diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21416.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21416.json index f1c9d57e7aa..fb03149e884 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21416.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21416.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21416", "sourceIdentifier": "product-security@axis.com", "published": "2023-11-21T07:15:08.890", - "lastModified": "2023-11-21T14:08:14.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:36:29.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "product-security@axis.com", "type": "Secondary", @@ -38,10 +58,49 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", + "versionEndExcluding": "11.7.57", + "matchCriteriaId": "D4DE1198-6B4E-41BF-A97F-0EBD1B575D21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "10.12.213", + "matchCriteriaId": "EB91B5E0-93B8-4FD7-9199-B780170A5770" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.axis.com/dam/public/35/2a/a6/cve-2023-21416-en-US-417790.pdf", - "source": "product-security@axis.com" + "source": "product-security@axis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21417.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21417.json index 97510a6111e..b6343cb6bb3 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21417.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21417.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21417", "sourceIdentifier": "product-security@axis.com", "published": "2023-11-21T07:15:09.283", - "lastModified": "2023-11-21T14:08:14.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:35:41.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "product-security@axis.com", "type": "Secondary", @@ -38,10 +58,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", + "versionEndExcluding": "11.7.57", + "matchCriteriaId": "D4DE1198-6B4E-41BF-A97F-0EBD1B575D21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "9.80.49", + "matchCriteriaId": "E20A1DAB-0D5B-4952-B4C0-A6A5808C49FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "10.12.208", + "matchCriteriaId": "2DC5A60B-0BD7-4ABC-8AA6-F1C8ED964EB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf", - "source": "product-security@axis.com" + "source": "product-security@axis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21418.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21418.json index fc4e822ad82..4ddafb68b8e 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21418.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21418.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21418", "sourceIdentifier": "product-security@axis.com", "published": "2023-11-21T07:15:09.583", - "lastModified": "2023-11-21T14:08:14.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:34:55.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "product-security@axis.com", "type": "Secondary", @@ -38,10 +58,67 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*", + "versionEndExcluding": "6.50.5.15", + "matchCriteriaId": "FA86FDF1-58AD-4490-BF2B-D6C8DC083894" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", + "versionEndExcluding": "11.7.57", + "matchCriteriaId": "D4DE1198-6B4E-41BF-A97F-0EBD1B575D21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "8.40.35", + "matchCriteriaId": "A714346C-6398-46ED-81F0-5546B00A2DEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "9.80.49", + "matchCriteriaId": "E20A1DAB-0D5B-4952-B4C0-A6A5808C49FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "10.12.213", + "matchCriteriaId": "EB91B5E0-93B8-4FD7-9199-B780170A5770" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf", - "source": "product-security@axis.com" + "source": "product-security@axis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json index 82bb9301c3b..7cff470c5c2 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json @@ -2,12 +2,12 @@ "id": "CVE-2023-29060", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T20:15:07.230", - "lastModified": "2023-11-28T20:15:07.230", + "lastModified": "2023-11-28T21:15:07.190", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "The FACSChorus\u00e2\u201e\u00a2 workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data." + "value": "The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json new file mode 100644 index 00000000000..407e944efa8 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29061", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:07.257", + "lastModified": "2023-11-28T21:15:07.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json new file mode 100644 index 00000000000..e3fdde00d6f --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29062", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:07.440", + "lastModified": "2023-11-28T21:15:07.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json new file mode 100644 index 00000000000..58b4a7e3ca4 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29063", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:07.613", + "lastModified": "2023-11-28T21:15:07.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1299" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json new file mode 100644 index 00000000000..120abdbf992 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29064", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:07.800", + "lastModified": "2023-11-28T21:15:07.