Auto-Update: 2023-11-23T11:00:54.755248+00:00

CVE-2023/CVE-2023-288xx/CVE-2023-28812.json

@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-28812",
+  "sourceIdentifier": "hsrc@hikvision.com",
+  "published": "2023-11-23T09:15:32.930",
+  "lastModified": "2023-11-23T09:15:32.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hsrc@hikvision.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/",
+      "source": "hsrc@hikvision.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-288xx/CVE-2023-28813.json

@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-28813",
+  "sourceIdentifier": "hsrc@hikvision.com",
+  "published": "2023-11-23T09:15:33.190",
+  "lastModified": "2023-11-23T09:15:33.190",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. "
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hsrc@hikvision.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/",
+      "source": "hsrc@hikvision.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-33xx/CVE-2023-3377.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3377",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2023-11-23T09:15:33.353",
+  "lastModified": "2023-11-23T09:15:33.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0655",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}

CVE-2023/CVE-2023-36xx/CVE-2023-3631.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3631",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2023-11-23T10:15:07.523",
+  "lastModified": "2023-11-23T10:15:07.523",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0656",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}

CVE-2023/CVE-2023-431xx/CVE-2023-43123.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-43123",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-11-23T10:15:07.727",
+  "lastModified": "2023-11-23T10:15:07.727",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\n\nThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\n\nFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. \n\nThis affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 \n\nIn practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring\n\n is set to false, but its value is true by default.\nMoreover, the temporary file gets deleted soon after its creation.\n\nThe solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.\n\nWe recommend that all users upgrade to the latest version of Apache Storm.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-44xx/CVE-2023-4406.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4406",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2023-11-23T10:15:07.823",
+  "lastModified": "2023-11-23T10:15:07.823",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0657",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-23T09:04:04.384330+00:00
+2023-11-23T11:00:54.755248+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-23T07:15:47.710000+00:00
+2023-11-23T10:15:07.823000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,18 +29,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-231430
+231436
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `6`
 
-* [CVE-2023-28811](CVE-2023/CVE-2023-288xx/CVE-2023-28811.json) (`2023-11-23T07:15:43.883`)
-* [CVE-2023-39253](CVE-2023/CVE-2023-392xx/CVE-2023-39253.json) (`2023-11-23T07:15:45.300`)
-* [CVE-2023-43086](CVE-2023/CVE-2023-430xx/CVE-2023-43086.json) (`2023-11-23T07:15:46.203`)
-* [CVE-2023-44289](CVE-2023/CVE-2023-442xx/CVE-2023-44289.json) (`2023-11-23T07:15:46.950`)
-* [CVE-2023-44290](CVE-2023/CVE-2023-442xx/CVE-2023-44290.json) (`2023-11-23T07:15:47.710`)
+* [CVE-2023-28812](CVE-2023/CVE-2023-288xx/CVE-2023-28812.json) (`2023-11-23T09:15:32.930`)
+* [CVE-2023-28813](CVE-2023/CVE-2023-288xx/CVE-2023-28813.json) (`2023-11-23T09:15:33.190`)
+* [CVE-2023-3377](CVE-2023/CVE-2023-33xx/CVE-2023-3377.json) (`2023-11-23T09:15:33.353`)
+* [CVE-2023-3631](CVE-2023/CVE-2023-36xx/CVE-2023-3631.json) (`2023-11-23T10:15:07.523`)
+* [CVE-2023-43123](CVE-2023/CVE-2023-431xx/CVE-2023-43123.json) (`2023-11-23T10:15:07.727`)
+* [CVE-2023-4406](CVE-2023/CVE-2023-44xx/CVE-2023-4406.json) (`2023-11-23T10:15:07.823`)
 
 
 ### CVEs modified in the last Commit