From f5308eabe5bdb1ebc52104438a7c2c8ca8165bbc Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 5 Dec 2023 23:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-12-05T23:00:18.343820+00:00 --- CVE-2015/CVE-2015-87xx/CVE-2015-8751.json | 21 +++++-- CVE-2023/CVE-2023-378xx/CVE-2023-37868.json | 63 +++++++++++++++++++-- CVE-2023/CVE-2023-384xx/CVE-2023-38400.json | 51 ++++++++++++++++- CVE-2023/CVE-2023-394xx/CVE-2023-39417.json | 6 +- CVE-2023/CVE-2023-442xx/CVE-2023-44221.json | 32 +++++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45286.json | 6 +- CVE-2023/CVE-2023-467xx/CVE-2023-46736.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-478xx/CVE-2023-47844.json | 52 ++++++++++++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47848.json | 51 ++++++++++++++++- CVE-2023/CVE-2023-48xx/CVE-2023-4853.json | 10 +++- CVE-2023/CVE-2023-492xx/CVE-2023-49297.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5970.json | 32 +++++++++++ README.md | 47 ++++++--------- 13 files changed, 437 insertions(+), 56 deletions(-) create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44221.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46736.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49297.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5970.json diff --git a/CVE-2015/CVE-2015-87xx/CVE-2015-8751.json b/CVE-2015/CVE-2015-87xx/CVE-2015-8751.json index 45cff9a3703..91e18a9cc4a 100644 --- a/CVE-2015/CVE-2015-87xx/CVE-2015-8751.json +++ b/CVE-2015/CVE-2015-87xx/CVE-2015-8751.json @@ -2,8 +2,8 @@ "id": "CVE-2015-8751", "sourceIdentifier": "cve@mitre.org", "published": "2020-02-17T22:15:11.733", - "lastModified": "2023-11-07T02:28:41.313", - "vulnStatus": "Modified", + "lastModified": "2023-12-05T21:06:17.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -84,8 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:jasper_project:jasper:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A9AF271B-49A8-4DB8-A7D4-11153FAAF56A" + "criteria": "cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.900.4", + "matchCriteriaId": "4ACD5912-FA60-4417-87EF-1C5E96B99BD2" } ] } @@ -137,11 +138,19 @@ }, { "url": "https://lists.apache.org/thread.html/re28d4c3c5b77138de47bf5b2ad04886d9104eb74ae3594e5f7254318%40%3Cdev.tomcat.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rf15130c7b5f703664ce57a97934ffb8cc6065cbb1bf678dca8651519%40%3Cdev.tomcat.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json index a9b3bfce4be..015da548d88 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37868.json @@ -2,16 +2,40 @@ "id": "CVE-2023-37868", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T16:15:09.080", - "lastModified": "2023-11-30T17:12:39.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T22:24:37.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Leap13 Premium Addons PRO. Este problema afecta a Premium Addons PRO: desde n/a hasta 2.9.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:leap13:premium_addons:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "2.9.0", + "matchCriteriaId": "1B25C4B5-C10C-48D9-BBBA-F95F2A977988" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-9-0-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38400.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38400.json index 3819141b3f1..62156258293 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38400.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38400.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38400", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T17:15:09.750", - "lastModified": "2023-11-30T17:30:19.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T22:08:09.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Kriesi Enfold - Responsive Multi-Purpose Theme permite XSS reflejado. Este problema afecta a Enfold - Responsive Multi-Purpose Theme: desde n/a hasta 5.6.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kriesi:enfold:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.6.4", + "matchCriteriaId": "3A448401-824B-4E02-AC2F-9A577ED91DD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json index 1e01d52fc6c..a0c0899b16c 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39417", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-11T13:15:09.870", - "lastModified": "2023-11-30T18:15:07.370", + "lastModified": "2023-12-05T22:15:06.960", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -188,6 +188,10 @@ "url": "https://access.redhat.com/errata/RHSA-2023:7616", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7656", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-39417", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44221.