admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-21T19:00:18.107652+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-21 19:00:21 +00:00
parent 6143f1bca4
commit 07e384d07f
42 changed files with 1486 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVE-2018/CVE-2018-26xx/CVE-2018-2637.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2637",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.803",
"lastModified": "2022-05-13T14:57:22.177",
"lastModified": "2023-11-21T18:06:10.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102576",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

15
CVE-2018/CVE-2018-26xx/CVE-2018-2638.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2638",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.850",
"lastModified": "2022-08-12T18:04:28.627",
"lastModified": "2023-11-21T18:27:02.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,8 +89,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -299,6 +299,7 @@
"url": "http://www.securityfocus.com/bid/102546",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -307,7 +308,9 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{

18
CVE-2018/CVE-2018-26xx/CVE-2018-2639.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2639",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.897",
"lastModified": "2022-08-12T18:04:25.050",
"lastModified": "2023-11-21T18:26:35.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,8 +89,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -170,14 +170,18 @@
"url": "http://www.securityfocus.com/bid/102556",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{

18
CVE-2018/CVE-2018-26xx/CVE-2018-2641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2641",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.993",
"lastModified": "2022-05-13T14:57:22.210",
"lastModified": "2023-11-21T18:27:23.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -324,6 +324,7 @@
"url": "http://www.securityfocus.com/bid/102605",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -332,6 +333,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2663.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2663",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:22.007",
"lastModified": "2022-05-13T14:57:22.243",
"lastModified": "2023-11-21T18:06:03.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102662",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2677.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2677",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:22.647",
"lastModified": "2022-05-13T14:57:22.263",
"lastModified": "2023-11-21T18:05:55.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -324,6 +324,7 @@
"url": "http://www.securityfocus.com/bid/102656",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -332,6 +333,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2678.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2678",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:22.697",
"lastModified": "2022-05-13T14:57:22.283",
"lastModified": "2023-11-21T18:04:42.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102659",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

59
CVE-2021/CVE-2021-275xx/CVE-2021-27502.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-27502",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T18:15:07.510",
"lastModified": "2023-11-21T18:15:07.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default),\n malloc returns a valid pointer to a small buffer on extremely large \nvalues, which can trigger an integer overflow vulnerability in \n'HeapMem_allocUnprotected' and result in code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.ti.com/tool/TI-RTOS-MCU",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2021/CVE-2021-275xx/CVE-2021-27504.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-27504",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T18:15:07.713",
"lastModified": "2023-11-21T18:15:07.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Texas Instruments devices running FREERTOS, malloc returns a valid \npointer to a small buffer on extremely large values, which can trigger \nan integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in\n code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.ti.com/tool/TI-RTOS-MCU",
"source": "ics-cert@hq.dhs.gov"
}
]
}

8
CVE-2021/CVE-2021-381xx/CVE-2021-38111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-38111",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-04T18:15:10.093",
"lastModified": "2021-08-17T14:43:51.023",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T17:15:07.477",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/skintigh/defcon27_badge_sdr",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-300xx/CVE-2022-30067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30067",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-05-17T17:15:08.407",
"lastModified": "2022-05-26T00:04:00.743",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T17:15:07.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -106,6 +106,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00015.html",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-225xx/CVE-2023-22516.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-22516",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-11-21T18:15:07.910",
"lastModified": "2023-11-21T18:15:07.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\r\n\r\nAtlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7.\r\n JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html)\r\n\r\n Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).\r\n\r\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1318881573",
"source": "security@atlassian.com"
},
{
"url": "https://jira.atlassian.com/browse/BAM-25168",
"source": "security@atlassian.com"
}
]
}

