admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-12T03:00:25.617150+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-12 03:00:29 +00:00
parent 985a2d289d
commit 06ee99d87e
71 changed files with 3027 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-366xx/CVE-2023-36647.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36647",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.010",
"lastModified": "2023-12-12T01:15:10.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36648.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36648",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.067",
"lastModified": "2023-12-12T01:15:10.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer)."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36649.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36649",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.123",
"lastModified": "2023-12-12T01:15:10.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36650.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36650",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.173",
"lastModified": "2023-12-12T01:15:10.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36651.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36651",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.220",
"lastModified": "2023-12-12T01:15:10.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36651",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36652.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.270",
"lastModified": "2023-12-12T01:15:10.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36652",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-366xx/CVE-2023-36654.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36654",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T01:15:10.313",
"lastModified": "2023-12-12T01:15:10.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36654",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-404xx/CVE-2023-40446.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40446",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:10.360",
"lastModified": "2023-12-12T01:15:10.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
}
]
}

59
CVE-2023/CVE-2023-424xx/CVE-2023-42476.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42476",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:10.410",
"lastModified": "2023-12-12T01:15:10.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim\u2019s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3382353",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-424xx/CVE-2023-42478.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42478",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:10.627",
"lastModified": "2023-12-12T01:15:10.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Business Objects\u00a0Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3382353",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-424xx/CVE-2023-42479.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42479",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:10.827",
"lastModified": "2023-12-12T01:15:10.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3383321",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-424xx/CVE-2023-42481.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42481",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:11.023",
"lastModified": "2023-12-12T01:15:11.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3394567",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42874.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42874",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.230",
"lastModified": "2023-12-12T01:15:11.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42882.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42882",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.280",
"lastModified": "2023-12-12T01:15:11.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-428xx/CVE-2023-42883.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-42883",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.330",
"lastModified": "2023-12-12T01:15:11.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214039",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-428xx/CVE-2023-42884.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-42884",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.380",
"lastModified": "2023-12-12T01:15:11.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42886.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42886",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.430",
"lastModified": "2023-12-12T01:15:11.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-428xx/CVE-2023-42890.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-42890",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.480",
"lastModified": "2023-12-12T01:15:11.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214039",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42891.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42891",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.530",
"lastModified": "2023-12-12T01:15:11.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42894.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42894",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.587",
"lastModified": "2023-12-12T01:15:11.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user's contacts."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42897.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42897",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.637",
"lastModified": "2023-12-12T01:15:11.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42898.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42898",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.680",
"lastModified": "2023-12-12T01:15:11.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

44
CVE-2023/CVE-2023-428xx/CVE-2023-42899.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-42899",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.733",
"lastModified": "2023-12-12T01:15:11.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42900.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42900",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.787",
"lastModified": "2023-12-12T01:15:11.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42901.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42901",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.837",
"lastModified": "2023-12-12T01:15:11.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42902.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42902",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.903",
"lastModified": "2023-12-12T01:15:11.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42903.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42903",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.950",
"lastModified": "2023-12-12T01:15:11.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42904.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42904",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.000",
"lastModified": "2023-12-12T01:15:12.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42905.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42905",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.050",
"lastModified": "2023-12-12T01:15:12.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42906.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42906",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.093",
"lastModified": "2023-12-12T01:15:12.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42907.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42907",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.140",
"lastModified": "2023-12-12T01:15:12.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42908.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42908",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.183",
"lastModified": "2023-12-12T01:15:12.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42909.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42909",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.223",
"lastModified": "2023-12-12T01:15:12.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42910.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42910",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.263",
"lastModified": "2023-12-12T01:15:12.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42911.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42911",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.313",
"lastModified": "2023-12-12T01:15:12.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42912.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42912",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.367",
"lastModified": "2023-12-12T01:15:12.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

44
CVE-2023/CVE-2023-429xx/CVE-2023-42914.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-42914",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.413",
"lastModified": "2023-12-12T01:15:12.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

6
CVE-2023/CVE-2023-429xx/CVE-2023-42916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42916",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.223",
"lastModified": "2023-12-09T04:15:06.827",
"lastModified": "2023-12-12T02:15:06.800",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
@ -131,6 +131,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5575",
"source": "product-security@apple.com"
}
]
}

