admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-06T17:00:18.796772+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-06 17:00:22 +00:00
parent 45198d9aef
commit 06ed1a4bc0
19 changed files with 1136 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
CVE-2023/CVE-2023-300xx/CVE-2023-30078.json
View File

@ -2,89 +2,14 @@
"id": "CVE-2023-30078",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:36.097",
"lastModified": "2023-08-26T02:24:21.630",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-06T16:15:40.657",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code."
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a duplicate of CVE-2023-32181. Notes: All CVE users should reference CVE-2023-32181 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensuse:libeconf:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D3A0C-228C-4AD5-B1CB-25E609713E63"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openSUSE/libeconf/issues/178",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/econf_writeFile_546",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-write-string-data.c",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
"metrics": {},
"references": []
}

97
CVE-2023/CVE-2023-300xx/CVE-2023-30079.json
View File

@ -2,101 +2,14 @@
"id": "CVE-2023-30079",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:36.190",
"lastModified": "2023-09-13T03:15:08.630",
"vulnStatus": "Modified",
"lastModified": "2023-11-06T16:15:42.053",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code."
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensuse:libeconf:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D3A0C-228C-4AD5-B1CB-25E609713E63"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openSUSE/libeconf/issues/177",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/read_file_503",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/",
"source": "cve@mitre.org"
},
{
"url": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-logindefs1.c",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
"metrics": {},
"references": []
}

123
CVE-2023/CVE-2023-413xx/CVE-2023-41372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41372",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:30.917",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T15:05:29.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-413xx/CVE-2023-41378.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-41378",
"sourceIdentifier": "psirt@tigera.io",
"published": "2023-11-06T16:15:42.273",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@tigera.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@tigera.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://github.com/projectcalico/calico/pull/7908",
"source": "psirt@tigera.io"
},
{
"url": "https://github.com/projectcalico/calico/pull/7993",
"source": "psirt@tigera.io"
},
{
"url": "https://www.tigera.io/security-bulletins-tta-2023-001/",
"source": "psirt@tigera.io"
}
]
}

123
CVE-2023/CVE-2023-419xx/CVE-2023-41960.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41960",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:31.037",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-06T15:13:46.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-441xx/CVE-2023-44141.json
View File

@ -2,27 +2,118 @@
"id": "CVE-2023-44141",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-30T04:15:10.340",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T15:08:19.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file."
},
{
"lang": "es",
"value": "Inkdrop anterior a v5.6.0 permite a un atacante local realizar un ataque de inyecci\u00f3n de c\u00f3digo haciendo que un usuario leg\u00edtimo abra un archivo de markdown especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6.0",
"matchCriteriaId": "75B042EC-8776-4B5D-8460-6D242388B515"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "3E8B3AD4-E46C-4D5E-B7F6-E1B66B2433E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BB6F9123-23BB-4430-865F-89A5689F2DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "30E256CC-8994-49D6-9A29-DAC7E55021CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2995323B-30A1-4CF2-B5DA-4471BA1CEFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkdrop:inkdrop:5.6.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED3C054-3F19-45C3-AB83-620A1F5C1785"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
},
{
"url": "https://jvn.jp/en/jp/JVN48057522/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.inkdrop.app/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

79
CVE-2023/CVE-2023-459xx/CVE-2023-45955.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-45955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T18:15:08.610",
"lastModified": "2023-11-01T12:51:30.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T15:09:24.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands."
},
{
"lang": "es",
"value": "Un problema descubierto en Nanoleaf Light strip v3.5.10 permite a los atacantes provocar una denegaci\u00f3n de servicio mediante comandos de atributos de enlace de escritura manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "989DFDCB-4FA9-414F-9338-A8252FEFDF57"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D083D2-C5A4-4819-BFE0-37B3C083BCFB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Nanoleaf%20Lightstrip%20Vulnerability%20Report.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-462xx/CVE-2023-46232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46232",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-25T22:15:09.477",
"lastModified": "2023-10-25T23:05:15.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T16:52:55.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matter-labs:zkvyper:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.10",
"matchCriteriaId": "E7C9B8B4-113C-405C-8961-D90E30AF0A3A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matter-labs/era-compiler-vyper/commit/8be305a1b9c68d0fd47dad3434224ed85944ca25",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-h8jv-969m-94r4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/matter-labs/era-system-contracts/blob/main/contracts/ImmutableSimulator.sol#L37",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-465xx/CVE-2023-46502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.857",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T15:08:52.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Un problema en OpenCRX v.5.2.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48588E81-A740-476B-9177-A08EF2430A28"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