47
CVE-2023/CVE-2023-225xx/CVE-2023-22521.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-22521",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-11-21T18:15:08.070",
"lastModified": "2023-11-21T18:15:08.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\r\n\r\nAtlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6\r\n Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1\r\n\r\nSee the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]).\r\n\r\nThis vulnerability was discovered by m1sn0w and reported via our Bug Bounty program"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1318881573",
"source": "security@atlassian.com"
},
{
"url": "https://jira.atlassian.com/browse/CWD-6139",
"source": "security@atlassian.com"
}
]
}

241
CVE-2023/CVE-2023-283xx/CVE-2023-28376.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28376",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:21.793",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:41:53.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el firmware de Intel(R) E810 Ethernet Controllers and Adapters anteriores a la versi\u00f3n 1.7.1 puede permitir que un usuario no autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,211 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-2cqda2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "459854C3-D982-47E5-8E1D-72B732BD7A5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-2cqda2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DB31D15-0C95-4037-85FD-77B5964665A1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda1_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "77C14DE6-4E3B-49AD-9F22-8F10D008FBC9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87F3AB90-46C3-48DD-B0B4-4E036712ECCB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda1_for_ocp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "29F34B82-C7E7-49A3-8161-54B902A4C6B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda1_for_ocp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86F81244-F28E-416A-B3B6-7A1F79D8AC73"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda1_for_ocp_3.0_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "65E2C711-5C67-422E-A2C7-DE6A4F720A22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda1_for_ocp_3.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F06D5B95-4DD0-4BEB-A32A-AAE300046670"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "665AC27E-47C6-4FEE-89BF-B394FA7CF247"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D582770B-4CCD-43A4-B218-FFD9AE530A24"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda2_for_ocp_3.0_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "FD7F8FB6-EBE0-4CBA-9BDE-3E398A1AF5EB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda2_for_ocp_3.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA63976A-922C-4E50-8D69-D7F6A62AD31E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_e810-cqda2t_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"matchCriteriaId": "4600F6C7-8055-4834-8173-9FDB840268D7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_e810-cqda2t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66EDE48D-7049-4BBB-B24A-3CEA9BAA3B27"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

