From 460afb734c698e6bba40b756321e6a5177079c09 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 10 Nov 2023 03:00:24 +0000 Subject: [PATCH] Auto-Update: 2023-11-10T03:00:20.135476+00:00 --- CVE-2023/CVE-2023-467xx/CVE-2023-46729.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-53xx/CVE-2023-5367.json | 10 +++- CVE-2023/CVE-2023-53xx/CVE-2023-5380.json | 10 +++- CVE-2023/CVE-2023-60xx/CVE-2023-6069.json | 59 +++++++++++++++++++ README.md | 30 ++++------ 5 files changed, 148 insertions(+), 24 deletions(-) create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46729.json create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6069.json diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json new file mode 100644 index 00000000000..be98f199967 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46729.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46729", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-10T01:15:07.430", + "lastModified": "2023-11-10T01:15:07.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getsentry/sentry-javascript/pull/9415", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5367.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5367.json index d3e5987691c..a60efaf4cf8 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5367.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5367.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5367", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-25T20:15:18.323", - "lastModified": "2023-11-08T14:15:08.163", + "lastModified": "2023-11-10T02:15:07.383", "vulnStatus": "Modified", "descriptions": [ { @@ -196,6 +196,14 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/", "source": "secalert@redhat.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5380.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5380.json index 4e1cafab89a..6a75db8e33c 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5380.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5380.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5380", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-25T20:15:18.503", - "lastModified": "2023-11-07T04:23:58.037", + "lastModified": "2023-11-10T02:15:07.560", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -183,6 +183,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/", "source": "secalert@redhat.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6069.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6069.json new file mode 100644 index 00000000000..3028d1280dd --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6069.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6069", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-10T01:15:07.623", + "lastModified": "2023-11-10T01:15:07.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fac9d81f849..9313e4d2730 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-10T00:55:14.638776+00:00 +2023-11-10T03:00:20.135476+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-10T00:15:09.017000+00:00 +2023-11-10T02:15:07.560000+00:00 ``` ### Last Data Feed Release @@ -23,39 +23,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-11-09T01:00:13.564668+00:00 +2023-11-10T01:00:13.564677+00:00 ``` ### Total Number of included CVEs ```plain -230306 +230308 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `2` -* [CVE-2018-8863](CVE-2018/CVE-2018-88xx/CVE-2018-8863.json) (`2023-11-09T23:15:08.740`) -* [CVE-2023-31086](CVE-2023/CVE-2023-310xx/CVE-2023-31086.json) (`2023-11-09T23:15:09.000`) -* [CVE-2023-31088](CVE-2023/CVE-2023-310xx/CVE-2023-31088.json) (`2023-11-09T23:15:09.067`) -* [CVE-2023-31093](CVE-2023/CVE-2023-310xx/CVE-2023-31093.json) (`2023-11-09T23:15:09.167`) -* [CVE-2023-31235](CVE-2023/CVE-2023-312xx/CVE-2023-31235.json) (`2023-11-09T23:15:09.267`) -* [CVE-2023-32092](CVE-2023/CVE-2023-320xx/CVE-2023-32092.json) (`2023-11-09T23:15:09.357`) -* [CVE-2023-32093](CVE-2023/CVE-2023-320xx/CVE-2023-32093.json) (`2023-11-09T23:15:09.447`) -* [CVE-2023-32125](CVE-2023/CVE-2023-321xx/CVE-2023-32125.json) (`2023-11-09T23:15:09.540`) -* [CVE-2023-32500](CVE-2023/CVE-2023-325xx/CVE-2023-32500.json) (`2023-11-09T23:15:09.633`) -* [CVE-2023-32501](CVE-2023/CVE-2023-325xx/CVE-2023-32501.json) (`2023-11-09T23:15:09.733`) -* [CVE-2023-32502](CVE-2023/CVE-2023-325xx/CVE-2023-32502.json) (`2023-11-09T23:15:09.823`) -* [CVE-2023-36014](CVE-2023/CVE-2023-360xx/CVE-2023-36014.json) (`2023-11-10T00:15:08.640`) -* [CVE-2023-36024](CVE-2023/CVE-2023-360xx/CVE-2023-36024.json) (`2023-11-10T00:15:08.840`) +* [CVE-2023-46729](CVE-2023/CVE-2023-467xx/CVE-2023-46729.json) (`2023-11-10T01:15:07.430`) +* [CVE-2023-6069](CVE-2023/CVE-2023-60xx/CVE-2023-6069.json) (`2023-11-10T01:15:07.623`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `2` -* [CVE-2023-36034](CVE-2023/CVE-2023-360xx/CVE-2023-36034.json) (`2023-11-10T00:15:09.017`) +* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-10T02:15:07.383`) +* [CVE-2023-5380](CVE-2023/CVE-2023-53xx/CVE-2023-5380.json) (`2023-11-10T02:15:07.560`) ## Download and Usage