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json new file mode 100644 index 00000000000..bca9bfdff16 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29065", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:07.990", + "lastModified": "2023-11-28T21:15:07.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-277" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29066.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29066.json new file mode 100644 index 00000000000..479c31c5e2c --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29066.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29066", + "sourceIdentifier": "cybersecurity@bd.com", + "published": "2023-11-28T21:15:08.173", + "lastModified": "2023-11-28T21:15:08.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 3.2, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.7, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@bd.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", + "source": "cybersecurity@bd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38823.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38823.json index 0bee3275544..c73b6382e32 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38823.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38823.json @@ -2,19 +2,199 @@ "id": "CVE-2023-38823", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T20:15:07.357", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T22:02:33.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento del b\u00fafer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n formSetCfm en bin/httpd." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", + "matchCriteriaId": "1B4BD4F2-A420-407B-AB87-039E14C5B1ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", + "matchCriteriaId": "1B4BD4F2-A420-407B-AB87-039E14C5B1ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", + "matchCriteriaId": "D8F25141-8B57-463D-AB97-F52C0143973C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "566DA530-18FC-4A46-95B4-2A7D343A96A7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac19_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", + "matchCriteriaId": "6A95D36D-4C22-4EDC-8CA9-D94C2838A9C9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac19:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B2E477EC-CDE3-4BC4-8F1A-43C2AC3F6381" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", + "matchCriteriaId": "3AC468E5-44D1-4B94-B308-C1025DB1BB7B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json index 87379cc0c24..dad82d532a1 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json @@ -2,19 +2,79 @@ "id": "CVE-2023-46470", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T21:15:08.210", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:57:57.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting en Space Applications Services Yamcs v.5.8.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante un telecomando manipulado en la vista de l\u00ednea de tiempo de ArchiveBrowser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spaceapplications:yacms:5.8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "709795AB-C13A-4646-A87B-272FF61963D4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json index 6d04e8cfd89..8972a8141f4 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json @@ -2,19 +2,79 @@ "id": "CVE-2023-46471", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T21:15:08.253", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:57:35.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting en Space Applications Services Yamcs v.5.8.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la variable de texto scriptContainer de ScriptViewer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spaceapplications:yacms:5.8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "709795AB-C13A-4646-A87B-272FF61963D4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46944.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46944.json new file mode 100644 index 00000000000..e8d8ad5583b --- /dev/null +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46944.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46944", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T22:15:06.937", + "lastModified": "2023-11-28T22:15:06.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gitkraken/vscode-gitlens/commit/ee2a0c42a92d33059a39fd15fbbd5dd3d5ab6440", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46990.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46990.json index 4f599ade117..49cc7b15f15 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46990.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46990.json @@ -2,19 +2,78 @@ "id": "CVE-2023-46990", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T20:15:07.407", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:59:25.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function." + }, + { + "lang": "es", + "value": "La deserializaci\u00f3n de datos no confiables en PublicCMS v.4.0.202302.e permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n writeReplace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:publiccms:publiccms:4.0.202302.e:*:*:*:*:*:*:*", + "matchCriteriaId": "696F37D9-7CB7-428B-ADE4-3EB40573111A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json index f4b45630646..a34e503b893 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json @@ -2,19 +2,97 @@ "id": "CVE-2023-47172", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T21:15:08.293", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:57:21.