131
CVE-2023/CVE-2023-291xx/CVE-2023-29177.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29177",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-11-14T19:15:24.337",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T18:47:17.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests."
},
{
"lang": "es",
"value": "Las vulnerabilidades de copia de b\u00fafer m\u00faltiple sin verificar el tama\u00f1o de entrada ('desbordamiento del b\u00fafer cl\u00e1sico') [CWE-120] en FortiADC versi\u00f3n 7.2.0 y anteriores a 7.1.2 y FortiDDoS-F versi\u00f3n 6.5.0 y anteriores a 6.4.1 permiten a un atacante privilegiado ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes CLI espec\u00edficamente manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -46,10 +70,111 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndIncluding": "7.1.2",
"matchCriteriaId": "8EE864BE-0405-485C-997E-072092F6BB5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:5.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "20EC4BBC-C056-4B63-8D08-F1F6F77CED5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:5.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F67FE569-A1C6-4592-B650-444C94C45A90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:5.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A3B866E2-9E6A-4F82-ABBC-800F87152FE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C61C6239-ACC1-4A3B-ABC4-B2C501148927"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "43DED0DD-E584-4ECF-8B0F-2FB8B3167889"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "63B95B99-89C8-4797-8FDA-2887596ADFED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "70AE3711-D7D8-49A3-981D-CD96F2497CB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.1.4",
"matchCriteriaId": "C7B816ED-6776-46CF-9F8C-B0A2CF3716F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.1",
"matchCriteriaId": "847C6FC1-DBCF-4803-BDDB-6E2C5B079ECD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4DD47EAD-BE0A-4E66-BAE6-BFECD8FBCC1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A702B46E-1BA1-4D57-BBC5-96B66DB83FAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB1731B-7799-408B-8F8C-F5ABFEA7A180"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-064",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-295xx/CVE-2023-29504.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29504",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:24.530",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T18:34:22.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El elemento de ruta de b\u00fasqueda no controlado en algunos software Intel(R) RealSense(TM) Dynamic Calibration anteriores a la versi\u00f3n 2.13.1.0 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:realsense_d400_series_dynamic_calibration_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.1.0",
"matchCriteriaId": "FE0B2806-7FF9-4FA2-AF79-0CC77BCCCD57"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-312xx/CVE-2023-31203.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31203",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:24.707",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:54:07.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunos software OpenVINO Model Server anterior a la versi\u00f3n 2022.3 para la distribuci\u00f3n del kit de herramientas Intel Distribution de OpenVINO puede permitir que un usuario no autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:openvino_model_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.3",
"matchCriteriaId": "B2F46790-5633-4444-9C60-AAE9DD0A8DA9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-322xx/CVE-2023-32279.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32279",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:25.480",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:54:26.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en el controlador del modo de usuario para Intel(R) Connectivity Performance Suite anteriores a la versi\u00f3n 2.1123.214.2 puede permitir que un usuario no autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:connectivity_performance_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1123.214.2",
"matchCriteriaId": "F126F42C-E3C9-40F7-BA9D-E4CA2548C6AA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-322xx/CVE-2023-32283.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32283",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:25.660",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:54:43.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "La inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en algunos software Intel(R) On Demand anterior a las versiones 1.16.2, 2.1.1, 3.1.0 puede permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:on_demand:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1618669D-0A0D-47E7-878E-C0142672B993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:on_demand:2.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9FFA36-3E1F-4928-8BB5-03EB2DD22761"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:on_demand:3.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16A51-B19B-4760-B89F-23F4E6A4E8A6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-326xx/CVE-2023-32638.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32638",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:25.840",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:54:57.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en algunos software Intel Arc RGB Controller anteriores a la versi\u00f3n 1.06 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_rgb_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.06",
"matchCriteriaId": "0F004AB5-8A42-4F28-9C06-3EB8C6AA4598"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-360xx/CVE-2023-36018.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36018",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T18:15:31.413",
"lastModified": "2023-11-14T18:51:42.203",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T18:15:33.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Visual Studio Code Jupyter Extension Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en la extensi\u00f3n Jupyter de Visual Studio Code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:jupyter:*:*:*:*:*:visual_studio_code:*:*",
"versionEndExcluding": "2023.10.1100000000",
"matchCriteriaId": "D13971B8-BD06-484A-96B3-9A8A884FAE14"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36018",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-384xx/CVE-2023-38411.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38411",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:29.150",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T18:44:14.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en la aplicaci\u00f3n de Android, Intel Smart Campus anterior a la versi\u00f3n 9.4 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:smart_campus:*:*:*:*:*:android:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "592914B4-07DC-4B97-982D-E8D853B07017"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

22
CVE-2023/CVE-2023-38xx/CVE-2023-3812.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3812",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:13.337",
"lastModified": "2023-11-21T11:15:09.253",
"lastModified": "2023-11-21T17:15:07.663",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,10 +138,30 @@
"url": "https://access.redhat.com/errata/RHSA-2023:6813",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7370",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7379",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7382",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7389",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7411",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7418",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3812",
"source": "secalert@redhat.com",

61
CVE-2023/CVE-2023-392xx/CVE-2023-39230.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39230",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:29.947",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T18:50:21.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos heredados inseguros en algunos software Intel Rapid Storage Technology anteriores a la versi\u00f3n 16.8.5.1014.9 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.8.5.1014.9",
"matchCriteriaId": "A34B5338-4F58-48BB-A6D8-90B9E0B50AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-39xx/CVE-2023-3961.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3961",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T13:15:08.723",
"lastModified": "2023-11-13T18:48:45.780",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:08.227",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -167,6 +167,14 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7371",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7408",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3961",
"source": "secalert@redhat.com",

