From d5156df7d87a8a52bdebd292db4002de19fa438e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 15 Dec 2023 03:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-12-15T03:00:32.170263+00:00 --- CVE-2023/CVE-2023-368xx/CVE-2023-36878.json | 43 +++++++++++++++ CVE-2023/CVE-2023-409xx/CVE-2023-40954.json | 24 +++++++++ CVE-2023/CVE-2023-421xx/CVE-2023-42183.json | 20 +++++++ CVE-2023/CVE-2023-480xx/CVE-2023-48050.json | 20 +++++++ CVE-2023/CVE-2023-68xx/CVE-2023-6831.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-68xx/CVE-2023-6832.json | 59 +++++++++++++++++++++ README.md | 19 ++++--- 7 files changed, 236 insertions(+), 8 deletions(-) create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36878.json create mode 100644 CVE-2023/CVE-2023-409xx/CVE-2023-40954.json create mode 100644 CVE-2023/CVE-2023-421xx/CVE-2023-42183.json create mode 100644 CVE-2023/CVE-2023-480xx/CVE-2023-48050.json create mode 100644 CVE-2023/CVE-2023-68xx/CVE-2023-6831.json create mode 100644 CVE-2023/CVE-2023-68xx/CVE-2023-6832.json diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36878.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36878.json new file mode 100644 index 00000000000..8e0a4ffbbf6 --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36878.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36878", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-12-15T01:15:07.780", + "lastModified": "2023-12-15T01:15:07.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40954.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40954.json new file mode 100644 index 00000000000..8a709a51b0d --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40954.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40954", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-15T01:15:07.993", + "lastModified": "2023-12-15T01:15:07.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42183.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42183.json new file mode 100644 index 00000000000..8608d5f1382 --- /dev/null +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42183.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42183", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-15T01:15:08.047", + "lastModified": "2023-12-15T01:15:08.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48050.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48050.json new file mode 100644 index 00000000000..1fb42a3f408 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48050.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48050", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-15T01:15:08.093", + "lastModified": "2023-12-15T01:15:08.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json new file mode 100644 index 00000000000..6b95da5eebc --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6831.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6831", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-12-15T01:15:08.140", + "lastModified": "2023-12-15T01:15:08.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-29" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6832.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6832.json new file mode 100644 index 00000000000..d5fb68273e0 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6832.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6832", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-12-15T01:15:08.353", + "lastModified": "2023-12-15T01:15:08.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-840" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f83f60c4707..8afd7e12138 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-15T00:55:25.523754+00:00 +2023-12-15T03:00:32.170263+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-15T00:15:42.600000+00:00 +2023-12-15T01:15:08.353000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233237 +233243 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `6` -* [CVE-2023-4489](CVE-2023/CVE-2023-44xx/CVE-2023-4489.json) (`2023-12-14T23:15:07.400`) -* [CVE-2023-48049](CVE-2023/CVE-2023-480xx/CVE-2023-48049.json) (`2023-12-15T00:15:42.600`) +* [CVE-2023-36878](CVE-2023/CVE-2023-368xx/CVE-2023-36878.json) (`2023-12-15T01:15:07.780`) +* [CVE-2023-40954](CVE-2023/CVE-2023-409xx/CVE-2023-40954.json) (`2023-12-15T01:15:07.993`) +* [CVE-2023-42183](CVE-2023/CVE-2023-421xx/CVE-2023-42183.json) (`2023-12-15T01:15:08.047`) +* [CVE-2023-48050](CVE-2023/CVE-2023-480xx/CVE-2023-48050.json) (`2023-12-15T01:15:08.093`) +* [CVE-2023-6831](CVE-2023/CVE-2023-68xx/CVE-2023-6831.json) (`2023-12-15T01:15:08.140`) +* [CVE-2023-6832](CVE-2023/CVE-2023-68xx/CVE-2023-6832.json) (`2023-12-15T01:15:08.353`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-14T23:15:07.050`) ## Download and Usage