Auto-Update: 2023-12-15T03:00:32.170263+00:00

2025-05-08 11:37:26 +00:00 · 2023-12-15 03:00:35 +00:00 · 2023-12-15 03:00:35 +00:00 · d5156df7d8
commit d5156df7d8
parent 91d883f597
7 changed files with 236 additions and 8 deletions
--- a/CVE-2023/CVE-2023-368xx/CVE-2023-36878.json
+++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36878.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-36878",
+  "sourceIdentifier": "secure@microsoft.com",
+  "published": "2023-12-15T01:15:07.780",
+  "lastModified": "2023-12-15T01:15:07.780",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secure@microsoft.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878",
+      "source": "secure@microsoft.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40954.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40954.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-40954",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-15T01:15:07.993",
+  "lastModified": "2023-12-15T01:15:07.993",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-421xx/CVE-2023-42183.json
+++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42183.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-42183",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-15T01:15:08.047",
+  "lastModified": "2023-12-15T01:15:08.047",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-480xx/CVE-2023-48050.json
+++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48050.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48050",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-15T01:15:08.093",
+  "lastModified": "2023-12-15T01:15:08.093",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6831",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-12-15T01:15:08.140",
+  "lastModified": "2023-12-15T01:15:08.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-29"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6832.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6832.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6832",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-12-15T01:15:08.353",
+  "lastModified": "2023-12-15T01:15:08.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-840"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-15T00:55:25.523754+00:00
+2023-12-15T03:00:32.170263+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-15T00:15:42.600000+00:00
+2023-12-15T01:15:08.353000+00:00
 ```

 ### Last Data Feed Release
@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233237
+233243
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `6`

-* [CVE-2023-4489](CVE-2023/CVE-2023-44xx/CVE-2023-4489.json) (`2023-12-14T23:15:07.400`)
-* [CVE-2023-48049](CVE-2023/CVE-2023-480xx/CVE-2023-48049.json) (`2023-12-15T00:15:42.600`)
+* [CVE-2023-36878](CVE-2023/CVE-2023-368xx/CVE-2023-36878.json) (`2023-12-15T01:15:07.780`)
+* [CVE-2023-40954](CVE-2023/CVE-2023-409xx/CVE-2023-40954.json) (`2023-12-15T01:15:07.993`)
+* [CVE-2023-42183](CVE-2023/CVE-2023-421xx/CVE-2023-42183.json) (`2023-12-15T01:15:08.047`)
+* [CVE-2023-48050](CVE-2023/CVE-2023-480xx/CVE-2023-48050.json) (`2023-12-15T01:15:08.093`)
+* [CVE-2023-6831](CVE-2023/CVE-2023-68xx/CVE-2023-6831.json) (`2023-12-15T01:15:08.140`)
+* [CVE-2023-6832](CVE-2023/CVE-2023-68xx/CVE-2023-6832.json) (`2023-12-15T01:15:08.353`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-14T23:15:07.050`)


 ## Download and Usage