diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23529.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23529.json index 56c63e6ba22..737087e9802 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23529.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23529.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23529", "sourceIdentifier": "product-security@apple.com", "published": "2023-02-27T20:15:14.710", - "lastModified": "2023-03-28T05:15:16.163", + "lastModified": "2023-05-30T05:15:09.580", "vulnStatus": "Modified", "cisaExploitAdd": "2023-02-14", "cisaActionDue": "2023-03-07", @@ -91,6 +91,10 @@ "url": "http://seclists.org/fulldisclosure/2023/Mar/20", "source": "product-security@apple.com" }, + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213633", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23535.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23535.json index 73d56da6b5f..ff80d1f7397 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23535.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23535.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23535", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:16.567", - "lastModified": "2023-05-19T16:15:11.263", + "lastModified": "2023-05-30T05:15:10.217", "vulnStatus": "Modified", "descriptions": [ { @@ -110,6 +110,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23537.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23537.json index 108358c4d99..78514a8dff5 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23537.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23537.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23537", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:16.687", - "lastModified": "2023-05-19T16:15:11.397", + "lastModified": "2023-05-30T05:15:10.323", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Ventura 13.3. An app may be able to read sensitive location information" + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information" } ], "metrics": { @@ -104,6 +104,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23541.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23541.json index 4128d2b2380..b0044befbd7 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23541.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23541.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23541", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:16.860", - "lastModified": "2023-05-16T19:18:15.047", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-30T05:15:10.407", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user\u2019s contacts" + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to access information about a user\u2019s contacts" } ], "metrics": { @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213673", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json index 142907e468e..ecaf24a4455 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23543", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:17.003", - "lastModified": "2023-05-19T16:15:11.610", + "lastModified": "2023-05-30T05:15:10.487", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera" + "value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A sandboxed app may be able to determine which app is currently using the camera" } ], "metrics": { @@ -91,6 +91,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json index dc634961eb3..d290f7d0549 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json @@ -2,7 +2,7 @@ "id": "CVE-2023-24329", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-17T15:15:12.243", - "lastModified": "2023-05-28T03:15:09.480", + "lastModified": "2023-05-30T05:15:10.557", "vulnStatus": "Modified", "descriptions": [ { @@ -76,6 +76,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/", "source": "cve@mitre.org" @@ -88,6 +92,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26130.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26130.json new file mode 100644 index 00000000000..4a632ef03e8 --- /dev/null +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26130.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26130", + "sourceIdentifier": "report@snyk.io", + "published": "2023-05-30T05:15:10.640", + "lastModified": "2023-05-30T05:15:10.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.\r\r**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.4", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27928.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27928.json index 3d4e1637f62..efe1044ce60 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27928.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27928.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27928", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:17.063", - "lastModified": "2023-05-19T16:15:11.663", + "lastModified": "2023-05-30T05:15:10.767", "vulnStatus": "Modified", "descriptions": [ { @@ -110,6 +110,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27936.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27936.json index 7664e752e9e..61fe9f02622 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27936.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27936.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27936", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:17.493", - "lastModified": "2023-05-19T16:15:12.117", + "lastModified": "2023-05-30T05:15:10.837", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json index 3b1bc3b0c58..77020c67dfd 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27941", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:17.670", - "lastModified": "2023-05-19T16:15:12.243", + "lastModified": "2023-05-30T05:15:10.907", "vulnStatus": "Modified", "descriptions": [ { @@ -77,6 +77,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27946.