From b23ce43dfe1ec18807935e963685e36dc82d7bb7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 15 Jun 2023 02:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-06-15T02:00:26.856769+00:00 --- CVE-2022/CVE-2022-223xx/CVE-2022-22307.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-256xx/CVE-2023-25683.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-344xx/CVE-2023-34448.json | 4 +- README.md | 21 +++----- 4 files changed, 128 insertions(+), 15 deletions(-) create mode 100644 CVE-2022/CVE-2022-223xx/CVE-2022-22307.json create mode 100644 CVE-2023/CVE-2023-256xx/CVE-2023-25683.json diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json new file mode 100644 index 00000000000..bf797f4818a --- /dev/null +++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22307.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-22307", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-15T01:15:09.920", + "lastModified": "2023-06-15T01:15:09.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/216753", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6999317", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json new file mode 100644 index 00000000000..5d3989d5d08 --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25683.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-25683", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-15T01:15:10.010", + "lastModified": "2023-06-15T01:15:10.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247592", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7002721", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json index 4510a10019a..39b759de029 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34448.json @@ -2,12 +2,12 @@ "id": "CVE-2023-34448", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T23:15:11.107", - "lastModified": "2023-06-14T23:15:11.107", + "lastModified": "2023-06-15T00:15:10.480", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "Grav is a file-based Web platform. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`." + "value": "Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`." } ], "metrics": { diff --git a/README.md b/README.md index e6140b3ec27..ef15db112ab 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-14T23:55:24.480668+00:00 +2023-06-15T02:00:26.856769+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-14T23:15:11.183000+00:00 +2023-06-15T01:15:10.010000+00:00 ``` ### Last Data Feed Release @@ -23,33 +23,28 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-14T00:00:13.767868+00:00 +2023-06-15T00:00:13.541780+00:00 ``` ### Total Number of included CVEs ```plain -217795 +217797 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `2` -* [CVE-2023-2819](CVE-2023/CVE-2023-28xx/CVE-2023-2819.json) (`2023-06-14T22:15:09.203`) -* [CVE-2023-2820](CVE-2023/CVE-2023-28xx/CVE-2023-2820.json) (`2023-06-14T22:15:09.273`) -* [CVE-2023-34251](CVE-2023/CVE-2023-342xx/CVE-2023-34251.json) (`2023-06-14T22:15:09.333`) -* [CVE-2023-34252](CVE-2023/CVE-2023-342xx/CVE-2023-34252.json) (`2023-06-14T22:15:09.397`) -* [CVE-2023-34253](CVE-2023/CVE-2023-342xx/CVE-2023-34253.json) (`2023-06-14T23:15:11.037`) -* [CVE-2023-34448](CVE-2023/CVE-2023-344xx/CVE-2023-34448.json) (`2023-06-14T23:15:11.107`) -* [CVE-2023-34452](CVE-2023/CVE-2023-344xx/CVE-2023-34452.json) (`2023-06-14T23:15:11.183`) +* [CVE-2022-22307](CVE-2022/CVE-2022-223xx/CVE-2022-22307.json) (`2023-06-15T01:15:09.920`) +* [CVE-2023-25683](CVE-2023/CVE-2023-256xx/CVE-2023-25683.json) (`2023-06-15T01:15:10.010`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -* [CVE-2022-38131](CVE-2022/CVE-2022-381xx/CVE-2022-38131.json) (`2023-06-14T23:15:10.800`) +* [CVE-2023-34448](CVE-2023/CVE-2023-344xx/CVE-2023-34448.json) (`2023-06-15T00:15:10.480`) ## Download and Usage