From 337e7b68b6dc86924a822da9c4afa3fd0d969960 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 28 Nov 2023 11:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-11-28T11:00:18.931926+00:00 --- CVE-2023/CVE-2023-340xx/CVE-2023-34053.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-340xx/CVE-2023-34054.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-340xx/CVE-2023-34055.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-465xx/CVE-2023-46595.json | 9 ++-- CVE-2023/CVE-2023-46xx/CVE-2023-4667.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6150.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6151.json | 55 +++++++++++++++++++++ README.md | 29 +++++------ 8 files changed, 308 insertions(+), 24 deletions(-) create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34053.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34054.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34055.json create mode 100644 CVE-2023/CVE-2023-46xx/CVE-2023-4667.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6150.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6151.json diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34053.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34053.json new file mode 100644 index 00000000000..46d1564dcc0 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34053.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-34053", + "sourceIdentifier": "security@vmware.com", + "published": "2023-11-28T09:15:06.960", + "lastModified": "2023-11-28T09:15:06.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * io.micrometer:micrometer-core\u00a0is on the classpath\n * an ObservationRegistry is configured in the application to record observations\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator\u00a0dependency to meet all conditions.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2023-34053", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34054.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34054.json new file mode 100644 index 00000000000..d96cf92b368 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34054.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-34054", + "sourceIdentifier": "security@vmware.com", + "published": "2023-11-28T09:15:07.147", + "lastModified": "2023-11-28T09:15:07.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIn Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2023-34054", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34055.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34055.json new file mode 100644 index 00000000000..e2033727ea8 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34055.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-34055", + "sourceIdentifier": "security@vmware.com", + "published": "2023-11-28T09:15:07.303", + "lastModified": "2023-11-28T09:15:07.303", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * org.springframework.boot:spring-boot-actuator\u00a0is on the classpath\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2023-34055", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json index 5b63f10649a..c12c23e8f0b 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46595", "sourceIdentifier": "security.vulnerabilities@algosec.com", "published": "2023-11-02T08:15:08.040", - "lastModified": "2023-11-22T10:15:07.977", + "lastModified": "2023-11-28T10:15:07.203", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -104,11 +104,8 @@ ], "references": [ { - "url": "https://cwe.mitre.org/data/definitions/79.html", - "source": "security.vulnerabilities@algosec.com", - "tags": [ - "Technical Description" - ] + "url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm", + "source": "security.vulnerabilities@algosec.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4667.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4667.json new file mode 100644 index 00000000000..978722a9856 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4667.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4667", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-11-28T09:15:07.467", + "lastModified": "2023-11-28T09:15:07.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.\u00a0\n\n\n\nThe root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.\n\nThis could lead to\u00a0\u00a0unauthorized access and data leakage\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/vulnerability-information", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6150.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6150.json new file mode 100644 index 00000000000..3cb621ce4be --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6150.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6150", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2023-11-28T10:15:07.397", + "lastModified": "2023-11-28T10:15:07.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0664", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6151.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6151.json new file mode 100644 index 00000000000..b678944059c --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6151.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6151", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2023-11-28T10:15:07.610", + "lastModified": "2023-11-28T10:15:07.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0664", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1f49250d5c1..c660d63bee3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-28T09:00:18.731882+00:00 +2023-11-28T11:00:18.931926+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-28T08:15:10.430000+00:00 +2023-11-28T10:15:07.610000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231621 +231627 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `6` -* [CVE-2023-24023](CVE-2023/CVE-2023-240xx/CVE-2023-24023.json) (`2023-11-28T07:15:41.340`) -* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-11-28T07:15:41.683`) -* [CVE-2023-3533](CVE-2023/CVE-2023-35xx/CVE-2023-3533.json) (`2023-11-28T07:15:42.377`) -* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-11-28T07:15:42.913`) -* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-11-28T08:15:06.910`) -* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-11-28T08:15:07.060`) -* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-11-28T08:15:07.137`) -* [CVE-2023-4221](CVE-2023/CVE-2023-42xx/CVE-2023-4221.json) (`2023-11-28T08:15:07.910`) -* [CVE-2023-4222](CVE-2023/CVE-2023-42xx/CVE-2023-4222.json) (`2023-11-28T08:15:08.307`) -* [CVE-2023-4223](CVE-2023/CVE-2023-42xx/CVE-2023-4223.json) (`2023-11-28T08:15:08.803`) -* [CVE-2023-4224](CVE-2023/CVE-2023-42xx/CVE-2023-4224.json) (`2023-11-28T08:15:09.213`) -* [CVE-2023-4225](CVE-2023/CVE-2023-42xx/CVE-2023-4225.json) (`2023-11-28T08:15:09.607`) -* [CVE-2023-4226](CVE-2023/CVE-2023-42xx/CVE-2023-4226.json) (`2023-11-28T08:15:10.430`) +* [CVE-2023-34053](CVE-2023/CVE-2023-340xx/CVE-2023-34053.json) (`2023-11-28T09:15:06.960`) +* [CVE-2023-34054](CVE-2023/CVE-2023-340xx/CVE-2023-34054.json) (`2023-11-28T09:15:07.147`) +* [CVE-2023-34055](CVE-2023/CVE-2023-340xx/CVE-2023-34055.json) (`2023-11-28T09:15:07.303`) +* [CVE-2023-4667](CVE-2023/CVE-2023-46xx/CVE-2023-4667.json) (`2023-11-28T09:15:07.467`) +* [CVE-2023-6150](CVE-2023/CVE-2023-61xx/CVE-2023-6150.json) (`2023-11-28T10:15:07.397`) +* [CVE-2023-6151](CVE-2023/CVE-2023-61xx/CVE-2023-6151.json) (`2023-11-28T10:15:07.610`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-11-28T07:15:43.260`) +* [CVE-2023-46595](CVE-2023/CVE-2023-465xx/CVE-2023-46595.json) (`2023-11-28T10:15:07.203`) ## Download and Usage