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27946.json index 62da7363314..1282146b76a 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27946.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27946.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27946", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:17.990", - "lastModified": "2023-05-19T16:15:12.620", + "lastModified": "2023-05-30T05:15:11.040", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27949.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27949.json index f8c10e2ff4f..e9e97834e96 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27949.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27949.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27949", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:18.043", - "lastModified": "2023-05-19T16:15:12.680", + "lastModified": "2023-05-30T05:15:11.123", "vulnStatus": "Modified", "descriptions": [ { @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27954.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27954.json index 05dbf17d0db..4f33de6a17c 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27954.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27954.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27954", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:18.267", - "lastModified": "2023-05-19T16:15:12.907", + "lastModified": "2023-05-30T05:15:11.203", "vulnStatus": "Modified", "descriptions": [ { @@ -125,6 +125,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27956.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27956.json index 9fd6921a6a5..0cb0c557596 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27956.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27956.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27956", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:18.383", - "lastModified": "2023-05-19T16:15:13.050", + "lastModified": "2023-05-30T05:15:11.293", "vulnStatus": "Modified", "descriptions": [ { @@ -104,6 +104,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27961.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27961.json index 91de287cdf2..6555f174b5b 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27961.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27961.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27961", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:18.663", - "lastModified": "2023-05-19T16:15:13.200", + "lastModified": "2023-05-30T05:15:11.370", "vulnStatus": "Modified", "descriptions": [ { @@ -112,6 +112,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json index 9cf6e7358f1..3bb1a609225 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27963", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:18.773", - "lastModified": "2023-05-19T16:15:13.327", + "lastModified": "2023-05-30T05:15:11.463", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27969.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27969.json index 0859d20848e..d97c379d97b 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27969.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27969.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27969", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:19.053", - "lastModified": "2023-05-19T16:15:13.480", + "lastModified": "2023-05-30T05:15:11.563", "vulnStatus": "Modified", "descriptions": [ { @@ -104,6 +104,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28182.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28182.json index 86b7eafec9d..103a08b1b84 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28182.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28182.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28182", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:19.330", - "lastModified": "2023-05-19T16:15:13.720", + "lastModified": "2023-05-30T05:15:11.657", "vulnStatus": "Modified", "descriptions": [ { @@ -106,6 +106,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/May/7", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json new file mode 100644 index 00000000000..bbf1c7841d8 --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-32685", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T05:15:11.770", + "lastModified": "2023-05-30T05:15:11.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32691.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32691.json new file mode 100644 index 00000000000..3cf9eea6963 --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32691.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32691", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T04:15:09.980", + "lastModified": "2023-05-30T04:15:09.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json new file mode 100644 index 00000000000..793f2fa182c --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32692", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T04:15:10.097", + "lastModified": "2023-05-30T04:15:10.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json new file mode 100644 index 00000000000..0b94014f747 --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-32698", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T04:15:10.187", + "lastModified": "2023-05-30T04:15:10.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged \nthe files (without extra config for enforcing it\u2019s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goreleaser/nfpm/releases/tag/v2.29.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json new file mode 100644 index 00000000000..ddc454e23cc --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-33175", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T05:15:11.877", + "lastModified": "2023-05-30T05:15:11.