Auto-Update: 2023-05-30T06:00:24.385848+00:00

This commit is contained in:
cad-safe-bot 2023-05-30 06:00:27 +00:00
parent 6fbba51f62
commit c4e390689e
29 changed files with 678 additions and 27 deletions

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23529",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:14.710",
"lastModified": "2023-03-28T05:15:16.163",
"lastModified": "2023-05-30T05:15:09.580",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-02-14",
"cisaActionDue": "2023-03-07",
@ -91,6 +91,10 @@
"url": "http://seclists.org/fulldisclosure/2023/Mar/20",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213633",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23535",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:16.567",
"lastModified": "2023-05-19T16:15:11.263",
"lastModified": "2023-05-30T05:15:10.217",
"vulnStatus": "Modified",
"descriptions": [
{
@ -110,6 +110,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23537",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:16.687",
"lastModified": "2023-05-19T16:15:11.397",
"lastModified": "2023-05-30T05:15:10.323",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Ventura 13.3. An app may be able to read sensitive location information"
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information"
}
],
"metrics": {
@ -104,6 +104,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23541",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:16.860",
"lastModified": "2023-05-16T19:18:15.047",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-30T05:15:10.407",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user\u2019s contacts"
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to access information about a user\u2019s contacts"
}
],
"metrics": {
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com",

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23543",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.003",
"lastModified": "2023-05-19T16:15:11.610",
"lastModified": "2023-05-30T05:15:10.487",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera"
"value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A sandboxed app may be able to determine which app is currently using the camera"
}
],
"metrics": {
@ -91,6 +91,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24329",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T15:15:12.243",
"lastModified": "2023-05-28T03:15:09.480",
"lastModified": "2023-05-30T05:15:10.557",
"vulnStatus": "Modified",
"descriptions": [
{
@ -76,6 +76,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/",
"source": "cve@mitre.org"
@ -88,6 +92,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/",
"source": "cve@mitre.org"