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44221.json new file mode 100644 index 00000000000..0a6122af980 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44221.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-44221", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-12-05T21:15:07.150", + "lastModified": "2023-12-05T21:15:07.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json index 100ce3675b3..6a139f0e4e4 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45286", "sourceIdentifier": "security@golang.org", "published": "2023-11-28T17:15:08.280", - "lastModified": "2023-12-04T19:01:33.467", + "lastModified": "2023-12-05T21:06:03.273", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,8 +60,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:resty_project:resty:*:*:*:*:*:go:*:*", - "versionEndExcluding": "2.10.0", - "matchCriteriaId": "FCDCB97E-2E1F-415F-893C-3C4F3EC538E4" + "versionEndIncluding": "2.10.0", + "matchCriteriaId": "433974E8-CB64-4BBB-BB5A-9F072275B86F" } ] } diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46736.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46736.json new file mode 100644 index 00000000000..4cdda6b19cc --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46736.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46736", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T21:15:07.243", + "lastModified": "2023-12-05T21:15:07.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/espocrm/espocrm/commit/c536cee6375e2088f961af13db7aaa652c983072", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-g955-rwxx-jvf6", + "source": "security-advisories@github.com" + }, + { + "url": "https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47844.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47844.json index 636af05f949..1e27e4967da 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47844.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47844.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47844", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T17:15:10.137", - "lastModified": "2023-11-30T17:30:19.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T22:05:16.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Lim Kai Yang Grab & Save permite XSS reflejado. Este problema afecta a Grab & Save: desde n/a hasta 1.0.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:neobie:grab_\\&_save:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.4", + "matchCriteriaId": "4E098583-AB5B-439E-B732-767CD248C6D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47848.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47848.json index 931bb9fa68c..c4321fefe8d 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47848.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47848.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47848", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T17:15:10.330", - "lastModified": "2023-11-30T17:30:19.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T22:04:43.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Tainacan.Org Tainacan permite XSS Reflejado. Este problema afecta a Tainacan: desde n/a hasta 0.20.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tainacan:tainacan:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.20.4", + "matchCriteriaId": "DDCB5E65-888D-422F-B34C-412997AFC633" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json index a24bcade644..a43507f9671 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4853", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-20T10:15:14.947", - "lastModified": "2023-11-07T04:23:04.670", + "lastModified": "2023-12-05T22:15:07.133", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -226,6 +226,10 @@ "url": "https://access.redhat.com/errata/RHSA-2023:6112", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7653", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4853", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json new file mode 100644 index 00000000000..4b9c576e579 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49297.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49297", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T21:15:07.460", + "lastModified": "2023-12-05T21:15:07.