Auto-Update: 2023-10-03T04:00:25.721863+00:00

2025-05-08 19:47:09 +00:00 · 2023-10-03 04:00:29 +00:00 · 2023-10-03 04:00:29 +00:00 · dfb993c198
commit dfb993c198
parent 862299ce75
9 changed files with 317 additions and 37 deletions
--- a/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
+++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-20588",
  "sourceIdentifier": "psirt@amd.com",
  "published": "2023-08-08T18:15:11.653",
-  "lastModified": "2023-09-30T06:15:09.310",
+  "lastModified": "2023-10-03T02:15:09.110",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -946,6 +946,10 @@
      "url": "http://xenbits.xen.org/xsa/advisory-439.html",
      "source": "psirt@amd.com"
    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/",
+      "source": "psirt@amd.com"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/",
      "source": "psirt@amd.com"
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3335",
+  "sourceIdentifier": "hirt@hitachi.co.jp",
+  "published": "2023-10-03T02:15:09.377",
+  "lastModified": "2023-10-03T02:15:09.377",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users\u00a0 to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hirt@hitachi.co.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.0,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "hirt@hitachi.co.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-532"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-140/index.html",
+      "source": "hirt@hitachi.co.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3440.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3440",
+  "sourceIdentifier": "hirt@hitachi.co.jp",
+  "published": "2023-10-03T02:15:09.537",
+  "lastModified": "2023-10-03T02:15:09.537",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before\u00a0 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before\u00a0 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hirt@hitachi.co.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "hirt@hitachi.co.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html",
+      "source": "hirt@hitachi.co.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-39xx/CVE-2023-3967.json
+++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3967.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3967",
+  "sourceIdentifier": "hirt@hitachi.co.jp",
+  "published": "2023-10-03T02:15:09.710",
+  "lastModified": "2023-10-03T02:15:09.710",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hirt@hitachi.co.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "hirt@hitachi.co.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-142/index.html",
+      "source": "hirt@hitachi.co.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42811.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42811.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-42811",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-09-22T16:15:10.583",
-  "lastModified": "2023-09-26T14:33:51.987",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-03T03:15:09.580",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -104,6 +104,14 @@
        "Exploit",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/",
+      "source": "security-advisories@github.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-436xx/CVE-2023-43669.json
+++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43669.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-43669",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-09-21T06:15:13.833",
-  "lastModified": "2023-09-29T02:15:50.563",
+  "lastModified": "2023-10-03T03:15:09.677",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -11,7 +11,7 @@
    },
    {
      "lang": "es",
-      "value": "Tungstenite crate hasta 0.20.0 para Rust permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio (por minutos de consumo de CPU) a trav\u00e9s de una longitud excesiva de un encabezado HTTP en un protocolo de enlace del cliente. La longitud afecta tanto la cantidad de veces que se intenta un an\u00e1lisis (por ejemplo, miles de veces) como la cantidad promedio de datos para cada intento de an\u00e1lisis (por ejemplo, millones de bytes)."
+      "value": "El Tungstenite crate anterior a la versi\u00f3n 0.20.1 para Rust permite a atacantes remotos provocar una denegaci\u00f3n del servicio (de minutos de consumo de la CPU) a trav\u00e9s de una longitud excesiva de un encabezado HTTP en el handshake del cliente. La longitud afecta tanto a cu\u00e1ntas veces se intenta un an\u00e1lisis (por ejemplo, miles de veces) y la cantidad promedio de datos para cada intento de an\u00e1lisis (por ejemplo, millones de bytes)."
    }
  ],
  "metrics": {
@ -130,6 +130,10 @@
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THK6G6CD4VW6RCROWUV2C4HSINKK3XAK/",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TT7SF6CQ5VHAGFLWNXY64NFSW4WIWE7D/",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://security-tracker.debian.org/tracker/CVE-2023-43669",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-53xx/CVE-2023-5334.json
