Auto-Update: 2023-12-04T07:00:17.835565+00:00

CVE-2023/CVE-2023-490xx/CVE-2023-49093.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-49093",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-12-04T05:15:07.430",
+  "lastModified": "2023-12-04T05:15:07.430",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://www.htmlunit.org/changes-report.html#a3.9.0",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-491xx/CVE-2023-49108.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49108",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-12-04T06:15:07.063",
+  "lastModified": "2023-12-04T06:15:07.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN46895889/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://rakrak.jp/RakDocSupport/rkspServlet",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2023/CVE-2023-492xx/CVE-2023-49287.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-49287",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-12-04T06:15:07.173",
+  "lastModified": "2023-12-04T06:15:07.173",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cxong/tinydir/releases/tag/1.2.6",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-12-04T05:00:20.093661+00:00
+2023-12-04T07:00:17.835565+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-12-04T04:15:08.760000+00:00
+2023-12-04T06:15:07.173000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,46 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-232117
+232120
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `30`
+Recently added CVEs: `3`
 
-* [CVE-2023-32846](CVE-2023/CVE-2023-328xx/CVE-2023-32846.json) (`2023-12-04T04:15:07.613`)
-* [CVE-2023-32847](CVE-2023/CVE-2023-328xx/CVE-2023-32847.json) (`2023-12-04T04:15:07.663`)
-* [CVE-2023-32848](CVE-2023/CVE-2023-328xx/CVE-2023-32848.json) (`2023-12-04T04:15:07.710`)
-* [CVE-2023-32849](CVE-2023/CVE-2023-328xx/CVE-2023-32849.json) (`2023-12-04T04:15:07.757`)
-* [CVE-2023-32850](CVE-2023/CVE-2023-328xx/CVE-2023-32850.json) (`2023-12-04T04:15:07.807`)
-* [CVE-2023-32851](CVE-2023/CVE-2023-328xx/CVE-2023-32851.json) (`2023-12-04T04:15:07.857`)
-* [CVE-2023-32852](CVE-2023/CVE-2023-328xx/CVE-2023-32852.json) (`2023-12-04T04:15:07.907`)
-* [CVE-2023-32853](CVE-2023/CVE-2023-328xx/CVE-2023-32853.json) (`2023-12-04T04:15:07.950`)
-* [CVE-2023-32854](CVE-2023/CVE-2023-328xx/CVE-2023-32854.json) (`2023-12-04T04:15:08.000`)
-* [CVE-2023-32855](CVE-2023/CVE-2023-328xx/CVE-2023-32855.json) (`2023-12-04T04:15:08.043`)
-* [CVE-2023-32856](CVE-2023/CVE-2023-328xx/CVE-2023-32856.json) (`2023-12-04T04:15:08.093`)
-* [CVE-2023-32857](CVE-2023/CVE-2023-328xx/CVE-2023-32857.json) (`2023-12-04T04:15:08.140`)
-* [CVE-2023-32858](CVE-2023/CVE-2023-328xx/CVE-2023-32858.json) (`2023-12-04T04:15:08.190`)
-* [CVE-2023-32859](CVE-2023/CVE-2023-328xx/CVE-2023-32859.json) (`2023-12-04T04:15:08.240`)
-* [CVE-2023-32860](CVE-2023/CVE-2023-328xx/CVE-2023-32860.json) (`2023-12-04T04:15:08.300`)
-* [CVE-2023-32861](CVE-2023/CVE-2023-328xx/CVE-2023-32861.json) (`2023-12-04T04:15:08.353`)
-* [CVE-2023-32862](CVE-2023/CVE-2023-328xx/CVE-2023-32862.json) (`2023-12-04T04:15:08.397`)
-* [CVE-2023-32863](CVE-2023/CVE-2023-328xx/CVE-2023-32863.json) (`2023-12-04T04:15:08.440`)
-* [CVE-2023-32864](CVE-2023/CVE-2023-328xx/CVE-2023-32864.json) (`2023-12-04T04:15:08.487`)
-* [CVE-2023-32865](CVE-2023/CVE-2023-328xx/CVE-2023-32865.json) (`2023-12-04T04:15:08.533`)
-* [CVE-2023-32866](CVE-2023/CVE-2023-328xx/CVE-2023-32866.json) (`2023-12-04T04:15:08.577`)
-* [CVE-2023-32867](CVE-2023/CVE-2023-328xx/CVE-2023-32867.json) (`2023-12-04T04:15:08.623`)
-* [CVE-2023-32868](CVE-2023/CVE-2023-328xx/CVE-2023-32868.json) (`2023-12-04T04:15:08.673`)
-* [CVE-2023-32869](CVE-2023/CVE-2023-328xx/CVE-2023-32869.json) (`2023-12-04T04:15:08.717`)
-* [CVE-2023-32870](CVE-2023/CVE-2023-328xx/CVE-2023-32870.json) (`2023-12-04T04:15:08.760`)
+* [CVE-2023-49093](CVE-2023/CVE-2023-490xx/CVE-2023-49093.json) (`2023-12-04T05:15:07.430`)
+* [CVE-2023-49108](CVE-2023/CVE-2023-491xx/CVE-2023-49108.json) (`2023-12-04T06:15:07.063`)
+* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T06:15:07.173`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `2`
+Recently modified CVEs: `0`
 
-* [CVE-2018-14628](CVE-2018/CVE-2018-146xx/CVE-2018-14628.json) (`2023-12-04T03:15:07.080`)
-* [CVE-2023-6111](CVE-2023/CVE-2023-61xx/CVE-2023-6111.json) (`2023-12-04T03:15:07.253`)
 
 
 ## Download and Usage