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5970.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5970.json new file mode 100644 index 00000000000..4d20a28fa95 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5970.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-5970", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-12-05T21:15:07.667", + "lastModified": "2023-12-05T21:15:07.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 882a6905a20..1f6f48ec390 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-05T21:00:18.362994+00:00 +2023-12-05T23:00:18.343820+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-05T20:59:39.847000+00:00 +2023-12-05T22:24:37.173000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232362 +232366 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `4` +* [CVE-2023-44221](CVE-2023/CVE-2023-442xx/CVE-2023-44221.json) (`2023-12-05T21:15:07.150`) +* [CVE-2023-46736](CVE-2023/CVE-2023-467xx/CVE-2023-46736.json) (`2023-12-05T21:15:07.243`) +* [CVE-2023-49297](CVE-2023/CVE-2023-492xx/CVE-2023-49297.json) (`2023-12-05T21:15:07.460`) +* [CVE-2023-5970](CVE-2023/CVE-2023-59xx/CVE-2023-5970.json) (`2023-12-05T21:15:07.667`) ### CVEs modified in the last Commit -Recently modified CVEs: `45` +Recently modified CVEs: `8` -* [CVE-2023-6071](CVE-2023/CVE-2023-60xx/CVE-2023-6071.json) (`2023-12-05T19:46:19.857`) -* [CVE-2023-47827](CVE-2023/CVE-2023-478xx/CVE-2023-47827.json) (`2023-12-05T19:49:31.587`) -* [CVE-2023-36682](CVE-2023/CVE-2023-366xx/CVE-2023-36682.json) (`2023-12-05T19:57:34.747`) -* [CVE-2023-34030](CVE-2023/CVE-2023-340xx/CVE-2023-34030.json) (`2023-12-05T19:58:44.703`) -* [CVE-2023-48279](CVE-2023/CVE-2023-482xx/CVE-2023-48279.json) (`2023-12-05T20:02:01.297`) -* [CVE-2023-48912](CVE-2023/CVE-2023-489xx/CVE-2023-48912.json) (`2023-12-05T20:07:27.620`) -* [CVE-2023-48914](CVE-2023/CVE-2023-489xx/CVE-2023-48914.json) (`2023-12-05T20:08:48.207`) -* [CVE-2023-48913](CVE-2023/CVE-2023-489xx/CVE-2023-48913.json) (`2023-12-05T20:10:04.053`) -* [CVE-2023-48742](CVE-2023/CVE-2023-487xx/CVE-2023-48742.json) (`2023-12-05T20:10:51.070`) -* [CVE-2023-48281](CVE-2023/CVE-2023-482xx/CVE-2023-48281.json) (`2023-12-05T20:11:29.070`) -* [CVE-2023-48964](CVE-2023/CVE-2023-489xx/CVE-2023-48964.json) (`2023-12-05T20:12:46.150`) -* [CVE-2023-48963](CVE-2023/CVE-2023-489xx/CVE-2023-48963.json) (`2023-12-05T20:13:24.923`) -* [CVE-2023-44297](CVE-2023/CVE-2023-442xx/CVE-2023-44297.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-44298](CVE-2023/CVE-2023-442xx/CVE-2023-44298.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-45083](CVE-2023/CVE-2023-450xx/CVE-2023-45083.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-45084](CVE-2023/CVE-2023-450xx/CVE-2023-45084.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-45085](CVE-2023/CVE-2023-450xx/CVE-2023-45085.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-45287](CVE-2023/CVE-2023-452xx/CVE-2023-45287.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-46674](CVE-2023/CVE-2023-466xx/CVE-2023-46674.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-6448](CVE-2023/CVE-2023-64xx/CVE-2023-6448.json) (`2023-12-05T20:13:47.300`) -* [CVE-2023-47505](CVE-2023/CVE-2023-475xx/CVE-2023-47505.json) (`2023-12-05T20:15:01.277`) -* [CVE-2023-48737](CVE-2023/CVE-2023-487xx/CVE-2023-48737.json) (`2023-12-05T20:36:45.767`) -* [CVE-2023-36685](CVE-2023/CVE-2023-366xx/CVE-2023-36685.json) (`2023-12-05T20:44:13.570`) -* [CVE-2023-48743](CVE-2023/CVE-2023-487xx/CVE-2023-48743.json) (`2023-12-05T20:44:29.720`) -* [CVE-2023-41136](CVE-2023/CVE-2023-411xx/CVE-2023-41136.json) (`2023-12-05T20:59:39.847`) +* [CVE-2015-8751](CVE-2015/CVE-2015-87xx/CVE-2015-8751.json) (`2023-12-05T21:06:17.530`) +* [CVE-2023-45286](CVE-2023/CVE-2023-452xx/CVE-2023-45286.json) (`2023-12-05T21:06:03.273`) +* [CVE-2023-47848](CVE-2023/CVE-2023-478xx/CVE-2023-47848.json) (`2023-12-05T22:04:43.287`) +* [CVE-2023-47844](CVE-2023/CVE-2023-478xx/CVE-2023-47844.json) (`2023-12-05T22:05:16.770`) +* [CVE-2023-38400](CVE-2023/CVE-2023-384xx/CVE-2023-38400.json) (`2023-12-05T22:08:09.253`) +* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-05T22:15:06.960`) +* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-12-05T22:15:07.133`) +* [CVE-2023-37868](CVE-2023/CVE-2023-378xx/CVE-2023-37868.json) (`2023-12-05T22:24:37.173`) ## Download and Usage