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la escalada de privilegios locales. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15 y WithSecure Elements Endpoint Protection 17 y posteriores." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "matchCriteriaId": "6C3FF325-62E4-45DF-AA2C-E2B3CCDF080F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "matchCriteriaId": "FDC69E2C-7B7A-4203-949D-25F4343082C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "matchCriteriaId": "73BCD074-70B5-4905-A20F-A60966EB2912" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47172", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json index 8ec60476428..7e39a049824 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47311", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T21:15:08.337", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:52:56.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking." + }, + { + "lang": "es", + "value": "Un problema en Yamcs 5.8.6 permite a los atacantes enviar telecomandos arbitrarios en una pila de comandos mediante Clickjacking." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spaceapplications:yacms:5.8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "709795AB-C13A-4646-A87B-272FF61963D4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47417.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47417.json index bd21f5d9568..3da31e1cd70 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47417.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47417.json @@ -2,23 +2,86 @@ "id": "CVE-2023-47417", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T20:15:07.457", - "lastModified": "2023-11-21T01:38:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-28T21:59:05.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en el componente /shells/embedder.html de DZSlides posterior a v2011.07.25 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paulrouget:dzslides:*:*:*:*:*:*:*:*", + "versionStartExcluding": "2011-07-25", + "matchCriteriaId": "A0964C68-2F7C-4C22-8CCF-00884663DF0F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/cd80/5b7702ffbfc8531f30b56356a4a7f4dd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/paulrouget/dzslides", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json index 532721e5919..07f598eda3d 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47839.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47839", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-23T00:15:09.320", - "lastModified": "2023-11-28T20:51:38.590", + "lastModified": "2023-11-28T21:07:29.180", "vulnStatus": "Analyzed", "descriptions": [ { @@ -89,9 +89,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog_plugin_for_wordpress:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "3.3.26", - "matchCriteriaId": "4276AEF5-FC23-45B7-A0C7-0212B69A6C2B" + "matchCriteriaId": "9BFFCB33-0E37-4307-9FAD-0EB9E6946549" } ] } diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48193.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48193.json new file mode 100644 index 00000000000..0015314ea92 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48193.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-48193", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T21:15:08.373", + "lastModified": "2023-11-28T21:15:08.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://jumpserver.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jumpserver/jumpserver", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48198.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48198.json index a3fcfcae7fe..e25b213070e 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48198.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48198.json @@ -2,12 +2,12 @@ "id": "CVE-2023-48198", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T23:15:08.957", - "lastModified": "2023-11-21T01:03:03.887", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-28T21:15:08.420", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the product description component in the api/stock/products endpoint." + "value": "A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48199.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48199.json index 0c3357c7098..b49302edd26 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48199.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48199.json @@ -2,12 +2,12 @@ "id": "CVE-2023-48199", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T23:15:09.000", - "lastModified": "2023-11-21T01:03:12.623", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-28T21:15:08.477", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code funciton in the manageapikeys component." + "value": "HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker can then manipulate page content in the QR code detail popup, often coupled with social engineering tactics, exploiting both the trust of users and the application's lack of proper input handling." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json new file mode 100644 index 00000000000..18adadc2cb5 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49092", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-28T21:15:08.530", + "lastModified": "2023-11-28T21:15:08.