Auto-Update: 2023-11-28T05:00:17.652650+00:00

This commit is contained in:
cad-safe-bot 2023-11-28 05:00:21 +00:00
parent d81e01c7e0
commit cc1aa17480
12 changed files with 441 additions and 22 deletions

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32063",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.143",
"lastModified": "2023-11-28T04:15:07.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32064",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.360",
"lastModified": "2023-11-28T04:15:07.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32065",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.570",
"lastModified": "2023-11-28T04:15:07.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-88g2-xgh9-4ph2",
"source": "security-advisories@github.com"
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35136",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.143",
"lastModified": "2023-11-28T02:15:42.143",
"lastModified": "2023-11-28T03:15:06.933",
"vulnStatus": "Received",
"descriptions": [
{
@ -48,7 +48,7 @@
],
"references": [
{
"url": "https://https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]

View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-48713",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T04:15:07.820",
"lastModified": "2023-11-28T04:15:07.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
"source": "security-advisories@github.com"
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5528",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-11-14T21:15:14.123",
"lastModified": "2023-11-25T03:15:41.740",
"lastModified": "2023-11-28T03:15:07.023",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -59,9 +59,17 @@
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA",
"source": "jordan@liggitt.net"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/",
"source": "jordan@liggitt.net"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/",
"source": "jordan@liggitt.net"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/",
"source": "jordan@liggitt.net"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5797",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T03:15:07.123",
"lastModified": "2023-11-28T03:15:07.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator\u2019s logs on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5960",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T03:15:07.310",
"lastModified": "2023-11-28T03:15:07.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5997",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-15T18:15:06.873",
"lastModified": "2023-11-26T04:15:08.110",
"lastModified": "2023-11-28T03:15:07.510",
"vulnStatus": "Modified",
"descriptions": [
{
@ -88,6 +88,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/",
"source": "chrome-cve-admin@google.com"

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6112",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-15T18:15:06.933",
"lastModified": "2023-11-26T04:15:08.180",
"lastModified": "2023-11-28T03:15:07.577",
"vulnStatus": "Modified",
"descriptions": [
{
@ -108,6 +108,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/",
"source": "chrome-cve-admin@google.com"

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6219",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-28T03:15:07.660",
"lastModified": "2023-11-28T03:15:07.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/tags/1.0.76/core/classes/class.bookingpress_fileupload_class.php#L140",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3001484/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3001484/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_settings.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-28T03:00:19.194193+00:00
2023-11-28T05:00:17.652650+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-28T02:15:43.380000+00:00
2023-11-28T04:15:07.820000+00:00
```
### Last Data Feed Release
@ -29,32 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231598
231605
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `7`
* [CVE-2023-30585](CVE-2023/CVE-2023-305xx/CVE-2023-30585.json) (`2023-11-28T02:15:42.077`)
* [CVE-2023-35136](CVE-2023/CVE-2023-351xx/CVE-2023-35136.json) (`2023-11-28T02:15:42.143`)
* [CVE-2023-35139](CVE-2023/CVE-2023-351xx/CVE-2023-35139.json) (`2023-11-28T02:15:42.347`)
* [CVE-2023-37925](CVE-2023/CVE-2023-379xx/CVE-2023-37925.json) (`2023-11-28T02:15:42.547`)
* [CVE-2023-37926](CVE-2023/CVE-2023-379xx/CVE-2023-37926.json) (`2023-11-28T02:15:42.740`)
* [CVE-2023-47503](CVE-2023/CVE-2023-475xx/CVE-2023-47503.json) (`2023-11-28T02:15:42.947`)
* [CVE-2023-4397](CVE-2023/CVE-2023-43xx/CVE-2023-4397.json) (`2023-11-28T02:15:42.990`)
* [CVE-2023-4398](CVE-2023/CVE-2023-43xx/CVE-2023-4398.json) (`2023-11-28T02:15:43.187`)
* [CVE-2023-5650](CVE-2023/CVE-2023-56xx/CVE-2023-5650.json) (`2023-11-28T02:15:43.380`)
* [CVE-2023-5797](CVE-2023/CVE-2023-57xx/CVE-2023-5797.json) (`2023-11-28T03:15:07.123`)
* [CVE-2023-5960](CVE-2023/CVE-2023-59xx/CVE-2023-5960.json) (`2023-11-28T03:15:07.310`)
* [CVE-2023-6219](CVE-2023/CVE-2023-62xx/CVE-2023-6219.json) (`2023-11-28T03:15:07.660`)
* [CVE-2023-32063](CVE-2023/CVE-2023-320xx/CVE-2023-32063.json) (`2023-11-28T04:15:07.143`)
* [CVE-2023-32064](CVE-2023/CVE-2023-320xx/CVE-2023-32064.json) (`2023-11-28T04:15:07.360`)
* [CVE-2023-32065](CVE-2023/CVE-2023-320xx/CVE-2023-32065.json) (`2023-11-28T04:15:07.570`)
* [CVE-2023-48713](CVE-2023/CVE-2023-487xx/CVE-2023-48713.json) (`2023-11-28T04:15:07.820`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
* [CVE-2023-42459](CVE-2023/CVE-2023-424xx/CVE-2023-42459.json) (`2023-11-28T01:15:07.107`)
* [CVE-2023-45853](CVE-2023/CVE-2023-458xx/CVE-2023-45853.json) (`2023-11-28T01:15:07.247`)
* [CVE-2023-49145](CVE-2023/CVE-2023-491xx/CVE-2023-49145.json) (`2023-11-28T01:15:07.333`)
* [CVE-2023-4762](CVE-2023/CVE-2023-47xx/CVE-2023-4762.json) (`2023-11-28T01:15:07.410`)
* [CVE-2023-35136](CVE-2023/CVE-2023-351xx/CVE-2023-35136.json) (`2023-11-28T03:15:06.933`)
* [CVE-2023-5528](CVE-2023/CVE-2023-55xx/CVE-2023-5528.json) (`2023-11-28T03:15:07.023`)
* [CVE-2023-5997](CVE-2023/CVE-2023-59xx/CVE-2023-5997.json) (`2023-11-28T03:15:07.510`)
* [CVE-2023-6112](CVE-2023/CVE-2023-61xx/CVE-2023-6112.json) (`2023-11-28T03:15:07.577`)
## Download and Usage