RConsortium · nodivbyzero · Oct 20, 2023 · Oct 20, 2023
diff --git a/vulns/commonmark/RSEC-2023-6.yaml b/vulns/commonmark/RSEC-2023-6.yaml
@@ -3,6 +3,7 @@ details: The commonmark package, specifically in its dependency on GitHub Flavor
   has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take O(n * n) time,
   leading to potential Denial of Service attacks. This issue does not affect the upstream cmark project and has been
   fixed in version 0.29.0.gfm.1.
+summary: Denial of Service (DoS) vulnerability
 affected:
 - package:
     name: commonmark
@@ -36,5 +37,5 @@ references:
   url: https://github.com/r-lib/commonmark/pull/18
 aliases:
 - CVE-2020-5238
-modified: "2023-10-06T05:00:00.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-10-06T05:00:00.600Z"
diff --git a/vulns/commonmark/RSEC-2023-7.yaml b/vulns/commonmark/RSEC-2023-7.yaml
@@ -4,6 +4,7 @@ details: cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabi
   before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in table row parsing, leading to heap corruption and
   potential Arbitrary Code Execution. Patches are available in versions 0.29.0.gfm.6, 0.29.0.gfm.3, and 0.28.3.gfm.21.
   Mitigations include upgrading or disabling affected extensions.
+summary: Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities
 affected:
 - package:
     name: commonmark
@@ -38,5 +39,5 @@ references:
 aliases:
 - CVE-2022-39209
 - CVE-2022-24724
-modified: "2023-10-06T05:00:00.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-10-06T05:00:00.600Z"
diff --git a/vulns/commonmark/RSEC-2023-8.yaml b/vulns/commonmark/RSEC-2023-8.yaml
@@ -5,6 +5,7 @@ details: cmark-gfm, GitHub's extended version of the CommonMark library in C, su
   to unbounded resource exhaustion and denial of service. An out-of-bounds read in the `validate_protocol` function was
   also identified but is considered less harmful. Patches are available in versions 0.29.0.gfm.7, 0.29.0.gfm.10, and
   0.29.0.gfm.12. Upgrading is advised, and users unable to upgrade should validate input from trusted sources.
+summary: Denial of Service (DoS) vulnerabilities
 affected:
 - package:
     name: commonmark
@@ -55,5 +56,5 @@ aliases:
 - CVE-2023-22485
 - CVE-2023-22484
 - CVE-2023-22483
-modified: "2023-10-06T05:00:00.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-10-06T05:00:00.600Z"
diff --git a/vulns/haven/RSEC-2023-5.yaml b/vulns/haven/RSEC-2023-5.yaml
@@ -3,6 +3,7 @@ details: The haven R package is exposed to multiple vulnerabilities due to issue
   The specific flaws include an infinite loop condition, a memory leak associated with an iconv_open call, and a
   heap-based buffer over-read via an unterminated string. Exploitation of these vulnerabilities could lead to Denial of
   Service or other undefined behaviors.
+summary: Infinite loop, memory leak, and heap-based buffer over-read vulnerabilities
 affected:
 - package:
     name: haven
@@ -34,5 +35,5 @@ aliases:
 - CVE-2018-11365
 - CVE-2018-11364
 - CVE-2018-5698
-modified: "2023-10-05T05:00:00.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-10-05T05:00:00.600Z"
diff --git a/vulns/igraph/RSEC-2023-4.yaml b/vulns/igraph/RSEC-2023-4.yaml
@@ -4,6 +4,7 @@ details: The igraph R package, through version 0.7.1, is susceptible to a vulner
   potentially exploited by attackers to cause a denial of service, resulting in an application crash.
   Users of the igraph package should take necessary precautions and consider updating to a patched version to
   mitigate this security risk.
+summary: NULL pointer dereference vulnerability
 affected:
 - package:
     name: igraph
@@ -27,5 +28,5 @@ references:
   url: https://security-tracker.debian.org/tracker/CVE-2018-20349
 aliases:
 - CVE-2018-20349
-modified: "2023-10-04T03:23:51.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-10-04T03:23:51.600Z"
diff --git a/vulns/jsonlite/RSEC-2023-3.yaml b/vulns/jsonlite/RSEC-2023-3.yaml
@@ -2,6 +2,7 @@ id: RSEC-2023-3
 details: The jsonlite R package is exposed to a vulnerability due to its use of yajl library version 2.1.0.
   The vulnerability originates from the yajl_tree_parse function within yajl. Attackers can exploit this flaw
   to cause a memory leak, which will result in out-of-memory in server and lead to a crash.
+summary: Memory leak vulnerability
 affected:
 - package:
     name: jsonlite
@@ -56,5 +57,5 @@ references:
   url: https://lists.fedoraproject.org/archives/list/[email protected]/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
 aliases:
 - CVE-2023-33460
-modified: "2023-10-06T04:37:21.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-07-18T04:37:21.600Z"
diff --git a/vulns/readxl/RSEC-2023-0.yaml b/vulns/readxl/RSEC-2023-0.yaml
@@ -8,6 +8,7 @@ details: The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multipl
   formula record. All these vulnerabilities can lead to memory corruption, potentially resulting in remote code
   execution. The exploit is triggered when a specially crafted XLS file, possibly sent by an attacker, is processed by
   these vulnerable functions.
+summary: Out-of-bounds write and stack based buffer overflow vulnerabilities
 affected:
 - package:
     name: readxl
@@ -54,5 +55,5 @@ aliases:
 - CVE-2017-12109
 - CVE-2017-12110
 - CVE-2017-12111
-modified: "2023-07-13T02:22:58.600Z"
+modified: "2023-10-19T01:17:00.600Z"
 published: "2023-07-13T02:22:58.600Z"
diff --git a/vulns/readxl/RSEC-2023-1.yaml b/vulns/readxl/RSEC-2023-1.yaml
@@ -7,6 +7,7 @@ details: The readxl R package has been found susceptible to vulnerabilities due
   read_MSAT_body function. This issue, stemming from inconsistent memory management in the ole2_read_header function,
   allows attackers to trigger a DoS, application crash, or possibly an unspecified impact through a specially crafted
   file.
+summary: Double-free and invalid free vulnerabilities
 affected:
 - package:
     name: readxl
@@ -34,5 +35,5 @@ references:
 aliases:
 - CVE-2018-20450
 - CVE-2018-20452
-modified: "2023-07-13T02:37:06.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-07-13T02:37:06.600Z"
diff --git a/vulns/readxl/RSEC-2023-2.yaml b/vulns/readxl/RSEC-2023-2.yaml
@@ -3,6 +3,7 @@ details: The readxl R package is exposed to a vulnerability owing to its underly
   The vulnerability originates in the xls_getWorkSheet function within xls.c in libxls. Attackers can exploit this flaw
   by utilizing a specially crafted XLS file, leading to a Denial of Service (DoS)
   attack.
+summary: Denial of Service (DoS) vulnerability
 affected:
 - package:
     name: readxl
@@ -25,5 +26,5 @@ references:
   url: https://nvd.nist.gov/vuln/detail/CVE-2021-27836
 aliases:
 - CVE-2021-27836
-modified: "2023-07-13T02:46:57.600Z"
+modified: "2023-10-20T07:27:00.600Z"
 published: "2023-07-13T02:46:57.600Z"