6
CVE-2023/CVE-2023-429xx/CVE-2023-42917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42917",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.280",
"lastModified": "2023-12-09T04:15:06.993",
"lastModified": "2023-12-12T02:15:06.913",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
@ -130,6 +130,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5575",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-429xx/CVE-2023-42919.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-42919",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.473",
"lastModified": "2023-12-12T01:15:12.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-429xx/CVE-2023-42922.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-42922",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.530",
"lastModified": "2023-12-12T01:15:12.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42923.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42923",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.587",
"lastModified": "2023-12-12T01:15:12.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-429xx/CVE-2023-42924.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42924",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.633",
"lastModified": "2023-12-12T01:15:12.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42926.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42926",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.683",
"lastModified": "2023-12-12T01:15:12.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-429xx/CVE-2023-42927.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42927",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.730",
"lastModified": "2023-12-12T01:15:12.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-429xx/CVE-2023-42932.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42932",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.773",
"lastModified": "2023-12-12T01:15:12.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

396
CVE-2023/CVE-2023-442xx/CVE-2023-44297.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44297",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-05T16:15:07.097",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T00:55:40.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
},
{
"lang": "es",
"value": "Las plataformas Dell PowerEdge 16G Intel E5 BIOS y Dell Precision BIOS, versi\u00f3n 1.4.4, contienen una vulnerabilidad de seguridad de c\u00f3digo de depuraci\u00f3n activa. Un atacante f\u00edsico no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de informaci\u00f3n, la ejecuci\u00f3n de c\u00f3digo y la denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,366 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F11A33-BA61-4554-A0B2-8F789EA8BE3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AC134C-EFB7-46B8-B60F-5BD2663D7168"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C301E8C7-01F7-4CBE-8666-74C0FD0BD58E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E8485C-4298-4DA0-95AD-50C21BC2C798"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18D7C139-E796-4361-9FE6-530D154D7062"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D360EB7D-5AB4-483C-BF00-53473B2D8AF4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65443057-DC40-47A6-B739-E5984B7AEC43"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2670A942-4200-46F2-A4FC-6D2F0E2074B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC33C77-1C2C-4E44-A60F-14AE343666F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53D6488-A6E3-4505-8093-8232DC4219BD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9881FD7F-DA34-47F2-840B-929226E0D1CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B42153-ED7B-433A-9070-9CAC972322BA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1E8504-EF8A-47D0-9762-5E944DD1ECDF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08A9C14A-7D1A-4724-BBBD-62FC4C66FCE1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29F3D281-2810-4663-BD0F-F4EA67B1A321"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "447BE381-9C9B-4339-B308-71D90DB60294"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9ADAB6-42D2-44DE-8C0C-6DC4166DA705"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17FF7F29-F169-49B5-BEBA-6F20E3CDF1E6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99A3EEE-20D7-4E99-98FE-99012DA2393B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3364A3E-BA9B-4588-89E5-A2C6C17B5D97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5992CD2-83BA-4941-B3FF-42144036325E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B21CBCD8-266A-4BCD-933D-2EF5F479B119"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "033EB4DA-6B83-436C-AD42-63605EED7324"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A86D53-1352-48FB-A26A-C898B2C6425E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3310CC98-2D26-42EF-8E10-13F2EB0D4FDB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62603619-611F-4343-B75E-D45C50D1EA2F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-458xx/CVE-2023-45839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45839",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-05T12:15:43.397",
"lastModified": "2023-12-11T03:15:07.563",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-12T01:06:18.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF734410-BA22-45F7-AD10-CB28F69D1D81"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/11/1",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-458xx/CVE-2023-45840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45840",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-05T12:15:43.580",
"lastModified": "2023-12-11T03:15:07.660",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-12T01:10:35.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF734410-BA22-45F7-AD10-CB28F69D1D81"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/11/1",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-458xx/CVE-2023-45841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45841",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-05T12:15:43.773",
"lastModified": "2023-12-11T03:15:07.747",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-12T01:13:22.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF734410-BA22-45F7-AD10-CB28F69D1D81"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/11/1",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-458xx/CVE-2023-45842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45842",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-05T12:15:43.967",
"lastModified": "2023-12-11T03:15:07.843",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-12T01:17:12.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF734410-BA22-45F7-AD10-CB28F69D1D81"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/11/1",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-462xx/CVE-2023-46219.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46219",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-12T02:15:06.990",
"lastModified": "2023-12-12T02:15:06.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n"
}
],
"metrics": {},
"references": [
{
"url": "https://curl.se/docs/CVE-2023-46219.html",
"source": "support@hackerone.com"
},
{
"url": "https://hackerone.com/reports/2236133",
"source": "support@hackerone.com"
}
]
}