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-914" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json new file mode 100644 index 00000000000..d167d81ad74 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-33182", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T05:15:11.957", + "lastModified": "2023-05-30T05:15:11.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 0.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/contacts/pull/3199", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hxr6-cx85-gcjx", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1789602", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33198.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33198.json new file mode 100644 index 00000000000..dea65cdcfcf --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33198.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-33198", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-30T05:15:12.033", + "lastModified": "2023-05-30T05:15:12.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-941" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tgstation/tgstation-server/pull/1493", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33245.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33245.json new file mode 100644 index 00000000000..b654acff458 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33245.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-33245", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-30T05:15:12.120", + "lastModified": "2023-05-30T05:15:12.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://help.minecraft.net/hc/en-us/articles/16165590199181", + "source": "cve@mitre.org" + }, + { + "url": "https://vuln.ryotak.net/advisories/67", + "source": "cve@mitre.org" + }, + { + "url": "https://www.minecraft.net/ja-jp/article/minecraft-1-20-pre-release-7", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json new file mode 100644 index 00000000000..d642c0fd576 --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34204", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-30T04:15:10.317", + "lastModified": "2023-05-30T04:15:10.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/imapsync/imapsync/issues/399", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json new file mode 100644 index 00000000000..8d393b0df3c --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34205", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-30T04:15:10.377", + "lastModified": "2023-05-30T04:15:10.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/moov-io/signedxml/issues/23", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b376e8fe62f..93be57bdb4c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-30T04:00:25.529392+00:00 +2023-05-30T06:00:24.385848+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-30T02:15:33.533000+00:00 +2023-05-30T05:15:12.120000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216309 +216320 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `11` -* [CVE-2023-27988](CVE-2023/CVE-2023-279xx/CVE-2023-27988.json) (`2023-05-30T02:15:33.533`) +* [CVE-2023-32691](CVE-2023/CVE-2023-326xx/CVE-2023-32691.json) (`2023-05-30T04:15:09.980`) +* [CVE-2023-32692](CVE-2023/CVE-2023-326xx/CVE-2023-32692.json) (`2023-05-30T04:15:10.097`) +* [CVE-2023-32698](CVE-2023/CVE-2023-326xx/CVE-2023-32698.json) (`2023-05-30T04:15:10.187`) +* [CVE-2023-34204](CVE-2023/CVE-2023-342xx/CVE-2023-34204.json) (`2023-05-30T04:15:10.317`) +* [CVE-2023-34205](CVE-2023/CVE-2023-342xx/CVE-2023-34205.json) (`2023-05-30T04:15:10.377`) +* [CVE-2023-26130](CVE-2023/CVE-2023-261xx/CVE-2023-26130.json) (`2023-05-30T05:15:10.640`) +* [CVE-2023-32685](CVE-2023/CVE-2023-326xx/CVE-2023-32685.json) (`2023-05-30T05:15:11.770`) +* [CVE-2023-33175](CVE-2023/CVE-2023-331xx/CVE-2023-33175.json) (`2023-05-30T05:15:11.877`) +* [CVE-2023-33182](CVE-2023/CVE-2023-331xx/CVE-2023-33182.json) (`2023-05-30T05:15:11.957`) +* [CVE-2023-33198](CVE-2023/CVE-2023-331xx/CVE-2023-33198.json) (`2023-05-30T05:15:12.033`) +* [CVE-2023-33245](CVE-2023/CVE-2023-332xx/CVE-2023-33245.json) (`2023-05-30T05:15:12.120`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `17` +* [CVE-2023-23529](CVE-2023/CVE-2023-235xx/CVE-2023-23529.json) (`2023-05-30T05:15:09.580`) +* [CVE-2023-23535](CVE-2023/CVE-2023-235xx/CVE-2023-23535.json) (`2023-05-30T05:15:10.217`) +* [CVE-2023-23537](CVE-2023/CVE-2023-235xx/CVE-2023-23537.json) (`2023-05-30T05:15:10.323`) +* [CVE-2023-23541](CVE-2023/CVE-2023-235xx/CVE-2023-23541.json) (`2023-05-30T05:15:10.407`) +* [CVE-2023-23543](CVE-2023/CVE-2023-235xx/CVE-2023-23543.json) (`2023-05-30T05:15:10.487`) +* [CVE-2023-24329](CVE-2023/CVE-2023-243xx/CVE-2023-24329.json) (`2023-05-30T05:15:10.557`) +* [CVE-2023-27928](CVE-2023/CVE-2023-279xx/CVE-2023-27928.json) (`2023-05-30T05:15:10.767`) +* [CVE-2023-27936](CVE-2023/CVE-2023-279xx/CVE-2023-27936.json) (`2023-05-30T05:15:10.837`) +* [CVE-2023-27941](CVE-2023/CVE-2023-279xx/CVE-2023-27941.json) (`2023-05-30T05:15:10.907`) +* [CVE-2023-27946](CVE-2023/CVE-2023-279xx/CVE-2023-27946.json) (`2023-05-30T05:15:11.040`) +* [CVE-2023-27949](CVE-2023/CVE-2023-279xx/CVE-2023-27949.json) (`2023-05-30T05:15:11.123`) +* [CVE-2023-27954](CVE-2023/CVE-2023-279xx/CVE-2023-27954.json) (`2023-05-30T05:15:11.203`) +* [CVE-2023-27956](CVE-2023/CVE-2023-279xx/CVE-2023-27956.json) (`2023-05-30T05:15:11.293`) +* [CVE-2023-27961](CVE-2023/CVE-2023-279xx/CVE-2023-27961.json) (`2023-05-30T05:15:11.370`) +* [CVE-2023-27963](CVE-2023/CVE-2023-279xx/CVE-2023-27963.json) (`2023-05-30T05:15:11.463`) +* [CVE-2023-27969](CVE-2023/CVE-2023-279xx/CVE-2023-27969.json) (`2023-05-30T05:15:11.563`) +* [CVE-2023-28182](CVE-2023/CVE-2023-281xx/CVE-2023-28182.json) (`2023-05-30T05:15:11.657`) ## Download and Usage