admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-22T11:00:18.914038+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-22 11:00:22 +00:00
parent 0fbaec2f5a
commit 33f9898465
9 changed files with 342 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-458xx/CVE-2022-45875.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-45875", "id": "CVE-2022-45875",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-01-04T15:15:09.163", "published": "2023-01-04T15:15:09.163",
"lastModified": "2023-11-07T03:54:55.700", "lastModified": "2023-11-22T09:15:07.470",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions." "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\n"
} }
], ],
"metrics": { "metrics": {
@ -36,7 +36,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "source": "security@apache.org",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -70,6 +70,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/22/2",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r", "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r",
"source": "security@apache.org", "source": "security@apache.org",

40
CVE-2023/CVE-2023-379xx/CVE-2023-37924.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-37924",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-22T10:15:07.577",
"lastModified": "2023-11-22T10:15:07.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.\nNow we have fixed this issue and now user must have the correct login to access workbench.\nThis issue affects Apache Submarine: from 0.7.0 before 0.8.0.\u00a0We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.\nIf using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/submarine/pull/1037",
"source": "security@apache.org"
},
{
"url": "https://issues.apache.org/jira/browse/SUBMARINE-1361",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r",
"source": "security@apache.org"
}
]
}

6
CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-46595", "id": "CVE-2023-46595",
"sourceIdentifier": "security.vulnerabilities@algosec.com", "sourceIdentifier": "security.vulnerabilities@algosec.com",
"published": "2023-11-02T08:15:08.040", "published": "2023-11-02T08:15:08.040",
"lastModified": "2023-11-16T15:15:10.007", "lastModified": "2023-11-22T10:15:07.977",
"vulnStatus": "Modified", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above)" "value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above),\u00a0\n\nA32.50 (b400 and above),\u00a0\n\nA32.60 (b220 and above)\n\n"
}, },
{ {
"lang": "es", "lang": "es",

59
CVE-2023/CVE-2023-466xx/CVE-2023-46673.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46673",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T10:15:08.417",
"lastModified": "2023-11-22T10:15:08.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5921.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5921",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.690",
"lastModified": "2023-11-22T09:15:07.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-841"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0650",
"source": "iletisim@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6011.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6011",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.927",
"lastModified": "2023-11-22T09:15:07.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0650",
"source": "iletisim@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-61xx/CVE-2023-6117.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6117",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-22T10:15:09.037",
"lastModified": "2023-11-22T10:15:09.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the\u00a0M-Files server\n\n before 23.11.13156.0 which allows attackers to execute DoS attacks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@m-files.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@m-files.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117/",
"source": "security@m-files.com"
}
]
}

55
CVE-2023/CVE-2023-61xx/CVE-2023-6189.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6189",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-22T10:15:09.530",
"lastModified": "2023-11-22T10:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nMissing access permissions checks\n\n in\u00a0the M-Files server\u00a0before 23.11.13156.0 allow attackers to perform data write and export\n\njobs using the\u00a0M-Files API methods."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@m-files.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@m-files.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-280"
}
]
}
],
"references": [
{
"url": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189/",
"source": "security@m-files.com"
}
]
}

26
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-11-22T09:00:17.662912+00:00 2023-11-22T11:00:18.914038+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-11-22T08:15:07.410000+00:00 2023-11-22T10:15:09.530000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,27 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
231270 231276
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `8` Recently added CVEs: `6`
* [CVE-2023-29069](CVE-2023/CVE-2023-290xx/CVE-2023-29069.json) (`2023-11-22T07:15:07.240`) * [CVE-2023-5921](CVE-2023/CVE-2023-59xx/CVE-2023-5921.json) (`2023-11-22T09:15:07.690`)
* [CVE-2023-41145](CVE-2023/CVE-2023-411xx/CVE-2023-41145.json) (`2023-11-22T07:15:07.420`) * [CVE-2023-6011](CVE-2023/CVE-2023-60xx/CVE-2023-6011.json) (`2023-11-22T09:15:07.927`)
* [CVE-2023-41146](CVE-2023/CVE-2023-411xx/CVE-2023-41146.json) (`2023-11-22T07:15:07.473`) * [CVE-2023-37924](CVE-2023/CVE-2023-379xx/CVE-2023-37924.json) (`2023-11-22T10:15:07.577`)
* [CVE-2023-47016](CVE-2023/CVE-2023-470xx/CVE-2023-47016.json) (`2023-11-22T07:15:07.530`) * [CVE-2023-46673](CVE-2023/CVE-2023-466xx/CVE-2023-46673.json) (`2023-11-22T10:15:08.417`)
* [CVE-2023-47392](CVE-2023/CVE-2023-473xx/CVE-2023-47392.json) (`2023-11-22T07:15:07.587`) * [CVE-2023-6117](CVE-2023/CVE-2023-61xx/CVE-2023-6117.json) (`2023-11-22T10:15:09.037`)
* [CVE-2023-47393](CVE-2023/CVE-2023-473xx/CVE-2023-47393.json) (`2023-11-22T07:15:07.633`) * [CVE-2023-6189](CVE-2023/CVE-2023-61xx/CVE-2023-6189.json) (`2023-11-22T10:15:09.530`)
* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-22T08:15:07.020`)
* [CVE-2023-2447](CVE-2023/CVE-2023-24xx/CVE-2023-2447.json) (`2023-11-22T08:15:07.410`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `2`
* [CVE-2022-45875](CVE-2022/CVE-2022-458xx/CVE-2022-45875.json) (`2023-11-22T09:15:07.470`)
* [CVE-2023-46595](CVE-2023/CVE-2023-465xx/CVE-2023-46595.json) (`2023-11-22T10:15:07.977`)
## Download and Usage ## Download and Usage