From d9588658a32e00c3481bc067620d3a6d65fb4675 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 24 Aug 2023 06:00:32 +0000 Subject: [PATCH] Auto-Update: 2023-08-24T06:00:29.169651+00:00 --- CVE-2023/CVE-2023-43xx/CVE-2023-4357.json | 106 +++++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4358.json | 106 +++++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4359.json | 119 ++++++++++++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4360.json | 107 +++++++++++++++++-- README.md | 40 ++------ 5 files changed, 418 insertions(+), 60 deletions(-) diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json index a8a29292654..6381cf9dcb0 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json @@ -2,31 +2,123 @@ "id": "CVE-2023-4357", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.247", - "lastModified": "2023-08-20T03:15:18.023", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-24T05:01:10.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1458911", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json index a50b5d631a6..bd2ae2a0ce6 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json @@ -2,31 +2,123 @@ "id": "CVE-2023-4358", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.397", - "lastModified": "2023-08-20T03:15:18.197", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-24T04:51:54.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1466415", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json index acf4ba27cd3..f95acb6e6ca 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json @@ -2,31 +2,136 @@ "id": "CVE-2023-4359", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.637", - "lastModified": "2023-08-20T03:15:18.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-24T04:51:26.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Third Party Advisory" + ] }, { "url": "https://crbug.com/1443722", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json index 81e3499afd8..fcc78178ebc 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json @@ -2,31 +2,124 @@ "id": "CVE-2023-4360", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.863", - "lastModified": "2023-08-20T03:15:18.630", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-24T04:51:09.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1462723", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 7f3042a057e..cab985f23fa 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-24T04:00:37.333167+00:00 +2023-08-24T06:00:29.169651+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-24T03:15:08.287000+00:00 +2023-08-24T05:01:10.127000+00:00 ``` ### Last Data Feed Release @@ -34,42 +34,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `0` -* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-08-24T02:15:09.210`) -* [CVE-2023-40572](CVE-2023/CVE-2023-405xx/CVE-2023-40572.json) (`2023-08-24T02:15:09.643`) -* [CVE-2023-40573](CVE-2023/CVE-2023-405xx/CVE-2023-40573.json) (`2023-08-24T02:15:09.973`) ### CVEs modified in the last Commit -Recently modified CVEs: `30` +Recently modified CVEs: `4` -* [CVE-2023-20200](CVE-2023/CVE-2023-202xx/CVE-2023-20200.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-20230](CVE-2023/CVE-2023-202xx/CVE-2023-20230.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-20234](CVE-2023/CVE-2023-202xx/CVE-2023-20234.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40612](CVE-2023/CVE-2023-406xx/CVE-2023-40612.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40025](CVE-2023/CVE-2023-400xx/CVE-2023-40025.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40176](CVE-2023/CVE-2023-401xx/CVE-2023-40176.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40035](CVE-2023/CVE-2023-400xx/CVE-2023-40035.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40177](CVE-2023/CVE-2023-401xx/CVE-2023-40177.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40178](CVE-2023/CVE-2023-401xx/CVE-2023-40178.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-40185](CVE-2023/CVE-2023-401xx/CVE-2023-40185.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-32202](CVE-2023/CVE-2023-322xx/CVE-2023-32202.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-36317](CVE-2023/CVE-2023-363xx/CVE-2023-36317.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-38422](CVE-2023/CVE-2023-384xx/CVE-2023-38422.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-41028](CVE-2023/CVE-2023-410xx/CVE-2023-41028.json) (`2023-08-24T02:02:17.167`) -* [CVE-2023-38831](CVE-2023/CVE-2023-388xx/CVE-2023-38831.json) (`2023-08-24T02:02:23.930`) -* [CVE-2023-20115](CVE-2023/CVE-2023-201xx/CVE-2023-20115.json) (`2023-08-24T02:02:23.930`) -* [CVE-2023-20168](CVE-2023/CVE-2023-201xx/CVE-2023-20168.json) (`2023-08-24T02:02:23.930`) -* [CVE-2023-20169](CVE-2023/CVE-2023-201xx/CVE-2023-20169.json) (`2023-08-24T02:02:23.930`) -* [CVE-2023-40360](CVE-2023/CVE-2023-403xx/CVE-2023-40360.json) (`2023-08-24T02:19:25.093`) -* [CVE-2023-2157](CVE-2023/CVE-2023-21xx/CVE-2023-2157.json) (`2023-08-24T03:15:07.590`) -* [CVE-2023-34474](CVE-2023/CVE-2023-344xx/CVE-2023-34474.json) (`2023-08-24T03:15:08.007`) -* [CVE-2023-34475](CVE-2023/CVE-2023-344xx/CVE-2023-34475.json) (`2023-08-24T03:15:08.107`) -* [CVE-2023-39976](CVE-2023/CVE-2023-399xx/CVE-2023-39976.json) (`2023-08-24T03:15:08.193`) -* [CVE-2023-3195](CVE-2023/CVE-2023-31xx/CVE-2023-3195.json) (`2023-08-24T03:15:08.287`) +* [CVE-2023-4360](CVE-2023/CVE-2023-43xx/CVE-2023-4360.json) (`2023-08-24T04:51:09.303`) +* [CVE-2023-4359](CVE-2023/CVE-2023-43xx/CVE-2023-4359.json) (`2023-08-24T04:51:26.233`) +* [CVE-2023-4358](CVE-2023/CVE-2023-43xx/CVE-2023-4358.json) (`2023-08-24T04:51:54.440`) +* [CVE-2023-4357](CVE-2023/CVE-2023-43xx/CVE-2023-4357.json) (`2023-08-24T05:01:10.127`) ## Download and Usage