32
CVE-2023/CVE-2023-40xx/CVE-2023-4004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4004",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-31T17:15:10.203",
"lastModified": "2023-11-07T04:22:02.487",
"vulnStatus": "Modified",
"lastModified": "2023-11-21T17:15:07.873",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -202,6 +202,30 @@
"url": "https://access.redhat.com/errata/RHSA-2023:5627",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7382",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7389",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7411",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7417",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7431",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7434",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4004",
"source": "secalert@redhat.com",

12
CVE-2023/CVE-2023-40xx/CVE-2023-4091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4091",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.197",
"lastModified": "2023-11-13T17:52:24.593",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:08.623",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -167,6 +167,14 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7371",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7408",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4091",
"source": "secalert@redhat.com",

18
CVE-2023/CVE-2023-41xx/CVE-2023-4147.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4147",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-07T14:15:11.633",
"lastModified": "2023-11-07T04:22:11.063",
"lastModified": "2023-11-21T17:15:08.033",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -210,6 +210,18 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7382",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7389",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7411",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4147",
"source": "secalert@redhat.com",

12
CVE-2023/CVE-2023-426xx/CVE-2023-42669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42669",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T07:15:09.137",
"lastModified": "2023-11-14T18:20:56.677",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:08.343",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -178,6 +178,14 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7371",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7408",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42669",
"source": "secalert@redhat.com",

22
CVE-2023/CVE-2023-427xx/CVE-2023-42753.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T21:15:15.923",
"lastModified": "2023-11-21T11:15:09.420",
"lastModified": "2023-11-21T17:15:07.763",
"vulnStatus": "Modified",
"descriptions": [
{
@ -139,10 +139,30 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7370",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7379",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7382",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7389",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7411",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7418",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42753",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-451xx/CVE-2023-45161.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45161",
"sourceIdentifier": "security@1e.com",
"published": "2023-11-06T13:15:09.730",
"lastModified": "2023-11-14T17:54:06.743",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:08.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI"
"value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI"
},
{
"lang": "es",

6
CVE-2023/CVE-2023-451xx/CVE-2023-45163.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45163",
"sourceIdentifier": "security@1e.com",
"published": "2023-11-06T13:15:09.807",
"lastModified": "2023-11-14T17:53:40.080",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:08.543",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI\n\n"
"value": "\nThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI\n\n"
},
{
"lang": "es",

47
CVE-2023/CVE-2023-476xx/CVE-2023-47662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T00:15:07.743",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:01:11.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goldbroker:live_gold_price_\\&_silver_price_charts_widgets:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4",
"matchCriteriaId": "14B9D71A-8ECC-4329-8A83-7AB370C1250A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gold-price-chart-widget/wordpress-live-gold-price-silver-price-charts-widgets-plugin-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-476xx/CVE-2023-47673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47673",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T00:15:08.140",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T17:07:15.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thecrowned:post_pay_counter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.789",
"matchCriteriaId": "16C768A3-8592-4AB0-BA2B-C27C98108D62"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-pay-counter/wordpress-post-pay-counter-plugin-2-789-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-48xx/CVE-2023-4806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4806",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.813",
"lastModified": "2023-11-07T04:22:59.567",
"lastModified": "2023-11-21T18:15:08.727",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -300,6 +300,10 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7409",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4806",
"source": "secalert@redhat.com",

8
CVE-2023/CVE-2023-48xx/CVE-2023-4813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-12T22:15:08.277",
"lastModified": "2023-11-10T18:15:10.280",
"vulnStatus": "Modified",
"lastModified": "2023-11-21T18:15:08.873",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -196,6 +196,10 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7409",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4813",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-50xx/CVE-2023-5055.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5055",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-11-21T18:15:09.023",
"lastModified": "2023-11-21T18:15:09.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Possible variant of CVE-2021-3434 in function le_ecred_reconf_req."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj",
"source": "vulnerabilities@zephyrproject.org"
}
]
}

