From c43403abdb7b6b34484766c4cabf0565f508f282 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 14 Dec 2023 07:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-12-14T07:00:17.512371+00:00 --- CVE-2023/CVE-2023-447xx/CVE-2023-44709.json | 24 +++++++++ CVE-2023/CVE-2023-471xx/CVE-2023-47100.json | 12 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49933.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49934.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49935.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49936.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49937.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49938.json | 24 +++++++++ CVE-2023/CVE-2023-56xx/CVE-2023-5629.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-56xx/CVE-2023-5630.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5984.json | 8 +-- CVE-2023/CVE-2023-64xx/CVE-2023-6407.json | 55 +++++++++++++++++++++ README.md | 25 +++++++--- 13 files changed, 364 insertions(+), 14 deletions(-) create mode 100644 CVE-2023/CVE-2023-447xx/CVE-2023-44709.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49933.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49934.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49935.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49936.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49937.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49938.json create mode 100644 CVE-2023/CVE-2023-56xx/CVE-2023-5629.json create mode 100644 CVE-2023/CVE-2023-56xx/CVE-2023-5630.json create mode 100644 CVE-2023/CVE-2023-64xx/CVE-2023-6407.json diff --git a/CVE-2023/CVE-2023-447xx/CVE-2023-44709.json b/CVE-2023/CVE-2023-447xx/CVE-2023-44709.json new file mode 100644 index 00000000000..361bfc999dc --- /dev/null +++ b/CVE-2023/CVE-2023-447xx/CVE-2023-44709.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44709", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T06:15:42.743", + "lastModified": "2023-12-14T06:15:42.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/sammycage/plutosvg/issues/7", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json index bc5765b9d02..c70c3eea068 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47100", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-02T23:15:07.187", - "lastModified": "2023-12-08T17:57:01.690", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T05:15:07.690", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -70,6 +70,14 @@ } ], "references": [ + { + "url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "source": "cve@mitre.org" + }, { "url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json new file mode 100644 index 00000000000..7e41ad8ece8 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49933.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49933", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:08.810", + "lastModified": "2023-12-14T05:15:08.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json new file mode 100644 index 00000000000..8e8c12bd116 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49934.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49934", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:10.023", + "lastModified": "2023-12-14T05:15:10.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json new file mode 100644 index 00000000000..5b4cee9ff29 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49935.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49935", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:10.490", + "lastModified": "2023-12-14T05:15:10.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json new file mode 100644 index 00000000000..1c260e44371 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49936.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49936", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:10.980", + "lastModified": "2023-12-14T05:15:10.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json new file mode 100644 index 00000000000..757bee6d094 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49937.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49937", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:11.493", + "lastModified": "2023-12-14T05:15:11.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json new file mode 100644 index 00000000000..b2c20146c60 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49938.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49938", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T05:15:11.890", + "lastModified": "2023-12-14T05:15:11.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.schedmd.com/security-archive.php", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5629.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5629.json new file mode 100644 index 00000000000..3935e6707cf --- /dev/null +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5629.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5629", + "sourceIdentifier": "cybersecurity@se.com", + "published": "2023-12-14T05:15:12.463", + "lastModified": "2023-12-14T05:15:12.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019) vulnerability exists that could\ncause disclosure of information through phishing attempts over HTTP.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@se.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf", + "source": "cybersecurity@se.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5630.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5630.json new file mode 100644 index 00000000000..a1a92be4d11 --- /dev/null +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5630.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5630", + "sourceIdentifier": "cybersecurity@se.com", + "published": "2023-12-14T05:15:13.663", + "lastModified": "2023-12-14T05:15:13.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\nprivileged user to install an untrusted firmware.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@se.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf", + "source": "cybersecurity@se.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json index 2d0a5b3a2ec..f130272d4e2 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5984", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.043", - "lastModified": "2023-11-21T19:31:38.970", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T05:15:14.000", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "\nA CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow\nmodified firmware to be uploaded when an authorized admin user begins a firmware update\nprocedure.\n\n" + "value": "\nA CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow\nmodified firmware to be uploaded when an authorized admin user begins a firmware update\nprocedure which could result in full control over the device.\n\n" }, { "lang": "es", @@ -61,7 +61,7 @@ "weaknesses": [ { "source": "cybersecurity@se.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6407.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6407.json new file mode 100644 index 00000000000..5e21c11a3a2 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6407.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6407", + "sourceIdentifier": "cybersecurity@se.com", + "published": "2023-12-14T05:15:14.407", + "lastModified": "2023-12-14T05:15:14.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@se.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf", + "source": "cybersecurity@se.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5ce9d8e6991..8f852cb1cb0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T05:00:18.093858+00:00 +2023-12-14T07:00:17.512371+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T03:15:36.360000+00:00 +2023-12-14T06:15:42.743000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233086 +233096 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `10` +* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2023-12-14T05:15:08.810`) +* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2023-12-14T05:15:10.023`) +* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2023-12-14T05:15:10.490`) +* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2023-12-14T05:15:10.980`) +* [CVE-2023-49937](CVE-2023/CVE-2023-499xx/CVE-2023-49937.json) (`2023-12-14T05:15:11.493`) +* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-14T05:15:11.890`) +* [CVE-2023-5629](CVE-2023/CVE-2023-56xx/CVE-2023-5629.json) (`2023-12-14T05:15:12.463`) +* [CVE-2023-5630](CVE-2023/CVE-2023-56xx/CVE-2023-5630.json) (`2023-12-14T05:15:13.663`) +* [CVE-2023-6407](CVE-2023/CVE-2023-64xx/CVE-2023-6407.json) (`2023-12-14T05:15:14.407`) +* [CVE-2023-44709](CVE-2023/CVE-2023-447xx/CVE-2023-44709.json) (`2023-12-14T06:15:42.743`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `2` -* [CVE-2019-17362](CVE-2019/CVE-2019-173xx/CVE-2019-17362.json) (`2023-12-14T03:15:36.103`) -* [CVE-2023-49080](CVE-2023/CVE-2023-490xx/CVE-2023-49080.json) (`2023-12-14T03:15:36.243`) -* [CVE-2023-6560](CVE-2023/CVE-2023-65xx/CVE-2023-6560.json) (`2023-12-14T03:15:36.360`) +* [CVE-2023-47100](CVE-2023/CVE-2023-471xx/CVE-2023-47100.json) (`2023-12-14T05:15:07.690`) +* [CVE-2023-5984](CVE-2023/CVE-2023-59xx/CVE-2023-5984.json) (`2023-12-14T05:15:14.000`) ## Download and Usage