Auto-Update: 2023-12-14T07:00:17.512371+00:00

2025-07-09 16:05:11 +00:00 · 2023-12-14 07:00:21 +00:00 · 2023-12-14 07:00:21 +00:00 · c43403abdb
commit c43403abdb
parent 60cfa03fd6
13 changed files with 364 additions and 14 deletions
--- a/CVE-2023/CVE-2023-447xx/CVE-2023-44709.json
+++ b/CVE-2023/CVE-2023-447xx/CVE-2023-44709.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-44709",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T06:15:42.743",
+  "lastModified": "2023-12-14T06:15:42.743",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/sammycage/plutosvg/issues/7",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json
+++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-47100",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-12-02T23:15:07.187",
-  "lastModified": "2023-12-08T17:57:01.690",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T05:15:07.690",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -70,6 +70,14 @@
    }
  ],
  "references": [
+    {
+      "url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49933",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:08.810",
+  "lastModified": "2023-12-14T05:15:08.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49934",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:10.023",
+  "lastModified": "2023-12-14T05:15:10.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49935",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:10.490",
+  "lastModified": "2023-12-14T05:15:10.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49936",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:10.980",
+  "lastModified": "2023-12-14T05:15:10.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49937",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:11.493",
+  "lastModified": "2023-12-14T05:15:11.493",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49938",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T05:15:11.890",
+  "lastModified": "2023-12-14T05:15:11.890",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.schedmd.com/security-archive.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-56xx/CVE-2023-5629.json
+++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5629.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-5629",
+  "sourceIdentifier": "cybersecurity@se.com",
+  "published": "2023-12-14T05:15:12.463",
+  "lastModified": "2023-12-14T05:15:12.463",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019) vulnerability exists that could\ncause disclosure of information through phishing attempts over HTTP.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cybersecurity@se.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cybersecurity@se.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf",
+      "source": "cybersecurity@se.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-56xx/CVE-2023-5630.json
+++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5630.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-5630",
+  "sourceIdentifier": "cybersecurity@se.com",
+  "published": "2023-12-14T05:15:13.663",
+  "lastModified": "2023-12-14T05:15:13.663",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\n\n\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\nprivileged user to install an untrusted firmware.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cybersecurity@se.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cybersecurity@se.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-494"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf",
+      "source": "cybersecurity@se.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json
+++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-5984",
  "sourceIdentifier": "cybersecurity@se.com",
  "published": "2023-11-15T04:15:19.043",
-  "lastModified": "2023-11-21T19:31:38.970",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T05:15:14.000",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "\nA CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow\nmodified firmware to be uploaded when an authorized admin user begins a firmware update\nprocedure.\n\n"
+      "value": "\nA CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow\nmodified firmware to be uploaded when an authorized admin user begins a firmware update\nprocedure which could result in full control over the device.\n\n"
    },
    {
      "lang": "es",
@ -61,7 +61,7 @@
  "weaknesses": [
    {
      "source": "cybersecurity@se.com",
-      "type": "Secondary",
+      "type": "Primary",
      "description": [
        {
          "lang": "en",
--- a/CVE-2023/CVE-2023-64xx/CVE-2023-6407.json
+++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6407.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6407",
+  "sourceIdentifier": "cybersecurity@se.com",
+  "published": "2023-12-14T05:15:14.407",
+  "lastModified": "2023-12-14T05:15:14.407",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cybersecurity@se.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cybersecurity@se.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf",
+      "source": "cybersecurity@se.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-14T05:00:18.093858+00:00
+2023-12-14T07:00:17.512371+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-14T03:15:36.360000+00:00
+2023-12-14T06:15:42.743000+00:00
 ```

 ### Last Data Feed Release
@ -29,22 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233086
+233096
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `10`

+* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2023-12-14T05:15:08.810`)
+* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2023-12-14T05:15:10.023`)
+* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2023-12-14T05:15:10.490`)
+* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2023-12-14T05:15:10.980`)
+* [CVE-2023-49937](CVE-2023/CVE-2023-499xx/CVE-2023-49937.json) (`2023-12-14T05:15:11.493`)
+* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-14T05:15:11.890`)
+* [CVE-2023-5629](CVE-2023/CVE-2023-56xx/CVE-2023-5629.json) (`2023-12-14T05:15:12.463`)
+* [CVE-2023-5630](CVE-2023/CVE-2023-56xx/CVE-2023-5630.json) (`2023-12-14T05:15:13.663`)
+* [CVE-2023-6407](CVE-2023/CVE-2023-64xx/CVE-2023-6407.json) (`2023-12-14T05:15:14.407`)
+* [CVE-2023-44709](CVE-2023/CVE-2023-447xx/CVE-2023-44709.json) (`2023-12-14T06:15:42.743`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `2`

-* [CVE-2019-17362](CVE-2019/CVE-2019-173xx/CVE-2019-17362.json) (`2023-12-14T03:15:36.103`)
-* [CVE-2023-49080](CVE-2023/CVE-2023-490xx/CVE-2023-49080.json) (`2023-12-14T03:15:36.243`)
-* [CVE-2023-6560](CVE-2023/CVE-2023-65xx/CVE-2023-6560.json) (`2023-12-14T03:15:36.360`)
+* [CVE-2023-47100](CVE-2023/CVE-2023-471xx/CVE-2023-47100.json) (`2023-12-14T05:15:07.690`)
+* [CVE-2023-5984](CVE-2023/CVE-2023-59xx/CVE-2023-5984.json) (`2023-12-14T05:15:14.000`)


 ## Download and Usage