admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-13T12:00:25.979239+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-13 12:00:29 +00:00
parent b0c168a811
commit fe39d5f355
14 changed files with 100 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-429xx/CVE-2022-42927.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-42927",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:40.127",
"lastModified": "2023-01-04T02:55:45.087",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:07.700",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via <code>performance.getEntries()</code>. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106."
"value": "A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."
}
],
"metrics": {

8
CVE-2022/CVE-2022-429xx/CVE-2022-42928.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-42928",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:40.337",
"lastModified": "2023-01-04T02:51:17.450",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:08.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106."
"value": "Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."
}
],
"metrics": {
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-476"
}
]
}

6
CVE-2022/CVE-2022-429xx/CVE-2022-42929.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-42929",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:40.577",
"lastModified": "2023-01-04T02:43:02.593",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:09.003",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "If a website called <code>window.print()</code> in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106."
"value": "If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."
}
],
"metrics": {

6
CVE-2022/CVE-2022-429xx/CVE-2022-42930.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-42930",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:40.810",
"lastModified": "2022-12-30T22:13:28.983",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:09.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the <code>ThirdPartyUtil</code> component. This vulnerability affects Firefox < 106."
"value": "If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106."
}
],
"metrics": {

8
CVE-2022/CVE-2022-429xx/CVE-2022-42932.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-42932",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:41.337",
"lastModified": "2023-01-04T02:40:24.887",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:09.510",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106."
"value": "Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."
}
],
"metrics": {
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-787"
}
]
}

6
CVE-2022/CVE-2022-468xx/CVE-2022-46881.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-46881",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:47.547",
"lastModified": "2023-05-03T12:16:36.247",
"lastModified": "2023-09-13T11:15:09.737",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6."
"value": "An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.\n*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6."
}
],
"metrics": {
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-787"
}
]
}

20
CVE-2023/CVE-2023-410xx/CVE-2023-41081.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41081",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-13T10:15:07.657",
"lastModified": "2023-09-13T10:15:07.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The mod_jk component of Apache Tomcat Connectors\u00a0in some circumstances, such as when a configuration included\u00a0\"JkOptions +ForwardDirectories\" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker.\u00a0Such an implicit mapping could result in the unintended exposure of the\u00a0status worker and/or bypass security constraints configured in httpd. As\u00a0of JK 1.2.49, the implicit mapping functionality has been removed and all\u00a0mappings must now be via explicit configuration.\u00a0Only mod_jk is affected\u00a0by this issue. The ISAPI redirector is not affected.\n\nThis issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.\n\nUsers are recommended to upgrade to version 1.2.49, which fixes the issue.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b",
"source": "security@apache.org"
}
]
}

10
CVE-2023/CVE-2023-45xx/CVE-2023-4573.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4573",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T08:15:07.847",
"lastModified": "2023-09-13T03:51:59.617",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:10.287",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {
@ -113,6 +113,10 @@
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org",

10
CVE-2023/CVE-2023-45xx/CVE-2023-4574.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4574",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.087",
"lastModified": "2023-09-13T03:58:57.243",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:10.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {
@ -112,6 +112,10 @@
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org",

10
CVE-2023/CVE-2023-45xx/CVE-2023-4575.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4575",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.143",
"lastModified": "2023-09-13T03:58:16.703",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:10.597",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {
@ -112,6 +112,10 @@
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org",

10
CVE-2023/CVE-2023-45xx/CVE-2023-4576.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4576",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.217",
"lastModified": "2023-09-13T03:58:43.743",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-13T11:15:10.727",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {
@ -125,6 +125,10 @@
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org",

10
CVE-2023/CVE-2023-45xx/CVE-2023-4581.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4581",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.550",
"lastModified": "2023-09-11T12:41:46.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T11:15:11.037",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {},
@ -28,6 +28,10 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"

10
CVE-2023/CVE-2023-45xx/CVE-2023-4584.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4584",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.740",
"lastModified": "2023-09-11T12:41:46.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-13T11:15:11.450",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
"value": "Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2."
}
],
"metrics": {},
@ -28,6 +28,10 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"

28
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-13T10:00:25.478322+00:00
2023-09-13T12:00:25.979239+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-13T09:15:15.690000+00:00
2023-09-13T11:15:11.450000+00:00
```
### Last Data Feed Release
@ -29,24 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224850
224851
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `1`
* [CVE-2023-26369](CVE-2023/CVE-2023-263xx/CVE-2023-26369.json) (`2023-09-13T09:15:13.007`)
* [CVE-2023-29305](CVE-2023/CVE-2023-293xx/CVE-2023-29305.json) (`2023-09-13T09:15:15.360`)
* [CVE-2023-29306](CVE-2023/CVE-2023-293xx/CVE-2023-29306.json) (`2023-09-13T09:15:15.517`)
* [CVE-2023-4039](CVE-2023/CVE-2023-40xx/CVE-2023-4039.json) (`2023-09-13T09:15:15.690`)
* [CVE-2023-41081](CVE-2023/CVE-2023-410xx/CVE-2023-41081.json) (`2023-09-13T10:15:07.657`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `12`
* [CVE-2023-39852](CVE-2023/CVE-2023-398xx/CVE-2023-39852.json) (`2023-09-13T08:15:07.710`)
* [CVE-2022-42927](CVE-2022/CVE-2022-429xx/CVE-2022-42927.json) (`2023-09-13T11:15:07.700`)
* [CVE-2022-42928](CVE-2022/CVE-2022-429xx/CVE-2022-42928.json) (`2023-09-13T11:15:08.790`)
* [CVE-2022-42929](CVE-2022/CVE-2022-429xx/CVE-2022-42929.json) (`2023-09-13T11:15:09.003`)
* [CVE-2022-42930](CVE-2022/CVE-2022-429xx/CVE-2022-42930.json) (`2023-09-13T11:15:09.177`)
* [CVE-2022-42932](CVE-2022/CVE-2022-429xx/CVE-2022-42932.json) (`2023-09-13T11:15:09.510`)
* [CVE-2022-46881](CVE-2022/CVE-2022-468xx/CVE-2022-46881.json) (`2023-09-13T11:15:09.737`)
* [CVE-2023-4573](CVE-2023/CVE-2023-45xx/CVE-2023-4573.json) (`2023-09-13T11:15:10.287`)
* [CVE-2023-4574](CVE-2023/CVE-2023-45xx/CVE-2023-4574.json) (`2023-09-13T11:15:10.507`)
* [CVE-2023-4575](CVE-2023/CVE-2023-45xx/CVE-2023-4575.json) (`2023-09-13T11:15:10.597`)
* [CVE-2023-4576](CVE-2023/CVE-2023-45xx/CVE-2023-4576.json) (`2023-09-13T11:15:10.727`)
* [CVE-2023-4581](CVE-2023/CVE-2023-45xx/CVE-2023-4581.json) (`2023-09-13T11:15:11.037`)
* [CVE-2023-4584](CVE-2023/CVE-2023-45xx/CVE-2023-4584.json) (`2023-09-13T11:15:11.450`)
## Download and Usage