diff --git a/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json b/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json index c43dfc0ab78..38e25b1b24f 100644 --- a/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json +++ b/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json @@ -2,12 +2,12 @@ "id": "CVE-2020-22916", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.407", - "lastModified": "2023-09-12T16:15:07.583", + "lastModified": "2023-09-18T09:15:07.460", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the software maintainers are unable to reproduce this as of 2023-09-12 because the example crafted file is temporarily offline." + "value": "** DISPUTED ** An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of \"endless output\" and \"denial of service\" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase." } ], "metrics": { @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability", + "source": "cve@mitre.org" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234987", "source": "cve@mitre.org" diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36766.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36766.json new file mode 100644 index 00000000000..a2cc376183e --- /dev/null +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36766.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-36766", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-18T09:15:07.693", + "lastModified": "2023-09-18T09:15:07.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.6", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/6c42227c3467549ddc65efe99c869021d2f4a570", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json new file mode 100644 index 00000000000..9e1c198d48c --- /dev/null +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43115.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-43115", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-18T08:15:07.380", + "lastModified": "2023-09-18T08:15:07.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server)." + }, + { + "lang": "es", + "value": "En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el par\u00e1metro IjsServer, despu\u00e9s de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una l\u00ednea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707051", + "source": "cve@mitre.org" + }, + { + "url": "https://ghostscript.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json index 2558ba60bbb..bbbafb6bde1 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4863", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T15:15:24.327", - "lastModified": "2023-09-18T04:15:10.457", + "lastModified": "2023-09-18T09:15:07.823", "vulnStatus": "Awaiting Analysis", "cisaExploitAdd": "2023-09-13", "cisaActionDue": "2023-10-04", @@ -20,6 +20,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "source": "chrome-cve-admin@google.com" @@ -40,6 +44,10 @@ "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "source": "chrome-cve-admin@google.com" diff --git a/README.md b/README.md index 14abd7e2e6d..0e05cfc2812 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-18T08:00:29.578784+00:00 +2023-09-18T10:00:27.234698+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-18T07:15:38.333000+00:00 +2023-09-18T09:15:07.823000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -225751 +225753 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `2` -* [CVE-2023-42520](CVE-2023/CVE-2023-425xx/CVE-2023-42520.json) (`2023-09-18T06:15:08.060`) -* [CVE-2023-42526](CVE-2023/CVE-2023-425xx/CVE-2023-42526.json) (`2023-09-18T06:15:08.203`) -* [CVE-2023-5036](CVE-2023/CVE-2023-50xx/CVE-2023-5036.json) (`2023-09-18T06:15:08.267`) -* [CVE-2023-42521](CVE-2023/CVE-2023-425xx/CVE-2023-42521.json) (`2023-09-18T07:15:37.663`) -* [CVE-2023-42522](CVE-2023/CVE-2023-425xx/CVE-2023-42522.json) (`2023-09-18T07:15:37.880`) -* [CVE-2023-42523](CVE-2023/CVE-2023-425xx/CVE-2023-42523.json) (`2023-09-18T07:15:37.953`) -* [CVE-2023-42524](CVE-2023/CVE-2023-425xx/CVE-2023-42524.json) (`2023-09-18T07:15:38.040`) -* [CVE-2023-42525](CVE-2023/CVE-2023-425xx/CVE-2023-42525.json) (`2023-09-18T07:15:38.193`) -* [CVE-2023-43114](CVE-2023/CVE-2023-431xx/CVE-2023-43114.json) (`2023-09-18T07:15:38.333`) +* [CVE-2020-36766](CVE-2020/CVE-2020-367xx/CVE-2020-36766.json) (`2023-09-18T09:15:07.693`) +* [CVE-2023-43115](CVE-2023/CVE-2023-431xx/CVE-2023-43115.json) (`2023-09-18T08:15:07.380`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `2` -* [CVE-2022-37971](CVE-2022/CVE-2022-379xx/CVE-2022-37971.json) (`2023-09-18T07:15:37.223`) +* [CVE-2020-22916](CVE-2020/CVE-2020-229xx/CVE-2020-22916.json) (`2023-09-18T09:15:07.460`) +* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-18T09:15:07.823`) ## Download and Usage