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-385" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6a6fe6f5c54..bf57f35a993 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-28T21:00:17.836328+00:00 +2023-11-28T23:00:18.591431+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-28T20:51:38.590000+00:00 +2023-11-28T22:15:06.937000+00:00 ``` ### Last Data Feed Release @@ -29,50 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231651 +231660 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `9` -* [CVE-2023-48121](CVE-2023/CVE-2023-481xx/CVE-2023-48121.json) (`2023-11-28T19:15:07.340`) -* [CVE-2023-49078](CVE-2023/CVE-2023-490xx/CVE-2023-49078.json) (`2023-11-28T19:15:07.397`) -* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-11-28T20:15:07.230`) -* [CVE-2023-30588](CVE-2023/CVE-2023-305xx/CVE-2023-30588.json) (`2023-11-28T20:15:07.437`) -* [CVE-2023-30590](CVE-2023/CVE-2023-305xx/CVE-2023-30590.json) (`2023-11-28T20:15:07.480`) -* [CVE-2023-45539](CVE-2023/CVE-2023-455xx/CVE-2023-45539.json) (`2023-11-28T20:15:07.817`) +* [CVE-2023-29061](CVE-2023/CVE-2023-290xx/CVE-2023-29061.json) (`2023-11-28T21:15:07.257`) +* [CVE-2023-29062](CVE-2023/CVE-2023-290xx/CVE-2023-29062.json) (`2023-11-28T21:15:07.440`) +* [CVE-2023-29063](CVE-2023/CVE-2023-290xx/CVE-2023-29063.json) (`2023-11-28T21:15:07.613`) +* [CVE-2023-29064](CVE-2023/CVE-2023-290xx/CVE-2023-29064.json) (`2023-11-28T21:15:07.800`) +* [CVE-2023-29065](CVE-2023/CVE-2023-290xx/CVE-2023-29065.json) (`2023-11-28T21:15:07.990`) +* [CVE-2023-29066](CVE-2023/CVE-2023-290xx/CVE-2023-29066.json) (`2023-11-28T21:15:08.173`) +* [CVE-2023-48193](CVE-2023/CVE-2023-481xx/CVE-2023-48193.json) (`2023-11-28T21:15:08.373`) +* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-11-28T21:15:08.530`) +* [CVE-2023-46944](CVE-2023/CVE-2023-469xx/CVE-2023-46944.json) (`2023-11-28T22:15:06.937`) ### CVEs modified in the last Commit -Recently modified CVEs: `49` +Recently modified CVEs: `14` -* [CVE-2023-6207](CVE-2023/CVE-2023-62xx/CVE-2023-6207.json) (`2023-11-28T19:42:50.670`) -* [CVE-2023-6206](CVE-2023/CVE-2023-62xx/CVE-2023-6206.json) (`2023-11-28T19:44:05.347`) -* [CVE-2023-6205](CVE-2023/CVE-2023-62xx/CVE-2023-6205.json) (`2023-11-28T19:44:48.170`) -* [CVE-2023-6204](CVE-2023/CVE-2023-62xx/CVE-2023-6204.json) (`2023-11-28T19:45:10.887`) -* [CVE-2023-49061](CVE-2023/CVE-2023-490xx/CVE-2023-49061.json) (`2023-11-28T19:45:33.650`) -* [CVE-2023-46850](CVE-2023/CVE-2023-468xx/CVE-2023-46850.json) (`2023-11-28T19:47:39.703`) -* [CVE-2023-46849](CVE-2023/CVE-2023-468xx/CVE-2023-46849.json) (`2023-11-28T19:47:44.070`) -* [CVE-2023-47809](CVE-2023/CVE-2023-478xx/CVE-2023-47809.json) (`2023-11-28T19:51:59.687`) -* [CVE-2023-47810](CVE-2023/CVE-2023-478xx/CVE-2023-47810.json) (`2023-11-28T19:52:19.490`) -* [CVE-2023-47811](CVE-2023/CVE-2023-478xx/CVE-2023-47811.json) (`2023-11-28T19:52:35.397`) -* [CVE-2023-47812](CVE-2023/CVE-2023-478xx/CVE-2023-47812.json) (`2023-11-28T20:03:09.987`) -* [CVE-2023-47813](CVE-2023/CVE-2023-478xx/CVE-2023-47813.json) (`2023-11-28T20:03:29.477`) -* [CVE-2023-47814](CVE-2023/CVE-2023-478xx/CVE-2023-47814.json) (`2023-11-28T20:04:37.090`) -* [CVE-2023-47815](CVE-2023/CVE-2023-478xx/CVE-2023-47815.json) (`2023-11-28T20:05:31.977`) -* [CVE-2023-47816](CVE-2023/CVE-2023-478xx/CVE-2023-47816.json) (`2023-11-28T20:07:47.730`) -* [CVE-2023-35078](CVE-2023/CVE-2023-350xx/CVE-2023-35078.json) (`2023-11-28T20:15:07.530`) -* [CVE-2023-47835](CVE-2023/CVE-2023-478xx/CVE-2023-47835.json) (`2023-11-28T20:21:32.220`) -* [CVE-2023-47817](CVE-2023/CVE-2023-478xx/CVE-2023-47817.json) (`2023-11-28T20:23:25.427`) -* [CVE-2023-47821](CVE-2023/CVE-2023-478xx/CVE-2023-47821.json) (`2023-11-28T20:23:38.657`) -* [CVE-2023-47829](CVE-2023/CVE-2023-478xx/CVE-2023-47829.json) (`2023-11-28T20:23:54.067`) -* [CVE-2023-47834](CVE-2023/CVE-2023-478xx/CVE-2023-47834.json) (`2023-11-28T20:24:06.653`) -* [CVE-2023-47833](CVE-2023/CVE-2023-478xx/CVE-2023-47833.json) (`2023-11-28T20:25:42.100`) -* [CVE-2023-47790](CVE-2023/CVE-2023-477xx/CVE-2023-47790.json) (`2023-11-28T20:39:17.157`) -* [CVE-2023-40002](CVE-2023/CVE-2023-400xx/CVE-2023-40002.json) (`2023-11-28T20:50:44.160`) -* [CVE-2023-47839](CVE-2023/CVE-2023-478xx/CVE-2023-47839.json) (`2023-11-28T20:51:38.590`) +* [CVE-2023-47839](CVE-2023/CVE-2023-478xx/CVE-2023-47839.json) (`2023-11-28T21:07:29.180`) +* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-11-28T21:15:07.190`) +* [CVE-2023-48198](CVE-2023/CVE-2023-481xx/CVE-2023-48198.json) (`2023-11-28T21:15:08.420`) +* [CVE-2023-48199](CVE-2023/CVE-2023-481xx/CVE-2023-48199.json) (`2023-11-28T21:15:08.477`) +* [CVE-2023-21418](CVE-2023/CVE-2023-214xx/CVE-2023-21418.json) (`2023-11-28T21:34:55.540`) +* [CVE-2023-21417](CVE-2023/CVE-2023-214xx/CVE-2023-21417.json) (`2023-11-28T21:35:41.927`) +* [CVE-2023-21416](CVE-2023/CVE-2023-214xx/CVE-2023-21416.json) (`2023-11-28T21:36:29.577`) +* [CVE-2023-47311](CVE-2023/CVE-2023-473xx/CVE-2023-47311.json) (`2023-11-28T21:52:56.520`) +* [CVE-2023-47172](CVE-2023/CVE-2023-471xx/CVE-2023-47172.json) (`2023-11-28T21:57:21.713`) +* [CVE-2023-46471](CVE-2023/CVE-2023-464xx/CVE-2023-46471.json) (`2023-11-28T21:57:35.880`) +* [CVE-2023-46470](CVE-2023/CVE-2023-464xx/CVE-2023-46470.json) (`2023-11-28T21:57:57.727`) +* [CVE-2023-47417](CVE-2023/CVE-2023-474xx/CVE-2023-47417.json) (`2023-11-28T21:59:05.567`) +* [CVE-2023-46990](CVE-2023/CVE-2023-469xx/CVE-2023-46990.json) (`2023-11-28T21:59:25.917`) +* [CVE-2023-38823](CVE-2023/CVE-2023-388xx/CVE-2023-38823.json) (`2023-11-28T22:02:33.013`) ## Download and Usage