From d9e825d34b3f88370aaf1dd6d045fd20358f24c7 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Fri, 3 Nov 2023 11:00:22 +0000
Subject: [PATCH] Auto-Update: 2023-11-03T11:00:19.036452+00:00

---
 CVE-2023/CVE-2023-14xx/CVE-2023-1476.json | 55 ++++++++++++++++++++
 CVE-2023/CVE-2023-40xx/CVE-2023-4043.json | 63 +++++++++++++++++++++++
 README.md                                 | 28 +++-------
 3 files changed, 125 insertions(+), 21 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-14xx/CVE-2023-1476.json
 create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4043.json

diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1476.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1476.json
new file mode 100644
index 00000000000..f9ec12aaa71
--- /dev/null
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1476.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-1476",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T09:15:13.393",
+  "lastModified": "2023-11-03T09:15:13.393",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:1659",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1476",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176035",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4043.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4043.json
new file mode 100644
index 00000000000..ecb9bf9647d
--- /dev/null
+++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4043.json
@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4043",
+  "sourceIdentifier": "emo@eclipse.org",
+  "published": "2023-11-03T09:15:13.600",
+  "lastModified": "2023-11-03T09:15:13.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.\n\n\nTo mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "emo@eclipse.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "emo@eclipse.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-834"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/eclipse-ee4j/parsson/pull/100",
+      "source": "emo@eclipse.org"
+    },
+    {
+      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/13",
+      "source": "emo@eclipse.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 8c06e41bd7f..9f26aefa8ce 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-03T09:00:59.372263+00:00
+2023-11-03T11:00:19.036452+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-03T08:15:08.270000+00:00
+2023-11-03T09:15:13.600000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,35 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-229725
+229727
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `12`
+Recently added CVEs: `2`
 
-* [CVE-2023-41344](CVE-2023/CVE-2023-413xx/CVE-2023-41344.json) (`2023-11-03T07:15:14.190`)
-* [CVE-2023-41356](CVE-2023/CVE-2023-413xx/CVE-2023-41356.json) (`2023-11-03T07:15:14.403`)
-* [CVE-2023-41357](CVE-2023/CVE-2023-413xx/CVE-2023-41357.json) (`2023-11-03T07:15:14.503`)
-* [CVE-2023-5763](CVE-2023/CVE-2023-57xx/CVE-2023-5763.json) (`2023-11-03T07:15:14.617`)
-* [CVE-2023-5948](CVE-2023/CVE-2023-59xx/CVE-2023-5948.json) (`2023-11-03T07:15:14.723`)
-* [CVE-2023-1194](CVE-2023/CVE-2023-11xx/CVE-2023-1194.json) (`2023-11-03T08:15:07.490`)
-* [CVE-2023-42670](CVE-2023/CVE-2023-426xx/CVE-2023-42670.json) (`2023-11-03T08:15:07.883`)
-* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2023-11-03T08:15:07.953`)
-* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-03T08:15:08.023`)
-* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-11-03T08:15:08.117`)
-* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-03T08:15:08.197`)
-* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-11-03T08:15:08.270`)
+* [CVE-2023-1476](CVE-2023/CVE-2023-14xx/CVE-2023-1476.json) (`2023-11-03T09:15:13.393`)
+* [CVE-2023-4043](CVE-2023/CVE-2023-40xx/CVE-2023-4043.json) (`2023-11-03T09:15:13.600`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `4`
+Recently modified CVEs: `0`
 
-* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T08:15:07.590`)
-* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T08:15:07.673`)
-* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T08:15:07.737`)
-* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T08:15:07.813`)
 
 
 ## Download and Usage