Auto-Update: 2023-11-28T11:00:18.931926+00:00

2025-07-09 16:05:11 +00:00 · 2023-11-28 11:00:22 +00:00 · 2023-11-28 11:00:22 +00:00 · 337e7b68b6
commit 337e7b68b6
parent c2a98f57a5
8 changed files with 308 additions and 24 deletions
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34053.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34053.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-34053",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2023-11-28T09:15:06.960",
+  "lastModified": "2023-11-28T09:15:06.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n  *  the application uses Spring MVC or Spring WebFlux\n  *  io.micrometer:micrometer-core\u00a0is on the classpath\n  *  an ObservationRegistry is configured in the application to record observations\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator\u00a0dependency to meet all conditions.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://spring.io/security/cve-2023-34053",
+      "source": "security@vmware.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34054.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34054.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-34054",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2023-11-28T09:15:07.147",
+  "lastModified": "2023-11-28T09:15:07.147",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nIn Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.\n\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://spring.io/security/cve-2023-34054",
+      "source": "security@vmware.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34055.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34055.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-34055",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2023-11-28T09:15:07.303",
+  "lastModified": "2023-11-28T09:15:07.303",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n  *  the application uses Spring MVC or Spring WebFlux\n  *  org.springframework.boot:spring-boot-actuator\u00a0is on the classpath\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://spring.io/security/cve-2023-34055",
+      "source": "security@vmware.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
+++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-46595",
  "sourceIdentifier": "security.vulnerabilities@algosec.com",
  "published": "2023-11-02T08:15:08.040",
-  "lastModified": "2023-11-22T10:15:07.977",
+  "lastModified": "2023-11-28T10:15:07.203",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
@ -104,11 +104,8 @@
  ],
  "references": [
    {
-      "url": "https://cwe.mitre.org/data/definitions/79.html",
-      "source": "security.vulnerabilities@algosec.com",
-      "tags": [
-        "Technical Description"
-      ]
+      "url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm",
+      "source": "security.vulnerabilities@algosec.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-46xx/CVE-2023-4667.json
+++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4667.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4667",
+  "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
+  "published": "2023-11-28T09:15:07.467",
+  "lastModified": "2023-11-28T09:15:07.467",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nThe web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.\u00a0\n\n\n\nThe root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.\n\nThis could lead to\u00a0\u00a0unauthorized access and data leakage\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.idemia.com/vulnerability-information",
+      "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-61xx/CVE-2023-6150.json
+++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6150.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6150",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2023-11-28T10:15:07.397",
+  "lastModified": "2023-11-28T10:15:07.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-23-0664",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-61xx/CVE-2023-6151.json
+++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6151.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6151",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2023-11-28T10:15:07.610",
+  "lastModified": "2023-11-28T10:15:07.610",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-23-0664",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-28T09:00:18.731882+00:00
+2023-11-28T11:00:18.931926+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-28T08:15:10.430000+00:00
+2023-11-28T10:15:07.610000+00:00
 ```

 ### Last Data Feed Release
@ -29,33 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-231621
+231627
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `13`
+Recently added CVEs: `6`

-* [CVE-2023-24023](CVE-2023/CVE-2023-240xx/CVE-2023-24023.json) (`2023-11-28T07:15:41.340`)
-* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-11-28T07:15:41.683`)
-* [CVE-2023-3533](CVE-2023/CVE-2023-35xx/CVE-2023-3533.json) (`2023-11-28T07:15:42.377`)
-* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-11-28T07:15:42.913`)
-* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-11-28T08:15:06.910`)
-* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-11-28T08:15:07.060`)
-* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-11-28T08:15:07.137`)
-* [CVE-2023-4221](CVE-2023/CVE-2023-42xx/CVE-2023-4221.json) (`2023-11-28T08:15:07.910`)
-* [CVE-2023-4222](CVE-2023/CVE-2023-42xx/CVE-2023-4222.json) (`2023-11-28T08:15:08.307`)
-* [CVE-2023-4223](CVE-2023/CVE-2023-42xx/CVE-2023-4223.json) (`2023-11-28T08:15:08.803`)
-* [CVE-2023-4224](CVE-2023/CVE-2023-42xx/CVE-2023-4224.json) (`2023-11-28T08:15:09.213`)
-* [CVE-2023-4225](CVE-2023/CVE-2023-42xx/CVE-2023-4225.json) (`2023-11-28T08:15:09.607`)
-* [CVE-2023-4226](CVE-2023/CVE-2023-42xx/CVE-2023-4226.json) (`2023-11-28T08:15:10.430`)
+* [CVE-2023-34053](CVE-2023/CVE-2023-340xx/CVE-2023-34053.json) (`2023-11-28T09:15:06.960`)
+* [CVE-2023-34054](CVE-2023/CVE-2023-340xx/CVE-2023-34054.json) (`2023-11-28T09:15:07.147`)
+* [CVE-2023-34055](CVE-2023/CVE-2023-340xx/CVE-2023-34055.json) (`2023-11-28T09:15:07.303`)
+* [CVE-2023-4667](CVE-2023/CVE-2023-46xx/CVE-2023-4667.json) (`2023-11-28T09:15:07.467`)
+* [CVE-2023-6150](CVE-2023/CVE-2023-61xx/CVE-2023-6150.json) (`2023-11-28T10:15:07.397`)
+* [CVE-2023-6151](CVE-2023/CVE-2023-61xx/CVE-2023-6151.json) (`2023-11-28T10:15:07.610`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-11-28T07:15:43.260`)
+* [CVE-2023-46595](CVE-2023/CVE-2023-465xx/CVE-2023-46595.json) (`2023-11-28T10:15:07.203`)


 ## Download and Usage