From c7b3e760920b408941d89314e7f0112051f44ef7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 4 Feb 2024 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-04T21:00:24.404328+00:00 --- CVE-2021/CVE-2021-44xx/CVE-2021-4435.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-523xx/CVE-2023-52355.json | 6 +- CVE-2023/CVE-2023-524xx/CVE-2023-52425.json | 20 ++++++ CVE-2023/CVE-2023-524xx/CVE-2023-52426.json | 28 +++++++++ CVE-2023/CVE-2023-62xx/CVE-2023-6291.json | 6 +- CVE-2023/CVE-2023-64xx/CVE-2023-6476.json | 6 +- CVE-2023/CVE-2023-68xx/CVE-2023-6816.json | 4 +- CVE-2023/CVE-2023-69xx/CVE-2023-6944.json | 4 +- CVE-2023/CVE-2023-71xx/CVE-2023-7192.json | 4 +- README.md | 21 ++++--- 10 files changed, 144 insertions(+), 22 deletions(-) create mode 100644 CVE-2021/CVE-2021-44xx/CVE-2021-4435.json create mode 100644 CVE-2023/CVE-2023-524xx/CVE-2023-52425.json create mode 100644 CVE-2023/CVE-2023-524xx/CVE-2023-52426.json diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4435.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4435.json new file mode 100644 index 00000000000..a23dfd3f9fe --- /dev/null +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4435.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2021-4435", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-04T20:15:45.657", + "lastModified": "2024-02-04T20:15:45.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2021-4435", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json index 4e4f301d40d..adab48cbfb0 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52355", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T20:15:38.353", - "lastModified": "2024-01-31T17:59:49.903", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-04T20:15:45.900", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-787" } ] } diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52425.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52425.json new file mode 100644 index 00000000000..2f491709fb6 --- /dev/null +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52425.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-52425", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-04T20:15:46.063", + "lastModified": "2024-02-04T20:15:46.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libexpat/libexpat/pull/789", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52426.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52426.json new file mode 100644 index 00000000000..499b9ffb4a6 --- /dev/null +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52426.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-52426", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-04T20:15:46.120", + "lastModified": "2024-02-04T20:15:46.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/776.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libexpat/libexpat/pull/777", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json index eda73a47875..282dfa4adab 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6291", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-26T15:15:08.280", - "lastModified": "2024-02-03T01:42:08.807", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-04T20:15:46.173", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-601" } ] } diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6476.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6476.json index d6057e0a66b..94181f7c689 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6476.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6476.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6476", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-09T22:15:43.610", - "lastModified": "2024-01-18T18:16:25.947", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-04T20:15:46.327", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-770" } ] } diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json index 9bc6c289e6d..a5f05f068ac 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6816", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T05:15:08.607", - "lastModified": "2024-01-31T16:15:45.150", + "lastModified": "2024-02-04T20:15:46.477", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-787" } ] } diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json index d8a0324f57a..d6ca402a8a8 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6944", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-04T10:15:11.517", - "lastModified": "2024-01-25T16:15:08.177", + "lastModified": "2024-02-04T20:15:46.650", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-209" } ] } diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json index e30a71f176f..d4ee06a6505 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7192", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T19:15:11.510", - "lastModified": "2024-01-30T13:15:07.933", + "lastModified": "2024-02-04T20:15:46.787", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-402" + "value": "CWE-401" } ] } diff --git a/README.md b/README.md index 9058e1f43f6..b260dfcd017 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-04T19:00:25.019691+00:00 +2024-02-04T21:00:24.404328+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-04T18:16:00.713000+00:00 +2024-02-04T20:15:46.787000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237515 +237518 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -* [CVE-2018-25098](CVE-2018/CVE-2018-250xx/CVE-2018-25098.json) (`2024-02-04T17:15:07.880`) -* [CVE-2020-36773](CVE-2020/CVE-2020-367xx/CVE-2020-36773.json) (`2024-02-04T18:16:00.713`) +* [CVE-2021-4435](CVE-2021/CVE-2021-44xx/CVE-2021-4435.json) (`2024-02-04T20:15:45.657`) +* [CVE-2023-52425](CVE-2023/CVE-2023-524xx/CVE-2023-52425.json) (`2024-02-04T20:15:46.063`) +* [CVE-2023-52426](CVE-2023/CVE-2023-524xx/CVE-2023-52426.json) (`2024-02-04T20:15:46.120`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `6` +* [CVE-2023-52355](CVE-2023/CVE-2023-523xx/CVE-2023-52355.json) (`2024-02-04T20:15:45.900`) +* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-02-04T20:15:46.173`) +* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-02-04T20:15:46.327`) +* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-02-04T20:15:46.477`) +* [CVE-2023-6944](CVE-2023/CVE-2023-69xx/CVE-2023-6944.json) (`2024-02-04T20:15:46.650`) +* [CVE-2023-7192](CVE-2023/CVE-2023-71xx/CVE-2023-7192.json) (`2024-02-04T20:15:46.787`) ## Download and Usage