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26130",
"sourceIdentifier": "report@snyk.io",
"published": "2023-05-30T05:15:10.640",
"lastModified": "2023-05-30T05:15:10.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.\r\r**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280",
"source": "report@snyk.io"
},
{
"url": "https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08",
"source": "report@snyk.io"
},
{
"url": "https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.4",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194",
"source": "report@snyk.io"
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27928",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.063",
"lastModified": "2023-05-19T16:15:11.663",
"lastModified": "2023-05-30T05:15:10.767",
"vulnStatus": "Modified",
"descriptions": [
{
@ -110,6 +110,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27936",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.493",
"lastModified": "2023-05-19T16:15:12.117",
"lastModified": "2023-05-30T05:15:10.837",
"vulnStatus": "Modified",
"descriptions": [
{
@ -91,6 +91,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27941",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.670",
"lastModified": "2023-05-19T16:15:12.243",
"lastModified": "2023-05-30T05:15:10.907",
"vulnStatus": "Modified",
"descriptions": [
{
@ -77,6 +77,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27946",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.990",
"lastModified": "2023-05-19T16:15:12.620",
"lastModified": "2023-05-30T05:15:11.040",
"vulnStatus": "Modified",
"descriptions": [
{
@ -92,6 +92,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27949",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.043",
"lastModified": "2023-05-19T16:15:12.680",
"lastModified": "2023-05-30T05:15:11.123",
"vulnStatus": "Modified",
"descriptions": [
{
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27954",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.267",
"lastModified": "2023-05-19T16:15:12.907",
"lastModified": "2023-05-30T05:15:11.203",
"vulnStatus": "Modified",
"descriptions": [
{
@ -125,6 +125,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27956",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.383",
"lastModified": "2023-05-19T16:15:13.050",
"lastModified": "2023-05-30T05:15:11.293",
"vulnStatus": "Modified",
"descriptions": [
{
@ -104,6 +104,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27961",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.663",
"lastModified": "2023-05-19T16:15:13.200",
"lastModified": "2023-05-30T05:15:11.370",
"vulnStatus": "Modified",
"descriptions": [
{
@ -112,6 +112,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27963",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.773",
"lastModified": "2023-05-19T16:15:13.327",
"lastModified": "2023-05-30T05:15:11.463",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27969",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.053",
"lastModified": "2023-05-19T16:15:13.480",
"lastModified": "2023-05-30T05:15:11.563",
"vulnStatus": "Modified",
"descriptions": [
{
@ -104,6 +104,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28182",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.330",
"lastModified": "2023-05-19T16:15:13.720",
"lastModified": "2023-05-30T05:15:11.657",
"vulnStatus": "Modified",
"descriptions": [
{
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/May/7",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32685",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.770",
"lastModified": "2023-05-30T05:15:11.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32691",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T04:15:09.980",
"lastModified": "2023-05-30T04:15:09.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32692",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T04:15:10.097",
"lastModified": "2023-05-30T04:15:10.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32698",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T04:15:10.187",
"lastModified": "2023-05-30T04:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged \nthe files (without extra config for enforcing it\u2019s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/goreleaser/nfpm/releases/tag/v2.29.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33175",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.877",
"lastModified": "2023-05-30T05:15:11.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-914"
}
]
}
],
"references": [
{
"url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-33182",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.957",
"lastModified": "2023-05-30T05:15:11.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/contacts/pull/3199",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hxr6-cx85-gcjx",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1789602",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-33198",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:12.033",
"lastModified": "2023-05-30T05:15:12.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-941"
}
]
}
],
"references": [
{
"url": "https://github.com/tgstation/tgstation-server/pull/1493",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-33245",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T05:15:12.120",
"lastModified": "2023-05-30T05:15:12.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink."
}
],
"metrics": {},
"references": [
{
"url": "https://help.minecraft.net/hc/en-us/articles/16165590199181",
"source": "cve@mitre.org"
},
{
"url": "https://vuln.ryotak.net/advisories/67",
"source": "cve@mitre.org"
},
{
"url": "https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T04:15:10.317",
"lastModified": "2023-05-30T04:15:10.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/imapsync/imapsync/issues/399",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T04:15:10.377",
"lastModified": "2023-05-30T04:15:10.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/moov-io/signedxml/issues/23",
"source": "cve@mitre.org"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-30T04:00:25.529392+00:00
2023-05-30T06:00:24.385848+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-30T02:15:33.533000+00:00
2023-05-30T05:15:12.120000+00:00
```
### Last Data Feed Release
@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216309
216320
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `11`
* [CVE-2023-27988](CVE-2023/CVE-2023-279xx/CVE-2023-27988.json) (`2023-05-30T02:15:33.533`)
* [CVE-2023-32691](CVE-2023/CVE-2023-326xx/CVE-2023-32691.json) (`2023-05-30T04:15:09.980`)
* [CVE-2023-32692](CVE-2023/CVE-2023-326xx/CVE-2023-32692.json) (`2023-05-30T04:15:10.097`)
* [CVE-2023-32698](CVE-2023/CVE-2023-326xx/CVE-2023-32698.json) (`2023-05-30T04:15:10.187`)
* [CVE-2023-34204](CVE-2023/CVE-2023-342xx/CVE-2023-34204.json) (`2023-05-30T04:15:10.317`)
* [CVE-2023-34205](CVE-2023/CVE-2023-342xx/CVE-2023-34205.json) (`2023-05-30T04:15:10.377`)
* [CVE-2023-26130](CVE-2023/CVE-2023-261xx/CVE-2023-26130.json) (`2023-05-30T05:15:10.640`)
* [CVE-2023-32685](CVE-2023/CVE-2023-326xx/CVE-2023-32685.json) (`2023-05-30T05:15:11.770`)
* [CVE-2023-33175](CVE-2023/CVE-2023-331xx/CVE-2023-33175.json) (`2023-05-30T05:15:11.877`)
* [CVE-2023-33182](CVE-2023/CVE-2023-331xx/CVE-2023-33182.json) (`2023-05-30T05:15:11.957`)
* [CVE-2023-33198](CVE-2023/CVE-2023-331xx/CVE-2023-33198.json) (`2023-05-30T05:15:12.033`)
* [CVE-2023-33245](CVE-2023/CVE-2023-332xx/CVE-2023-33245.json) (`2023-05-30T05:15:12.120`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `17`
* [CVE-2023-23529](CVE-2023/CVE-2023-235xx/CVE-2023-23529.json) (`2023-05-30T05:15:09.580`)
* [CVE-2023-23535](CVE-2023/CVE-2023-235xx/CVE-2023-23535.json) (`2023-05-30T05:15:10.217`)
* [CVE-2023-23537](CVE-2023/CVE-2023-235xx/CVE-2023-23537.json) (`2023-05-30T05:15:10.323`)
* [CVE-2023-23541](CVE-2023/CVE-2023-235xx/CVE-2023-23541.json) (`2023-05-30T05:15:10.407`)
* [CVE-2023-23543](CVE-2023/CVE-2023-235xx/CVE-2023-23543.json) (`2023-05-30T05:15:10.487`)
* [CVE-2023-24329](CVE-2023/CVE-2023-243xx/CVE-2023-24329.json) (`2023-05-30T05:15:10.557`)
* [CVE-2023-27928](CVE-2023/CVE-2023-279xx/CVE-2023-27928.json) (`2023-05-30T05:15:10.767`)
* [CVE-2023-27936](CVE-2023/CVE-2023-279xx/CVE-2023-27936.json) (`2023-05-30T05:15:10.837`)
* [CVE-2023-27941](CVE-2023/CVE-2023-279xx/CVE-2023-27941.json) (`2023-05-30T05:15:10.907`)
* [CVE-2023-27946](CVE-2023/CVE-2023-279xx/CVE-2023-27946.json) (`2023-05-30T05:15:11.040`)
* [CVE-2023-27949](CVE-2023/CVE-2023-279xx/CVE-2023-27949.json) (`2023-05-30T05:15:11.123`)
* [CVE-2023-27954](CVE-2023/CVE-2023-279xx/CVE-2023-27954.json) (`2023-05-30T05:15:11.203`)
* [CVE-2023-27956](CVE-2023/CVE-2023-279xx/CVE-2023-27956.json) (`2023-05-30T05:15:11.293`)
* [CVE-2023-27961](CVE-2023/CVE-2023-279xx/CVE-2023-27961.json) (`2023-05-30T05:15:11.370`)
* [CVE-2023-27963](CVE-2023/CVE-2023-279xx/CVE-2023-27963.json) (`2023-05-30T05:15:11.463`)
* [CVE-2023-27969](CVE-2023/CVE-2023-279xx/CVE-2023-27969.json) (`2023-05-30T05:15:11.563`)
* [CVE-2023-28182](CVE-2023/CVE-2023-281xx/CVE-2023-28182.json) (`2023-05-30T05:15:11.657`)
## Download and Usage