Auto-Update: 2023-09-18T10:00:27.234698+00:00

CVE-2020/CVE-2020-229xx/CVE-2020-22916.json

@@ -2,12 +2,12 @@
   "id": "CVE-2020-22916",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-08-22T19:16:19.407",
-  "lastModified": "2023-09-12T16:15:07.583",
+  "lastModified": "2023-09-18T09:15:07.460",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the software maintainers are unable to reproduce this as of 2023-09-12 because the example crafted file is temporarily offline."
+      "value": "** DISPUTED ** An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of \"endless output\" and \"denial of service\" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase."
     }
   ],
   "metrics": {
@@ -64,6 +64,10 @@
     }
   ],
   "references": [
+    {
+      "url": "http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234987",
       "source": "cve@mitre.org"

CVE-2020/CVE-2020-367xx/CVE-2020-36766.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2020-36766",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-18T09:15:07.693",
+  "lastModified": "2023-09-18T09:15:07.693",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.6",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/6c42227c3467549ddc65efe99c869021d2f4a570",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-431xx/CVE-2023-43115.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-43115",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-18T08:15:07.380",
+  "lastModified": "2023-09-18T08:15:07.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server)."
+    },
+    {
+      "lang": "es",
+      "value": "En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el par\u00e1metro IjsServer, despu\u00e9s de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una l\u00ednea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). "
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707051",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://ghostscript.com/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-48xx/CVE-2023-4863.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-4863",
   "sourceIdentifier": "chrome-cve-admin@google.com",
   "published": "2023-09-12T15:15:24.327",
-  "lastModified": "2023-09-18T04:15:10.457",
+  "lastModified": "2023-09-18T09:15:07.823",
   "vulnStatus": "Awaiting Analysis",
   "cisaExploitAdd": "2023-09-13",
   "cisaActionDue": "2023-10-04",
@@ -20,6 +20,10 @@
   ],
   "metrics": {},
   "references": [
+    {
+      "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231",
       "source": "chrome-cve-admin@google.com"
@@ -40,6 +44,10 @@
       "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
       "source": "chrome-cve-admin@google.com"
     },
+    {
+      "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html",
       "source": "chrome-cve-admin@google.com"

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-18T08:00:29.578784+00:00
+2023-09-18T10:00:27.234698+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-18T07:15:38.333000+00:00
+2023-09-18T09:15:07.823000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,29 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-225751
+225753
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `2`
 
-* [CVE-2023-42520](CVE-2023/CVE-2023-425xx/CVE-2023-42520.json) (`2023-09-18T06:15:08.060`)
+* [CVE-2020-36766](CVE-2020/CVE-2020-367xx/CVE-2020-36766.json) (`2023-09-18T09:15:07.693`)
-* [CVE-2023-42526](CVE-2023/CVE-2023-425xx/CVE-2023-42526.json) (`2023-09-18T06:15:08.203`)
+* [CVE-2023-43115](CVE-2023/CVE-2023-431xx/CVE-2023-43115.json) (`2023-09-18T08:15:07.380`)
-* [CVE-2023-5036](CVE-2023/CVE-2023-50xx/CVE-2023-5036.json) (`2023-09-18T06:15:08.267`)
-* [CVE-2023-42521](CVE-2023/CVE-2023-425xx/CVE-2023-42521.json) (`2023-09-18T07:15:37.663`)
-* [CVE-2023-42522](CVE-2023/CVE-2023-425xx/CVE-2023-42522.json) (`2023-09-18T07:15:37.880`)
-* [CVE-2023-42523](CVE-2023/CVE-2023-425xx/CVE-2023-42523.json) (`2023-09-18T07:15:37.953`)
-* [CVE-2023-42524](CVE-2023/CVE-2023-425xx/CVE-2023-42524.json) (`2023-09-18T07:15:38.040`)
-* [CVE-2023-42525](CVE-2023/CVE-2023-425xx/CVE-2023-42525.json) (`2023-09-18T07:15:38.193`)
-* [CVE-2023-43114](CVE-2023/CVE-2023-431xx/CVE-2023-43114.json) (`2023-09-18T07:15:38.333`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `2`
 
-* [CVE-2022-37971](CVE-2022/CVE-2022-379xx/CVE-2022-37971.json) (`2023-09-18T07:15:37.223`)
+* [CVE-2020-22916](CVE-2020/CVE-2020-229xx/CVE-2020-22916.json) (`2023-09-18T09:15:07.460`)
+* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-18T09:15:07.823`)
 
 
 ## Download and Usage