfcc842 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-02T22:00:24.654156+00:00
+2023-06-02T23:55:24.031725+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-02T21:15:09.430000+00:00
+2023-06-02T23:15:09.580000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,40 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-216788
+216791
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `3`
 
-* [CVE-2023-33669](CVE-2023/CVE-2023-336xx/CVE-2023-33669.json) (`2023-06-02T20:15:09.520`)
-* [CVE-2023-33670](CVE-2023/CVE-2023-336xx/CVE-2023-33670.json) (`2023-06-02T20:15:09.563`)
-* [CVE-2023-33671](CVE-2023/CVE-2023-336xx/CVE-2023-33671.json) (`2023-06-02T20:15:09.607`)
-* [CVE-2023-33672](CVE-2023/CVE-2023-336xx/CVE-2023-33672.json) (`2023-06-02T20:15:09.647`)
-* [CVE-2023-33673](CVE-2023/CVE-2023-336xx/CVE-2023-33673.json) (`2023-06-02T20:15:09.693`)
-* [CVE-2023-33675](CVE-2023/CVE-2023-336xx/CVE-2023-33675.json) (`2023-06-02T20:15:09.733`)
-* [CVE-2023-33761](CVE-2023/CVE-2023-337xx/CVE-2023-33761.json) (`2023-06-02T20:15:09.777`)
-* [CVE-2023-33762](CVE-2023/CVE-2023-337xx/CVE-2023-33762.json) (`2023-06-02T20:15:09.823`)
-* [CVE-2023-33763](CVE-2023/CVE-2023-337xx/CVE-2023-33763.json) (`2023-06-02T20:15:09.867`)
+* [CVE-2023-1297](CVE-2023/CVE-2023-12xx/CVE-2023-1297.json) (`2023-06-02T23:15:09.293`)
+* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-02T23:15:09.503`)
+* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-02T23:15:09.580`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `12`
+Recently modified CVEs: `0`
 
-* [CVE-2022-36249](CVE-2022/CVE-2022-362xx/CVE-2022-36249.json) (`2023-06-02T20:50:05.440`)
-* [CVE-2022-36247](CVE-2022/CVE-2022-362xx/CVE-2022-36247.json) (`2023-06-02T20:52:10.493`)
-* [CVE-2022-36246](CVE-2022/CVE-2022-362xx/CVE-2022-36246.json) (`2023-06-02T20:53:31.427`)
-* [CVE-2022-36244](CVE-2022/CVE-2022-362xx/CVE-2022-36244.json) (`2023-06-02T20:57:58.920`)
-* [CVE-2023-29550](CVE-2023/CVE-2023-295xx/CVE-2023-29550.json) (`2023-06-02T20:15:09.367`)
-* [CVE-2023-29551](CVE-2023/CVE-2023-295xx/CVE-2023-29551.json) (`2023-06-02T20:15:09.423`)
-* [CVE-2023-32215](CVE-2023/CVE-2023-322xx/CVE-2023-32215.json) (`2023-06-02T20:15:09.470`)
-* [CVE-2023-31225](CVE-2023/CVE-2023-312xx/CVE-2023-31225.json) (`2023-06-02T20:42:20.567`)
-* [CVE-2023-3074](CVE-2023/CVE-2023-30xx/CVE-2023-3074.json) (`2023-06-02T20:58:57.383`)
-* [CVE-2023-3075](CVE-2023/CVE-2023-30xx/CVE-2023-3075.json) (`2023-06-02T20:58:57.383`)
-* [CVE-2023-3073](CVE-2023/CVE-2023-30xx/CVE-2023-3073.json) (`2023-06-02T20:58:57.383`)
-* [CVE-2023-33195](CVE-2023/CVE-2023-331xx/CVE-2023-33195.json) (`2023-06-02T21:15:09.430`)
 
 
 ## Download and Usage