64
CVE-2023/CVE-2023-466xx/CVE-2023-46668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46668",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-10-26T00:15:12.150",
"lastModified": "2023-10-26T11:44:17.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T16:37:50.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:endpoint:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.9.0",
"versionEndIncluding": "8.10.3",
"matchCriteriaId": "542BBFE6-D7B0-4956-BDFB-F83E3B188F93"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-470xx/CVE-2023-47099.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47099",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T00:15:09.583",
"lastModified": "2023-11-01T22:15:09.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T15:28:42.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Create Virtual Server en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo Descripci\u00f3n mientras crean el servidor Virtual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47099",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-51xx/CVE-2023-5116.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5116",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T13:15:09.817",
"lastModified": "2023-10-31T14:23:18.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T15:07:34.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "Las actualizaciones en vivo del complemento Excel para WordPress son vulnerables a Cross-Site Scripting almacenado a trav\u00e9s del shortcode 'ipushpull_page' del complemento en versiones hasta la 2.3.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ipushpull:live_updates_from_excel:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "6714D040-6666-4FA2-B212-D7839308D53D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ipushpull/trunk/public/class-ipushpull-public.php#L113",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab856722-e954-49de-a93f-46664da6e3e8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-56xx/CVE-2023-5678.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-5678",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-11-06T16:15:42.670",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20231106.txt",
"source": "openssl-security@openssl.org"
}
]
}