68
CVE-2023/CVE-2023-466xx/CVE-2023-46674.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46674",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-05T18:15:12.380",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T01:40:18.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 un problema que permit\u00eda la deserializaci\u00f3n insegura de objetos Java desde propiedades de configuraci\u00f3n de Hadoop o Spark que podr\u00edan haber sido modificadas por usuarios autenticados. Elastic quisiera agradecer a Yakov Shafranovich, de Amazon Web Services, por informar este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.17.11",
"matchCriteriaId": "55A78A3C-711F-4BC6-B4BE-8106E17BFD5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.9.0",
"matchCriteriaId": "A66F92FB-FF01-4D77-B9DC-B6863EBED138"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-hadoop-7-17-11-8-9-0-security-update-esa-2023-28/348663",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-490xx/CVE-2023-49058.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49058",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:12.840",
"lastModified": "2023-12-12T01:15:12.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Master Data Governance File Upload application\u00a0allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \u2018traverse to parent directory\u2019 are passed through to the file\u00a0APIs. As a result, it has a low impact to the\u00a0confidentiality.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3363690",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

117
CVE-2023/CVE-2023-492xx/CVE-2023-49241.json
View File

@ -2,23 +2,130 @@
"id": "CVE-2023-49241",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-12-06T09:15:08.410",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T01:48:59.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de permisos API en el m\u00f3dulo de gesti\u00f3n de red. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202312-0000001758430245",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

117
CVE-2023/CVE-2023-492xx/CVE-2023-49242.json
View File

@ -2,23 +2,130 @@
"id": "CVE-2023-49242",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-12-06T09:15:08.453",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T01:53:45.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad de transmisi\u00f3n gratuita en el m\u00f3dulo de gesti\u00f3n en ejecuci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202312-0000001758430245",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-492xx/CVE-2023-49297.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49297",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T21:15:07.460",
"lastModified": "2023-12-06T13:50:15.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T01:47:08.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "PyDrive2 es una librer\u00eda contenedora de google-api-python-client que simplifica muchas tareas comunes de la API V2 de Google Drive. La deserilizaci\u00f3n insegura de YAML dar\u00e1 como resultado la ejecuci\u00f3n de c\u00f3digo arbitrario. Un archivo YAML creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si PyDrive2 se ejecuta en el mismo directorio que \u00e9l o si se carga a trav\u00e9s de `LoadSettingsFile`. Este es un ataque de deserilizaci\u00f3n que afectar\u00e1 a cualquier usuario que inicialice GoogleAuth desde este paquete mientras hay un archivo yaml malicioso presente en el mismo directorio. Esta vulnerabilidad no requiere que el archivo se cargue directamente a trav\u00e9s del c\u00f3digo, solo est\u00e1 presente. Este problema se solucion\u00f3 en el commit \"c57355dc\" que se incluye en la versi\u00f3n \"1.16.2\". Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iterative:pydrive2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16.2",
"matchCriteriaId": "53E86B23-9C4F-4FB7-BE8F-49052254EBBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iterative:pydrive2:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA838A52-5ADC-43BC-B0DC-41C95E7F18B2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49577.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49577",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.073",
"lastModified": "2023-12-12T02:15:07.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3217087",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49578.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49578",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.283",
"lastModified": "2023-12-12T02:15:07.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity\u00a0 of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3362463",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49580.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49580",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.493",
"lastModified": "2023-12-12T02:15:07.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP GUI for Windows\u00a0and\u00a0SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3385711",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49581.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49581",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.710",
"lastModified": "2023-12-12T02:15:07.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP GUI for Windows\u00a0and\u00a0SAP GUI for Java\u00a0allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3392547",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

63
CVE-2023/CVE-2023-495xx/CVE-2023-49583.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49583",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-12T02:15:07.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP\u00a0BTP\u00a0Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
},
{
"url": "https://www.npmjs.com/package/@sap/xssec",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49584.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49584",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.147",
"lastModified": "2023-12-12T02:15:08.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3406786",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-495xx/CVE-2023-49587.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49587",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.370",
"lastModified": "2023-12-12T02:15:08.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3395306",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