10
CVE-2023/CVE-2023-51xx/CVE-2023-5178.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5178",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-01T17:15:11.920",
"lastModified": "2023-11-21T11:15:09.537",
"lastModified": "2023-11-21T18:15:09.220",
"vulnStatus": "Modified",
"descriptions": [
{
@ -149,10 +149,18 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7370",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7379",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7418",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5178",
"source": "secalert@redhat.com",

22
CVE-2023/CVE-2023-53xx/CVE-2023-5367.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5367",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-25T20:15:18.323",
"lastModified": "2023-11-18T03:15:08.287",
"lastModified": "2023-11-21T17:15:08.180",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -173,6 +173,26 @@
"url": "https://access.redhat.com/errata/RHSA-2023:6808",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7373",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7388",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7405",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7428",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7436",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5367",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-53xx/CVE-2023-5380.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5380",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-25T20:15:18.503",
"lastModified": "2023-11-18T03:15:08.443",
"lastModified": "2023-11-21T18:15:09.313",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -165,6 +165,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7428",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5380",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-59xx/CVE-2023-5964.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5964",
"sourceIdentifier": "security@1e.com",
"published": "2023-11-06T13:15:10.187",
"lastModified": "2023-11-14T17:50:11.880",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-21T18:15:09.550",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.\n\nTo remediate this issue DELETE the instruction\u00a0\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00a0\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above."
"value": "\nThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue DELETE the instruction\u00a0\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00a0\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above."
},
{
"lang": "es",