71
CVE-2023/CVE-2023-57xx/CVE-2023-5783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5783",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-26T14:15:08.967",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-06T16:54:45.093",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +107,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/halleyakina/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243589",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243589",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5950.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5950",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-11-06T15:15:14.857",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser.\u00a0This vulnerability is fixed in\u00a0version 0.7.0-04 and a\u00a0patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@rapid7.con",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@rapid7.con",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0",
"source": "cve@rapid7.con"
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5967.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5967",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-06T16:15:42.810",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5968.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5968",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-06T16:15:42.897",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5969.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5969",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-06T16:15:42.987",
"lastModified": "2023-11-06T16:31:59.113",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to properly sanitize the request to\u00a0/api/v4/redirect_location allowing an\u00a0attacker,\u00a0sending a specially crafted request to /api/v4/redirect_location,\u00a0to fill up the memory due to caching large items.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-06T15:00:19.326711+00:00
2023-11-06T17:00:18.796772+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-06T14:47:48.253000+00:00
2023-11-06T16:54:45.093000+00:00
```
### Last Data Feed Release
@ -29,52 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229870
229876
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `6`
* [CVE-2023-3246](CVE-2023/CVE-2023-32xx/CVE-2023-3246.json) (`2023-11-06T13:15:09.397`)
* [CVE-2023-3399](CVE-2023/CVE-2023-33xx/CVE-2023-3399.json) (`2023-11-06T13:15:09.503`)
* [CVE-2023-3909](CVE-2023/CVE-2023-39xx/CVE-2023-3909.json) (`2023-11-06T13:15:09.653`)
* [CVE-2023-45161](CVE-2023/CVE-2023-451xx/CVE-2023-45161.json) (`2023-11-06T13:15:09.730`)
* [CVE-2023-45163](CVE-2023/CVE-2023-451xx/CVE-2023-45163.json) (`2023-11-06T13:15:09.807`)
* [CVE-2023-4910](CVE-2023/CVE-2023-49xx/CVE-2023-4910.json) (`2023-11-06T13:15:10.033`)
* [CVE-2023-5963](CVE-2023/CVE-2023-59xx/CVE-2023-5963.json) (`2023-11-06T13:15:10.110`)
* [CVE-2023-5964](CVE-2023/CVE-2023-59xx/CVE-2023-5964.json) (`2023-11-06T13:15:10.187`)
* [CVE-2023-5950](CVE-2023/CVE-2023-59xx/CVE-2023-5950.json) (`2023-11-06T15:15:14.857`)
* [CVE-2023-41378](CVE-2023/CVE-2023-413xx/CVE-2023-41378.json) (`2023-11-06T16:15:42.273`)
* [CVE-2023-5678](CVE-2023/CVE-2023-56xx/CVE-2023-5678.json) (`2023-11-06T16:15:42.670`)
* [CVE-2023-5967](CVE-2023/CVE-2023-59xx/CVE-2023-5967.json) (`2023-11-06T16:15:42.810`)
* [CVE-2023-5968](CVE-2023/CVE-2023-59xx/CVE-2023-5968.json) (`2023-11-06T16:15:42.897`)
* [CVE-2023-5969](CVE-2023/CVE-2023-59xx/CVE-2023-5969.json) (`2023-11-06T16:15:42.987`)
### CVEs modified in the last Commit
Recently modified CVEs: `108`
Recently modified CVEs: `12`
* [CVE-2023-47184](CVE-2023/CVE-2023-471xx/CVE-2023-47184.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46775](CVE-2023/CVE-2023-467xx/CVE-2023-46775.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-47185](CVE-2023/CVE-2023-471xx/CVE-2023-47185.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-4996](CVE-2023/CVE-2023-49xx/CVE-2023-4996.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-5825](CVE-2023/CVE-2023-58xx/CVE-2023-5825.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-5831](CVE-2023/CVE-2023-58xx/CVE-2023-5831.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46776](CVE-2023/CVE-2023-467xx/CVE-2023-46776.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46777](CVE-2023/CVE-2023-467xx/CVE-2023-46777.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46778](CVE-2023/CVE-2023-467xx/CVE-2023-46778.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46779](CVE-2023/CVE-2023-467xx/CVE-2023-46779.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46780](CVE-2023/CVE-2023-467xx/CVE-2023-46780.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-46781](CVE-2023/CVE-2023-467xx/CVE-2023-46781.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-47186](CVE-2023/CVE-2023-471xx/CVE-2023-47186.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-5823](CVE-2023/CVE-2023-58xx/CVE-2023-5823.json) (`2023-11-06T13:00:43.923`)
* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-11-06T13:15:09.880`)
* [CVE-2023-46102](CVE-2023/CVE-2023-461xx/CVE-2023-46102.json) (`2023-11-06T14:33:08.563`)
* [CVE-2023-41255](CVE-2023/CVE-2023-412xx/CVE-2023-41255.json) (`2023-11-06T14:33:10.043`)
* [CVE-2023-45851](CVE-2023/CVE-2023-458xx/CVE-2023-45851.json) (`2023-11-06T14:33:29.510`)
* [CVE-2023-45844](CVE-2023/CVE-2023-458xx/CVE-2023-45844.json) (`2023-11-06T14:39:14.153`)
* [CVE-2023-43488](CVE-2023/CVE-2023-434xx/CVE-2023-43488.json) (`2023-11-06T14:41:18.393`)
* [CVE-2023-45220](CVE-2023/CVE-2023-452xx/CVE-2023-45220.json) (`2023-11-06T14:42:32.330`)
* [CVE-2023-46072](CVE-2023/CVE-2023-460xx/CVE-2023-46072.json) (`2023-11-06T14:42:49.640`)
* [CVE-2023-45321](CVE-2023/CVE-2023-453xx/CVE-2023-45321.json) (`2023-11-06T14:44:12.273`)
* [CVE-2023-21327](CVE-2023/CVE-2023-213xx/CVE-2023-21327.json) (`2023-11-06T14:47:48.253`)
* [CVE-2023-41372](CVE-2023/CVE-2023-413xx/CVE-2023-41372.json) (`2023-11-06T15:05:29.427`)
* [CVE-2023-5116](CVE-2023/CVE-2023-51xx/CVE-2023-5116.json) (`2023-11-06T15:07:34.067`)
* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-11-06T15:08:19.577`)
* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-11-06T15:08:52.340`)
* [CVE-2023-45955](CVE-2023/CVE-2023-459xx/CVE-2023-45955.json) (`2023-11-06T15:09:24.137`)
* [CVE-2023-41960](CVE-2023/CVE-2023-419xx/CVE-2023-41960.json) (`2023-11-06T15:13:46.063`)
* [CVE-2023-47099](CVE-2023/CVE-2023-470xx/CVE-2023-47099.json) (`2023-11-06T15:28:42.143`)
* [CVE-2023-30078](CVE-2023/CVE-2023-300xx/CVE-2023-30078.json) (`2023-11-06T16:15:40.657`)
* [CVE-2023-30079](CVE-2023/CVE-2023-300xx/CVE-2023-30079.json) (`2023-11-06T16:15:42.053`)
* [CVE-2023-46668](CVE-2023/CVE-2023-466xx/CVE-2023-46668.json) (`2023-11-06T16:37:50.727`)
* [CVE-2023-46232](CVE-2023/CVE-2023-462xx/CVE-2023-46232.json) (`2023-11-06T16:52:55.210`)
* [CVE-2023-5783](CVE-2023/CVE-2023-57xx/CVE-2023-5783.json) (`2023-11-06T16:54:45.093`)
## Download and Usage