75
CVE-2023/CVE-2023-504xx/CVE-2023-50422.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-50422",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-12T02:15:08.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa",
"source": "cna@sap.com"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security",
"source": "cna@sap.com"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

63
CVE-2023/CVE-2023-504xx/CVE-2023-50423.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50423",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.797",
"lastModified": "2023-12-12T02:15:08.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP\u00a0BTP\u00a0Security Services Integration Library ([Python]\u00a0sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
},
{
"url": "https://pypi.org/project/sap-xssec/",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

55
CVE-2023/CVE-2023-55xx/CVE-2023-5536.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5536",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-12-12T02:15:09.003",
"lastModified": "2023-12-12T02:15:09.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071",
"source": "security@ubuntu.com"
},
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536",
"source": "security@ubuntu.com"
},
{
"url": "https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/CVE-2023-5536",
"source": "security@ubuntu.com"
}
]
}

6
CVE-2023/CVE-2023-61xx/CVE-2023-6185.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6185",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.037",
"lastModified": "2023-12-11T12:20:45.887",
"lastModified": "2023-12-12T02:15:09.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185",
"source": "security@documentfoundation.org"

6
CVE-2023/CVE-2023-61xx/CVE-2023-6186.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6186",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.713",
"lastModified": "2023-12-11T12:20:45.887",
"lastModified": "2023-12-12T02:15:09.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186",
"source": "security@documentfoundation.org"

59
CVE-2023/CVE-2023-65xx/CVE-2023-6542.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6542",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:09.347",
"lastModified": "2023-12-12T02:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3406244",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

