admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-01T05:00:20.893532+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-01 05:00:24 +00:00
parent 0ef746b084
commit 21eab1bb8e
6 changed files with 284 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-26xx/CVE-2023-2621.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2621",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.790",
"lastModified": "2023-11-01T03:15:07.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer\nsystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can\nexploit this vulnerability by uploading a crafted ZIP archive via the\nnetwork to McFeeder\u2019s service endpoint.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2023/CVE-2023-26xx/CVE-2023-2622.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2622",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.867",
"lastModified": "2023-11-01T03:15:07.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2023/CVE-2023-55xx/CVE-2023-5514.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5514",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.933",
"lastModified": "2023-11-01T03:15:07.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2023/CVE-2023-55xx/CVE-2023-5515.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5515",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.993",
"lastModified": "2023-11-01T03:15:07.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2023/CVE-2023-55xx/CVE-2023-5516.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5516",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:08.060",
"lastModified": "2023-11-01T03:15:08.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-01T03:00:21.355543+00:00
2023-11-01T05:00:20.893532+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-01T01:15:08.067000+00:00
2023-11-01T03:15:08.060000+00:00
```
### Last Data Feed Release
@ -29,24 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229433
229438
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `5`
* [CVE-2023-5889](CVE-2023/CVE-2023-58xx/CVE-2023-5889.json) (`2023-11-01T01:15:07.423`)
* [CVE-2023-5890](CVE-2023/CVE-2023-58xx/CVE-2023-5890.json) (`2023-11-01T01:15:07.497`)
* [CVE-2023-5891](CVE-2023/CVE-2023-58xx/CVE-2023-5891.json) (`2023-11-01T01:15:07.563`)
* [CVE-2023-5892](CVE-2023/CVE-2023-58xx/CVE-2023-5892.json) (`2023-11-01T01:15:07.627`)
* [CVE-2023-5893](CVE-2023/CVE-2023-58xx/CVE-2023-5893.json) (`2023-11-01T01:15:07.687`)
* [CVE-2023-5894](CVE-2023/CVE-2023-58xx/CVE-2023-5894.json) (`2023-11-01T01:15:07.750`)
* [CVE-2023-5895](CVE-2023/CVE-2023-58xx/CVE-2023-5895.json) (`2023-11-01T01:15:07.817`)
* [CVE-2023-5896](CVE-2023/CVE-2023-58xx/CVE-2023-5896.json) (`2023-11-01T01:15:07.880`)
* [CVE-2023-5897](CVE-2023/CVE-2023-58xx/CVE-2023-5897.json) (`2023-11-01T01:15:07.937`)
* [CVE-2023-5898](CVE-2023/CVE-2023-58xx/CVE-2023-5898.json) (`2023-11-01T01:15:08.003`)
* [CVE-2023-5899](CVE-2023/CVE-2023-58xx/CVE-2023-5899.json) (`2023-11-01T01:15:08.067`)
* [CVE-2023-2621](CVE-2023/CVE-2023-26xx/CVE-2023-2621.json) (`2023-11-01T03:15:07.790`)
* [CVE-2023-2622](CVE-2023/CVE-2023-26xx/CVE-2023-2622.json) (`2023-11-01T03:15:07.867`)
* [CVE-2023-5514](CVE-2023/CVE-2023-55xx/CVE-2023-5514.json) (`2023-11-01T03:15:07.933`)
* [CVE-2023-5515](CVE-2023/CVE-2023-55xx/CVE-2023-5515.json) (`2023-11-01T03:15:07.993`)
* [CVE-2023-5516](CVE-2023/CVE-2023-55xx/CVE-2023-5516.json) (`2023-11-01T03:15:08.060`)
### CVEs modified in the last Commit