Auto-Update: 2023-11-29T11:00:18.604388+00:00

This commit is contained in:
cad-safe-bot 2023-11-29 11:00:22 +00:00
parent cdef2a1036
commit aae6a96fed
5 changed files with 89 additions and 44 deletions

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5598",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-11-21T10:15:07.900",
"lastModified": "2023-11-25T01:22:55.993",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-29T10:15:07.353",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site Scripting (XSS) vulnerabilities\u00c2\u00a0affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
"value": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
},
{
"lang": "es",

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6020",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T21:15:09.443",
"lastModified": "2023-11-24T23:09:22.967",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-29T10:15:07.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication."
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n\n"
},
{
"lang": "es",
@ -35,28 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
"impactScore": 3.6
}
]
},

View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6021",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:09.020",
"lastModified": "2023-11-24T23:05:43.850",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-29T10:15:07.707",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication."
"value": "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n\n"
},
{
"lang": "es",
@ -35,28 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
"impactScore": 3.6
}
]
},

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6070",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-29T09:15:21.877",
"lastModified": "2023-11-29T09:15:21.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "trellixpsirt@trellix.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413",
"source": "trellixpsirt@trellix.com"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-29T07:00:17.662412+00:00
2023-11-29T11:00:18.604388+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-29T06:15:46.853000+00:00
2023-11-29T10:15:07.707000+00:00
```
### Last Data Feed Release
@ -29,29 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231672
231673
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `1`
* [CVE-2023-46886](CVE-2023/CVE-2023-468xx/CVE-2023-46886.json) (`2023-11-29T05:15:07.863`)
* [CVE-2023-46887](CVE-2023/CVE-2023-468xx/CVE-2023-46887.json) (`2023-11-29T05:15:07.980`)
* [CVE-2023-47462](CVE-2023/CVE-2023-474xx/CVE-2023-47462.json) (`2023-11-29T05:15:08.033`)
* [CVE-2023-45479](CVE-2023/CVE-2023-454xx/CVE-2023-45479.json) (`2023-11-29T06:15:46.507`)
* [CVE-2023-45480](CVE-2023/CVE-2023-454xx/CVE-2023-45480.json) (`2023-11-29T06:15:46.620`)
* [CVE-2023-45481](CVE-2023/CVE-2023-454xx/CVE-2023-45481.json) (`2023-11-29T06:15:46.660`)
* [CVE-2023-45482](CVE-2023/CVE-2023-454xx/CVE-2023-45482.json) (`2023-11-29T06:15:46.710`)
* [CVE-2023-45483](CVE-2023/CVE-2023-454xx/CVE-2023-45483.json) (`2023-11-29T06:15:46.760`)
* [CVE-2023-45484](CVE-2023/CVE-2023-454xx/CVE-2023-45484.json) (`2023-11-29T06:15:46.810`)
* [CVE-2023-6070](CVE-2023/CVE-2023-60xx/CVE-2023-6070.json) (`2023-11-29T09:15:21.877`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `3`
* [CVE-2023-5408](CVE-2023/CVE-2023-54xx/CVE-2023-5408.json) (`2023-11-29T06:15:46.853`)
* [CVE-2023-5598](CVE-2023/CVE-2023-55xx/CVE-2023-5598.json) (`2023-11-29T10:15:07.353`)
* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2023-11-29T10:15:07.507`)
* [CVE-2023-6021](CVE-2023/CVE-2023-60xx/CVE-2023-6021.json) (`2023-11-29T10:15:07.707`)
## Download and Usage