+++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5334.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5334",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-10-03T02:15:10.360",
+  "lastModified": "2023-10-03T02:15:10.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/responsive-header-image-slider/trunk/responsive_headerimageslider.php#L343",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-53xx/CVE-2023-5345.json
+++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5345.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5345",
+  "sourceIdentifier": "cve-coordination@google.com",
+  "published": "2023-10-03T03:15:09.750",
+  "lastModified": "2023-10-03T03:15:09.750",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@google.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@google.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-416"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705",
+      "source": "cve-coordination@google.com"
+    },
+    {
+      "url": "https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705",
+      "source": "cve-coordination@google.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-03T02:00:25.186453+00:00
+2023-10-03T04:00:25.721863+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-03T01:44:32.997000+00:00
+2023-10-03T03:15:09.750000+00:00
 ```

 ### Last Data Feed Release
@ -29,46 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226787
+226792
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `8`
+Recently added CVEs: `5`

-* [CVE-2023-28373](CVE-2023/CVE-2023-283xx/CVE-2023-28373.json) (`2023-10-03T00:15:09.913`)
-* [CVE-2023-32572](CVE-2023/CVE-2023-325xx/CVE-2023-32572.json) (`2023-10-03T00:15:09.990`)
-* [CVE-2023-36628](CVE-2023/CVE-2023-366xx/CVE-2023-36628.json) (`2023-10-03T00:15:10.057`)
-* [CVE-2023-39222](CVE-2023/CVE-2023-392xx/CVE-2023-39222.json) (`2023-10-03T01:15:56.810`)
-* [CVE-2023-39429](CVE-2023/CVE-2023-394xx/CVE-2023-39429.json) (`2023-10-03T01:15:56.867`)
-* [CVE-2023-41086](CVE-2023/CVE-2023-410xx/CVE-2023-41086.json) (`2023-10-03T01:15:56.917`)
-* [CVE-2023-42771](CVE-2023/CVE-2023-427xx/CVE-2023-42771.json) (`2023-10-03T01:15:56.967`)
-* [CVE-2023-43627](CVE-2023/CVE-2023-436xx/CVE-2023-43627.json) (`2023-10-03T01:15:57.017`)
+* [CVE-2023-3335](CVE-2023/CVE-2023-33xx/CVE-2023-3335.json) (`2023-10-03T02:15:09.377`)
+* [CVE-2023-3440](CVE-2023/CVE-2023-34xx/CVE-2023-3440.json) (`2023-10-03T02:15:09.537`)
+* [CVE-2023-3967](CVE-2023/CVE-2023-39xx/CVE-2023-3967.json) (`2023-10-03T02:15:09.710`)
+* [CVE-2023-5334](CVE-2023/CVE-2023-53xx/CVE-2023-5334.json) (`2023-10-03T02:15:10.360`)
+* [CVE-2023-5345](CVE-2023/CVE-2023-53xx/CVE-2023-5345.json) (`2023-10-03T03:15:09.750`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `19`
+Recently modified CVEs: `3`

-* [CVE-2022-47186](CVE-2022/CVE-2022-471xx/CVE-2022-47186.json) (`2023-10-03T00:45:03.710`)
-* [CVE-2023-38870](CVE-2023/CVE-2023-388xx/CVE-2023-38870.json) (`2023-10-03T00:10:51.737`)
-* [CVE-2023-38872](CVE-2023/CVE-2023-388xx/CVE-2023-38872.json) (`2023-10-03T00:13:23.070`)
-* [CVE-2023-43664](CVE-2023/CVE-2023-436xx/CVE-2023-43664.json) (`2023-10-03T00:18:35.847`)
-* [CVE-2023-43663](CVE-2023/CVE-2023-436xx/CVE-2023-43663.json) (`2023-10-03T00:38:50.460`)
-* [CVE-2023-43044](CVE-2023/CVE-2023-430xx/CVE-2023-43044.json) (`2023-10-03T00:42:10.740`)
-* [CVE-2023-38871](CVE-2023/CVE-2023-388xx/CVE-2023-38871.json) (`2023-10-03T00:49:18.640`)
-* [CVE-2023-20819](CVE-2023/CVE-2023-208xx/CVE-2023-20819.json) (`2023-10-03T00:56:36.560`)
-* [CVE-2023-32819](CVE-2023/CVE-2023-328xx/CVE-2023-32819.json) (`2023-10-03T00:59:45.713`)
-* [CVE-2023-32830](CVE-2023/CVE-2023-328xx/CVE-2023-32830.json) (`2023-10-03T01:01:49.560`)
-* [CVE-2023-32820](CVE-2023/CVE-2023-328xx/CVE-2023-32820.json) (`2023-10-03T01:07:27.053`)
-* [CVE-2023-32821](CVE-2023/CVE-2023-328xx/CVE-2023-32821.json) (`2023-10-03T01:10:44.100`)
-* [CVE-2023-32822](CVE-2023/CVE-2023-328xx/CVE-2023-32822.json) (`2023-10-03T01:14:28.230`)
-* [CVE-2023-32823](CVE-2023/CVE-2023-328xx/CVE-2023-32823.json) (`2023-10-03T01:23:26.747`)
-* [CVE-2023-32824](CVE-2023/CVE-2023-328xx/CVE-2023-32824.json) (`2023-10-03T01:35:09.277`)
-* [CVE-2023-32826](CVE-2023/CVE-2023-328xx/CVE-2023-32826.json) (`2023-10-03T01:37:23.843`)
-* [CVE-2023-32827](CVE-2023/CVE-2023-328xx/CVE-2023-32827.json) (`2023-10-03T01:39:18.287`)
-* [CVE-2023-32829](CVE-2023/CVE-2023-328xx/CVE-2023-32829.json) (`2023-10-03T01:43:08.800`)
-* [CVE-2023-32828](CVE-2023/CVE-2023-328xx/CVE-2023-32828.json) (`2023-10-03T01:44:32.997`)
+* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-10-03T02:15:09.110`)
+* [CVE-2023-42811](CVE-2023/CVE-2023-428xx/CVE-2023-42811.json) (`2023-10-03T03:15:09.580`)
+* [CVE-2023-43669](CVE-2023/CVE-2023-436xx/CVE-2023-43669.json) (`2023-10-03T03:15:09.677`)


 ## Download and Usage