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-21T17:00:18.629034+00:00
2023-11-21T19:00:18.107652+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-21T16:54:10.720000+00:00
2023-11-21T18:50:21.977000+00:00
```
### Last Data Feed Release
@ -29,38 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231219
231224
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `5`
* [CVE-2023-46377](CVE-2023/CVE-2023-463xx/CVE-2023-46377.json) (`2023-11-21T16:15:42.713`)
* [CVE-2023-48124](CVE-2023/CVE-2023-481xx/CVE-2023-48124.json) (`2023-11-21T15:15:07.477`)
* [CVE-2023-49060](CVE-2023/CVE-2023-490xx/CVE-2023-49060.json) (`2023-11-21T15:15:07.560`)
* [CVE-2023-49061](CVE-2023/CVE-2023-490xx/CVE-2023-49061.json) (`2023-11-21T15:15:07.633`)
* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-21T15:15:07.687`)
* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-21T15:15:07.737`)
* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-21T15:15:07.787`)
* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-21T15:15:07.843`)
* [CVE-2023-6208](CVE-2023/CVE-2023-62xx/CVE-2023-6208.json) (`2023-11-21T15:15:07.900`)
* [CVE-2023-6209](CVE-2023/CVE-2023-62xx/CVE-2023-6209.json) (`2023-11-21T15:15:07.957`)
* [CVE-2023-6210](CVE-2023/CVE-2023-62xx/CVE-2023-6210.json) (`2023-11-21T15:15:08.010`)
* [CVE-2023-6211](CVE-2023/CVE-2023-62xx/CVE-2023-6211.json) (`2023-11-21T15:15:08.057`)
* [CVE-2023-6212](CVE-2023/CVE-2023-62xx/CVE-2023-6212.json) (`2023-11-21T15:15:08.110`)
* [CVE-2023-6213](CVE-2023/CVE-2023-62xx/CVE-2023-6213.json) (`2023-11-21T15:15:08.170`)
* [CVE-2021-27502](CVE-2021/CVE-2021-275xx/CVE-2021-27502.json) (`2023-11-21T18:15:07.510`)
* [CVE-2021-27504](CVE-2021/CVE-2021-275xx/CVE-2021-27504.json) (`2023-11-21T18:15:07.713`)
* [CVE-2023-22516](CVE-2023/CVE-2023-225xx/CVE-2023-22516.json) (`2023-11-21T18:15:07.910`)
* [CVE-2023-22521](CVE-2023/CVE-2023-225xx/CVE-2023-22521.json) (`2023-11-21T18:15:08.070`)
* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-11-21T18:15:09.023`)
### CVEs modified in the last Commit
Recently modified CVEs: `5`
Recently modified CVEs: `36`
* [CVE-2021-45450](CVE-2021/CVE-2021-454xx/CVE-2021-45450.json) (`2023-11-21T16:29:39.140`)
* [CVE-2023-6006](CVE-2023/CVE-2023-60xx/CVE-2023-6006.json) (`2023-11-21T16:12:34.167`)
* [CVE-2023-46316](CVE-2023/CVE-2023-463xx/CVE-2023-46316.json) (`2023-11-21T16:32:54.253`)
* [CVE-2023-45897](CVE-2023/CVE-2023-458xx/CVE-2023-45897.json) (`2023-11-21T16:33:02.183`)
* [CVE-2023-5678](CVE-2023/CVE-2023-56xx/CVE-2023-5678.json) (`2023-11-21T16:54:10.720`)
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-21T17:15:07.663`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-21T17:15:07.763`)
* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-11-21T17:15:07.873`)
* [CVE-2023-4147](CVE-2023/CVE-2023-41xx/CVE-2023-4147.json) (`2023-11-21T17:15:08.033`)
* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-21T17:15:08.180`)
* [CVE-2023-28376](CVE-2023/CVE-2023-283xx/CVE-2023-28376.json) (`2023-11-21T17:41:53.923`)
* [CVE-2023-31203](CVE-2023/CVE-2023-312xx/CVE-2023-31203.json) (`2023-11-21T17:54:07.040`)
* [CVE-2023-32279](CVE-2023/CVE-2023-322xx/CVE-2023-32279.json) (`2023-11-21T17:54:26.863`)
* [CVE-2023-32283](CVE-2023/CVE-2023-322xx/CVE-2023-32283.json) (`2023-11-21T17:54:43.380`)
* [CVE-2023-32638](CVE-2023/CVE-2023-326xx/CVE-2023-32638.json) (`2023-11-21T17:54:57.823`)
* [CVE-2023-3961](CVE-2023/CVE-2023-39xx/CVE-2023-3961.json) (`2023-11-21T18:15:08.227`)
* [CVE-2023-42669](CVE-2023/CVE-2023-426xx/CVE-2023-42669.json) (`2023-11-21T18:15:08.343`)
* [CVE-2023-45161](CVE-2023/CVE-2023-451xx/CVE-2023-45161.json) (`2023-11-21T18:15:08.443`)
* [CVE-2023-45163](CVE-2023/CVE-2023-451xx/CVE-2023-45163.json) (`2023-11-21T18:15:08.543`)
* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-21T18:15:08.623`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-11-21T18:15:08.727`)
* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-11-21T18:15:08.873`)
* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-21T18:15:09.220`)
* [CVE-2023-5380](CVE-2023/CVE-2023-53xx/CVE-2023-5380.json) (`2023-11-21T18:15:09.313`)
* [CVE-2023-5964](CVE-2023/CVE-2023-59xx/CVE-2023-5964.json) (`2023-11-21T18:15:09.550`)
* [CVE-2023-36018](CVE-2023/CVE-2023-360xx/CVE-2023-36018.json) (`2023-11-21T18:15:33.700`)
* [CVE-2023-29504](CVE-2023/CVE-2023-295xx/CVE-2023-29504.json) (`2023-11-21T18:34:22.367`)
* [CVE-2023-38411](CVE-2023/CVE-2023-384xx/CVE-2023-38411.json) (`2023-11-21T18:44:14.920`)
* [CVE-2023-29177](CVE-2023/CVE-2023-291xx/CVE-2023-29177.json) (`2023-11-21T18:47:17.137`)
* [CVE-2023-39230](CVE-2023/CVE-2023-392xx/CVE-2023-39230.json) (`2023-11-21T18:50:21.977`)
## Download and Usage