From e160edf42dcd8a292d52c7d192716a5c39137739 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 6 Feb 2024 13:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-06T13:00:25.159515+00:00 --- CVE-2023/CVE-2023-514xx/CVE-2023-51408.json | 6 +- CVE-2023/CVE-2023-514xx/CVE-2023-51490.json | 10 ++-- CVE-2023/CVE-2023-515xx/CVE-2023-51508.json | 10 ++-- CVE-2023/CVE-2023-521xx/CVE-2023-52143.json | 10 ++-- CVE-2023/CVE-2023-521xx/CVE-2023-52146.json | 10 ++-- CVE-2023/CVE-2023-62xx/CVE-2023-6238.json | 14 ++--- CVE-2024/CVE-2024-06xx/CVE-2024-0690.json | 63 +++++++++++++++++++++ README.md | 31 ++++------ 8 files changed, 105 insertions(+), 49 deletions(-) create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0690.json diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51408.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51408.json index 9628c88d6c4..926d953a208 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51408.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51408.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51408", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:09.013", - "lastModified": "2024-01-12T15:42:37.703", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T12:15:54.883", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51490.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51490.json index 6ff6e5ede89..1de3b176ecf 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51490.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51490.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51490", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:09.213", - "lastModified": "2024-01-12T16:36:26.657", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T12:15:55.047", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51508.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51508.json index a0c3faa5fa2..1ef039008bd 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51508.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51508.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51508", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:09.420", - "lastModified": "2024-01-12T18:53:51.383", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T12:15:55.170", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json index f861011b63f..15165638a8c 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52143", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T11:15:10.103", - "lastModified": "2024-01-11T16:04:19.437", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T12:15:55.290", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json index ac37d2930a9..8129c272195 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52146", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T11:15:10.650", - "lastModified": "2024-01-11T16:03:09.287", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T11:15:08.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -70,12 +70,12 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-532" } ] } diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json index 4775f321466..244fb784f69 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6238", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-21T21:15:09.273", - "lastModified": "2023-12-13T08:15:52.337", + "lastModified": "2024-02-06T12:15:55.410", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption." + "value": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption." }, { "lang": "es", @@ -41,19 +41,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.0, - "baseSeverity": "HIGH" + "baseScore": 6.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.0, + "exploitabilityScore": 0.5, "impactScore": 5.9 } ] diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0690.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0690.json new file mode 100644 index 00000000000..4ce3c6cfdf1 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0690.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-0690", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-02-06T12:15:55.530", + "lastModified": "2024-02-06T12:15:55.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-117" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0690", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/ansible/ansible/pull/82565", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3c1f204fbb9..5ca6d06f058 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T11:00:26.647805+00:00 +2024-02-06T13:00:25.159515+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T10:15:11.837000+00:00 +2024-02-06T12:15:55.530000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237766 +237767 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `1` -* [CVE-2023-4503](CVE-2023/CVE-2023-45xx/CVE-2023-4503.json) (`2024-02-06T09:15:52.407`) -* [CVE-2024-0684](CVE-2024/CVE-2024-06xx/CVE-2024-0684.json) (`2024-02-06T09:15:52.643`) -* [CVE-2024-25140](CVE-2024/CVE-2024-251xx/CVE-2024-25140.json) (`2024-02-06T09:15:52.827`) -* [CVE-2024-23673](CVE-2024/CVE-2024-236xx/CVE-2024-23673.json) (`2024-02-06T10:15:08.833`) -* [CVE-2024-23917](CVE-2024/CVE-2024-239xx/CVE-2024-23917.json) (`2024-02-06T10:15:09.280`) -* [CVE-2024-24936](CVE-2024/CVE-2024-249xx/CVE-2024-24936.json) (`2024-02-06T10:15:09.553`) -* [CVE-2024-24937](CVE-2024/CVE-2024-249xx/CVE-2024-24937.json) (`2024-02-06T10:15:09.957`) -* [CVE-2024-24938](CVE-2024/CVE-2024-249xx/CVE-2024-24938.json) (`2024-02-06T10:15:10.303`) -* [CVE-2024-24939](CVE-2024/CVE-2024-249xx/CVE-2024-24939.json) (`2024-02-06T10:15:10.603`) -* [CVE-2024-24940](CVE-2024/CVE-2024-249xx/CVE-2024-24940.json) (`2024-02-06T10:15:10.960`) -* [CVE-2024-24941](CVE-2024/CVE-2024-249xx/CVE-2024-24941.json) (`2024-02-06T10:15:11.183`) -* [CVE-2024-24942](CVE-2024/CVE-2024-249xx/CVE-2024-24942.json) (`2024-02-06T10:15:11.590`) -* [CVE-2024-24943](CVE-2024/CVE-2024-249xx/CVE-2024-24943.json) (`2024-02-06T10:15:11.837`) +* [CVE-2024-0690](CVE-2024/CVE-2024-06xx/CVE-2024-0690.json) (`2024-02-06T12:15:55.530`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `6` -* [CVE-2022-3647](CVE-2022/CVE-2022-36xx/CVE-2022-3647.json) (`2024-02-06T10:15:08.497`) +* [CVE-2023-52146](CVE-2023/CVE-2023-521xx/CVE-2023-52146.json) (`2024-02-06T11:15:08.657`) +* [CVE-2023-51408](CVE-2023/CVE-2023-514xx/CVE-2023-51408.json) (`2024-02-06T12:15:54.883`) +* [CVE-2023-51490](CVE-2023/CVE-2023-514xx/CVE-2023-51490.json) (`2024-02-06T12:15:55.047`) +* [CVE-2023-51508](CVE-2023/CVE-2023-515xx/CVE-2023-51508.json) (`2024-02-06T12:15:55.170`) +* [CVE-2023-52143](CVE-2023/CVE-2023-521xx/CVE-2023-52143.json) (`2024-02-06T12:15:55.290`) +* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2024-02-06T12:15:55.410`) ## Download and Usage