diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45875.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45875.json index 6cfec944a71..a620d2c93fe 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45875.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45875.json @@ -2,12 +2,12 @@ "id": "CVE-2022-45875", "sourceIdentifier": "security@apache.org", "published": "2023-01-04T15:15:09.163", - "lastModified": "2023-11-07T03:54:55.700", + "lastModified": "2023-11-22T09:15:07.470", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions." + "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\n" } ], "metrics": { @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -70,6 +70,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/22/2", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37924.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37924.json new file mode 100644 index 00000000000..2340c4aa586 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37924.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-37924", + "sourceIdentifier": "security@apache.org", + "published": "2023-11-22T10:15:07.577", + "lastModified": "2023-11-22T10:15:07.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.\nNow we have fixed this issue and now user must have the correct login to access workbench.\nThis issue affects Apache Submarine: from 0.7.0 before 0.8.0.\u00a0We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.\nIf using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/submarine/pull/1037", + "source": "security@apache.org" + }, + { + "url": "https://issues.apache.org/jira/browse/SUBMARINE-1361", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json index 69ed3196dda..5b63f10649a 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46595.json @@ -2,12 +2,12 @@ "id": "CVE-2023-46595", "sourceIdentifier": "security.vulnerabilities@algosec.com", "published": "2023-11-02T08:15:08.040", - "lastModified": "2023-11-16T15:15:10.007", - "vulnStatus": "Modified", + "lastModified": "2023-11-22T10:15:07.977", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", - "value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above)" + "value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above),\u00a0\n\nA32.50 (b400 and above),\u00a0\n\nA32.60 (b220 and above)\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json new file mode 100644 index 00000000000..4c985e1cda3 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46673.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46673", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-11-22T10:15:08.417", + "lastModified": "2023-11-22T10:15:08.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708", + "source": "bressers@elastic.co" + }, + { + "url": "https://www.elastic.co/community/security", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json new file mode 100644 index 00000000000..9f37c04afc5 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5921.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5921", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2023-11-22T09:15:07.690", + "lastModified": "2023-11-22T09:15:07.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0650", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6011.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6011.json new file mode 100644 index 00000000000..05efd0bd6a8 --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6011.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6011", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2023-11-22T09:15:07.927", + "lastModified": "2023-11-22T09:15:07.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0650", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6117.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6117.json new file mode 100644 index 00000000000..89a8ad36554 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6117.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6117", + "sourceIdentifier": "security@m-files.com", + "published": "2023-11-22T10:15:09.037", + "lastModified": "2023-11-22T10:15:09.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the\u00a0M-Files server\n\n before 23.11.13156.0 which allows attackers to execute DoS attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117/", + "source": "security@m-files.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6189.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6189.json new file mode 100644 index 00000000000..4fa5a53028c --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6189.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6189", + "sourceIdentifier": "security@m-files.com", + "published": "2023-11-22T10:15:09.530", + "lastModified": "2023-11-22T10:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nMissing access permissions checks\n\n in\u00a0the M-Files server\u00a0before 23.11.13156.0 allow attackers to perform data write and export\n\njobs using the\u00a0M-Files API methods." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-280" + } + ] + } + ], + "references": [ + { + "url": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189/", + "source": "security@m-files.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c40c819f33f..9208ce01a1c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-22T09:00:17.662912+00:00 +2023-11-22T11:00:18.914038+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-22T08:15:07.410000+00:00 +2023-11-22T10:15:09.530000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231270 +231276 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `6` -* [CVE-2023-29069](CVE-2023/CVE-2023-290xx/CVE-2023-29069.json) (`2023-11-22T07:15:07.240`) -* [CVE-2023-41145](CVE-2023/CVE-2023-411xx/CVE-2023-41145.json) (`2023-11-22T07:15:07.420`) -* [CVE-2023-41146](CVE-2023/CVE-2023-411xx/CVE-2023-41146.json) (`2023-11-22T07:15:07.473`) -* [CVE-2023-47016](CVE-2023/CVE-2023-470xx/CVE-2023-47016.json) (`2023-11-22T07:15:07.530`) -* [CVE-2023-47392](CVE-2023/CVE-2023-473xx/CVE-2023-47392.json) (`2023-11-22T07:15:07.587`) -* [CVE-2023-47393](CVE-2023/CVE-2023-473xx/CVE-2023-47393.json) (`2023-11-22T07:15:07.633`) -* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-22T08:15:07.020`) -* [CVE-2023-2447](CVE-2023/CVE-2023-24xx/CVE-2023-2447.json) (`2023-11-22T08:15:07.410`) +* [CVE-2023-5921](CVE-2023/CVE-2023-59xx/CVE-2023-5921.json) (`2023-11-22T09:15:07.690`) +* [CVE-2023-6011](CVE-2023/CVE-2023-60xx/CVE-2023-6011.json) (`2023-11-22T09:15:07.927`) +* [CVE-2023-37924](CVE-2023/CVE-2023-379xx/CVE-2023-37924.json) (`2023-11-22T10:15:07.577`) +* [CVE-2023-46673](CVE-2023/CVE-2023-466xx/CVE-2023-46673.json) (`2023-11-22T10:15:08.417`) +* [CVE-2023-6117](CVE-2023/CVE-2023-61xx/CVE-2023-6117.json) (`2023-11-22T10:15:09.037`) +* [CVE-2023-6189](CVE-2023/CVE-2023-61xx/CVE-2023-6189.json) (`2023-11-22T10:15:09.530`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +* [CVE-2022-45875](CVE-2022/CVE-2022-458xx/CVE-2022-45875.json) (`2023-11-22T09:15:07.470`) +* [CVE-2023-46595](CVE-2023/CVE-2023-465xx/CVE-2023-46595.json) (`2023-11-22T10:15:07.977`) ## Download and Usage