diff --git a/CVE-2022/CVE-2022-383xx/CVE-2022-38398.json b/CVE-2022/CVE-2022-383xx/CVE-2022-38398.json index 3d3937b1ca9..18986c29e06 100644 --- a/CVE-2022/CVE-2022-383xx/CVE-2022-38398.json +++ b/CVE-2022/CVE-2022-383xx/CVE-2022-38398.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38398", "sourceIdentifier": "security@apache.org", "published": "2022-09-22T15:15:09.287", - "lastModified": "2023-10-15T00:15:09.897", - "vulnStatus": "Modified", + "lastModified": "2023-10-30T02:18:05.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -75,6 +75,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -88,7 +103,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44729.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44729.json index 9ff5bb09984..b333418f086 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44729.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44729.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44729", "sourceIdentifier": "security@apache.org", "published": "2023-08-22T19:16:29.833", - "lastModified": "2023-10-15T00:15:10.170", - "vulnStatus": "Modified", + "lastModified": "2023-10-30T02:17:57.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -92,7 +107,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://xmlgraphics.apache.org/security.html", diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44730.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44730.json index f98d1b01890..7ccf161b7ad 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44730.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44730.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44730", "sourceIdentifier": "security@apache.org", "published": "2023-08-22T19:16:29.930", - "lastModified": "2023-10-15T00:15:10.257", - "vulnStatus": "Modified", + "lastModified": "2023-10-30T02:18:01.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,6 +63,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -92,7 +107,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://xmlgraphics.apache.org/security.html", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json new file mode 100644 index 00000000000..610bc30cb5c --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46865", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T01:15:21.967", + "lastModified": "2023-10-30T01:15:21.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/crater-invoice/crater/issues/1267", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/crater-invoice/crater/pull/1271", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json new file mode 100644 index 00000000000..1cd9b8d4957 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5842", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-30T01:15:22.013", + "lastModified": "2023-10-30T01:15:22.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6d0b31f09b4..546c2ccab5e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-30T00:55:26.083424+00:00 +2023-10-30T03:00:33.911697+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-30T00:15:39.237000+00:00 +2023-10-30T02:18:05.193000+00:00 ``` ### Last Data Feed Release @@ -23,29 +23,30 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-10-29T00:00:13.958831+00:00 +2023-10-30T01:00:13.533300+00:00 ``` ### Total Number of included CVEs ```plain -229122 +229124 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -* [CVE-2023-44002](CVE-2023/CVE-2023-440xx/CVE-2023-44002.json) (`2023-10-30T00:15:39.077`) -* [CVE-2023-46863](CVE-2023/CVE-2023-468xx/CVE-2023-46863.json) (`2023-10-30T00:15:39.157`) -* [CVE-2023-46864](CVE-2023/CVE-2023-468xx/CVE-2023-46864.json) (`2023-10-30T00:15:39.200`) -* [CVE-2023-4393](CVE-2023/CVE-2023-43xx/CVE-2023-4393.json) (`2023-10-30T00:15:39.237`) +* [CVE-2023-46865](CVE-2023/CVE-2023-468xx/CVE-2023-46865.json) (`2023-10-30T01:15:21.967`) +* [CVE-2023-5842](CVE-2023/CVE-2023-58xx/CVE-2023-5842.json) (`2023-10-30T01:15:22.013`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `3` +* [CVE-2022-44729](CVE-2022/CVE-2022-447xx/CVE-2022-44729.json) (`2023-10-30T02:17:57.743`) +* [CVE-2022-44730](CVE-2022/CVE-2022-447xx/CVE-2022-44730.json) (`2023-10-30T02:18:01.513`) +* [CVE-2022-38398](CVE-2022/CVE-2022-383xx/CVE-2022-38398.json) (`2023-10-30T02:18:05.193`) ## Download and Usage