55
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-12T00:55:22.500301+00:00
2023-12-12T03:00:25.617150+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-12T00:54:23.227000+00:00
2023-12-12T02:15:09.347000+00:00
```
### Last Data Feed Release
@ -29,26 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232734
232791
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `57`
* [CVE-2021-3187](CVE-2021/CVE-2021-31xx/CVE-2021-3187.json) (`2023-12-11T23:15:07.530`)
* [CVE-2023-49803](CVE-2023/CVE-2023-498xx/CVE-2023-49803.json) (`2023-12-11T23:15:07.620`)
* [CVE-2023-49804](CVE-2023/CVE-2023-498xx/CVE-2023-49804.json) (`2023-12-11T23:15:07.840`)
* [CVE-2023-49805](CVE-2023/CVE-2023-498xx/CVE-2023-49805.json) (`2023-12-11T23:15:08.057`)
* [CVE-2023-50245](CVE-2023/CVE-2023-502xx/CVE-2023-50245.json) (`2023-12-11T23:15:08.280`)
* [CVE-2023-36646](CVE-2023/CVE-2023-366xx/CVE-2023-36646.json) (`2023-12-12T00:15:28.757`)
* [CVE-2023-42909](CVE-2023/CVE-2023-429xx/CVE-2023-42909.json) (`2023-12-12T01:15:12.223`)
* [CVE-2023-42910](CVE-2023/CVE-2023-429xx/CVE-2023-42910.json) (`2023-12-12T01:15:12.263`)
* [CVE-2023-42911](CVE-2023/CVE-2023-429xx/CVE-2023-42911.json) (`2023-12-12T01:15:12.313`)
* [CVE-2023-42912](CVE-2023/CVE-2023-429xx/CVE-2023-42912.json) (`2023-12-12T01:15:12.367`)
* [CVE-2023-42914](CVE-2023/CVE-2023-429xx/CVE-2023-42914.json) (`2023-12-12T01:15:12.413`)
* [CVE-2023-42919](CVE-2023/CVE-2023-429xx/CVE-2023-42919.json) (`2023-12-12T01:15:12.473`)
* [CVE-2023-42922](CVE-2023/CVE-2023-429xx/CVE-2023-42922.json) (`2023-12-12T01:15:12.530`)
* [CVE-2023-42923](CVE-2023/CVE-2023-429xx/CVE-2023-42923.json) (`2023-12-12T01:15:12.587`)
* [CVE-2023-42924](CVE-2023/CVE-2023-429xx/CVE-2023-42924.json) (`2023-12-12T01:15:12.633`)
* [CVE-2023-42926](CVE-2023/CVE-2023-429xx/CVE-2023-42926.json) (`2023-12-12T01:15:12.683`)
* [CVE-2023-42927](CVE-2023/CVE-2023-429xx/CVE-2023-42927.json) (`2023-12-12T01:15:12.730`)
* [CVE-2023-42932](CVE-2023/CVE-2023-429xx/CVE-2023-42932.json) (`2023-12-12T01:15:12.773`)
* [CVE-2023-49058](CVE-2023/CVE-2023-490xx/CVE-2023-49058.json) (`2023-12-12T01:15:12.840`)
* [CVE-2023-46219](CVE-2023/CVE-2023-462xx/CVE-2023-46219.json) (`2023-12-12T02:15:06.990`)
* [CVE-2023-49577](CVE-2023/CVE-2023-495xx/CVE-2023-49577.json) (`2023-12-12T02:15:07.073`)
* [CVE-2023-49578](CVE-2023/CVE-2023-495xx/CVE-2023-49578.json) (`2023-12-12T02:15:07.283`)
* [CVE-2023-49580](CVE-2023/CVE-2023-495xx/CVE-2023-49580.json) (`2023-12-12T02:15:07.493`)
* [CVE-2023-49581](CVE-2023/CVE-2023-495xx/CVE-2023-49581.json) (`2023-12-12T02:15:07.710`)
* [CVE-2023-49583](CVE-2023/CVE-2023-495xx/CVE-2023-49583.json) (`2023-12-12T02:15:07.920`)
* [CVE-2023-49584](CVE-2023/CVE-2023-495xx/CVE-2023-49584.json) (`2023-12-12T02:15:08.147`)
* [CVE-2023-49587](CVE-2023/CVE-2023-495xx/CVE-2023-49587.json) (`2023-12-12T02:15:08.370`)
* [CVE-2023-50422](CVE-2023/CVE-2023-504xx/CVE-2023-50422.json) (`2023-12-12T02:15:08.587`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-12T02:15:08.797`)
* [CVE-2023-5536](CVE-2023/CVE-2023-55xx/CVE-2023-5536.json) (`2023-12-12T02:15:09.003`)
* [CVE-2023-6542](CVE-2023/CVE-2023-65xx/CVE-2023-6542.json) (`2023-12-12T02:15:09.347`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `13`
* [CVE-2023-44298](CVE-2023/CVE-2023-442xx/CVE-2023-44298.json) (`2023-12-12T00:54:23.227`)
* [CVE-2023-44297](CVE-2023/CVE-2023-442xx/CVE-2023-44297.json) (`2023-12-12T00:55:40.877`)
* [CVE-2023-45839](CVE-2023/CVE-2023-458xx/CVE-2023-45839.json) (`2023-12-12T01:06:18.090`)
* [CVE-2023-45840](CVE-2023/CVE-2023-458xx/CVE-2023-45840.json) (`2023-12-12T01:10:35.810`)
* [CVE-2023-45841](CVE-2023/CVE-2023-458xx/CVE-2023-45841.json) (`2023-12-12T01:13:22.923`)
* [CVE-2023-45842](CVE-2023/CVE-2023-458xx/CVE-2023-45842.json) (`2023-12-12T01:17:12.297`)
* [CVE-2023-46674](CVE-2023/CVE-2023-466xx/CVE-2023-46674.json) (`2023-12-12T01:40:18.040`)
* [CVE-2023-49297](CVE-2023/CVE-2023-492xx/CVE-2023-49297.json) (`2023-12-12T01:47:08.880`)
* [CVE-2023-49241](CVE-2023/CVE-2023-492xx/CVE-2023-49241.json) (`2023-12-12T01:48:59.117`)
* [CVE-2023-49242](CVE-2023/CVE-2023-492xx/CVE-2023-49242.json) (`2023-12-12T01:53:45.230`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-12T02:15:06.800`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-12T02:15:06.913`)
* [CVE-2023-6185](CVE-2023/CVE-2023-61xx/CVE-2023-6185.json) (`2023-12-12T02:15:09.190`)
* [CVE-2023-6186](CVE-2023/CVE-2023-61xx/CVE-2023-6186.json) (`2023-12-12T02:15:09.270`)
## Download and Usage