From 0e50de808ad569f9f9a9588f7f14bfe05ac3ae8c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 20 Nov 2023 23:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-20T23:00:17.974728+00:00 --- CVE-2020/CVE-2020-139xx/CVE-2020-13920.json | 6 +- CVE-2021/CVE-2021-261xx/CVE-2021-26117.json | 8 +- CVE-2023/CVE-2023-367xx/CVE-2023-36719.json | 170 +++++++++++++++++++- CVE-2023/CVE-2023-381xx/CVE-2023-38177.json | 73 ++++++++- CVE-2023/CVE-2023-462xx/CVE-2023-46213.json | 10 +- CVE-2023/CVE-2023-462xx/CVE-2023-46214.json | 10 +- CVE-2023/CVE-2023-464xx/CVE-2023-46470.json | 20 +++ CVE-2023/CVE-2023-464xx/CVE-2023-46471.json | 20 +++ CVE-2023/CVE-2023-466xx/CVE-2023-46604.json | 6 +- CVE-2023/CVE-2023-471xx/CVE-2023-47172.json | 20 +++ CVE-2023/CVE-2023-473xx/CVE-2023-47311.json | 20 +++ CVE-2023/CVE-2023-481xx/CVE-2023-48176.json | 20 +++ CVE-2023/CVE-2023-481xx/CVE-2023-48192.json | 28 ++++ CVE-2023/CVE-2023-60xx/CVE-2023-6062.json | 47 ++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6178.json | 43 +++++ README.md | 75 +++------ 16 files changed, 509 insertions(+), 67 deletions(-) create mode 100644 CVE-2023/CVE-2023-464xx/CVE-2023-46470.json create mode 100644 CVE-2023/CVE-2023-464xx/CVE-2023-46471.json create mode 100644 CVE-2023/CVE-2023-471xx/CVE-2023-47172.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47311.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48176.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48192.json create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6062.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6178.json diff --git a/CVE-2020/CVE-2020-139xx/CVE-2020-13920.json b/CVE-2020/CVE-2020-139xx/CVE-2020-13920.json index 4342445aa4e..f11c39097e3 100644 --- a/CVE-2020/CVE-2020-139xx/CVE-2020-13920.json +++ b/CVE-2020/CVE-2020-139xx/CVE-2020-13920.json @@ -2,7 +2,7 @@ "id": "CVE-2020-13920", "sourceIdentifier": "security@apache.org", "published": "2020-09-10T19:15:13.160", - "lastModified": "2023-11-07T03:16:59.830", + "lastModified": "2023-11-20T22:15:06.783", "vulnStatus": "Modified", "descriptions": [ { @@ -159,6 +159,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", + "source": "security@apache.org" + }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "security@apache.org", diff --git a/CVE-2021/CVE-2021-261xx/CVE-2021-26117.json b/CVE-2021/CVE-2021-261xx/CVE-2021-26117.json index 8213cd1d6f1..8010c781052 100644 --- a/CVE-2021/CVE-2021-261xx/CVE-2021-26117.json +++ b/CVE-2021/CVE-2021-261xx/CVE-2021-26117.json @@ -2,7 +2,7 @@ "id": "CVE-2021-26117", "sourceIdentifier": "security@apache.org", "published": "2021-01-27T19:15:13.720", - "lastModified": "2023-11-07T03:31:40.207", + "lastModified": "2023-11-20T22:15:06.903", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ ] }, { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Secondary", "description": [ { @@ -253,6 +253,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", + "source": "security@apache.org" + }, { "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA%40mail.gmail.com%3e", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json index e305944ed06..f1239994f8e 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36719", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:50.820", - "lastModified": "2023-11-14T18:51:33.217", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-20T21:02:51.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Speech Application Programming Interface (SAPI)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,150 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20308", + "matchCriteriaId": "81F826F9-C8B6-4D68-8936-96D2B4AC253F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20308", + "matchCriteriaId": "4BE302B4-747A-457D-B0EE-357CC3191C1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6452", + "matchCriteriaId": "4C3EB2B6-8A7D-48D0-8FBD-EDD32A02B0A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6452", + "matchCriteriaId": "1A36FFD9-2FFD-491F-9CB6-80DE6544A735" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5122", + "matchCriteriaId": "4F018A9A-D2BC-4EB0-BC64-B92DC4EF68DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5122", + "matchCriteriaId": "455A430D-8451-4B60-8496-E0A0CE27EDE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5122", + "matchCriteriaId": "395069C3-88A4-493F-9437-23BFC54EA6EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3693", + "matchCriteriaId": "76D06BFE-474B-4A10-9E9E-9D88DDCD2764" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3693", + "matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2600", + "matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2715", + "matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2715", + "matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81853337-7DC7-4DF4-9EDC-C816C23E836E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36719", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38177.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38177.json index 3428ee7a7aa..92e339df229 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38177.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38177.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38177", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:51.787", - "lastModified": "2023-11-14T18:51:33.217", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-20T21:00:46.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft SharePoint Server." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", + "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", + "matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46213.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46213.json index 67967ff2210..296b07bf99b 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46213.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46213.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46213", "sourceIdentifier": "prodsec@splunk.com", "published": "2023-11-16T21:15:08.390", - "lastModified": "2023-11-16T23:57:47.237", + "lastModified": "2023-11-20T21:15:08.043", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the \u201cShow syntax Highlighted\u201d feature can result in the execution of unauthorized code in a user\u2019s web browser." + }, + { + "lang": "es", + "value": "En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, el escape ineficaz en la funci\u00f3n \"Mostrar sintaxis resaltada\" puede resultar en la ejecuci\u00f3n de c\u00f3digo no autorizado en el navegador web de un usuario." } ], "metrics": { @@ -50,6 +54,10 @@ { "url": "https://advisory.splunk.com/advisories/SVD-2023-1103", "source": "prodsec@splunk.com" + }, + { + "url": "https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/", + "source": "prodsec@splunk.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46214.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46214.json index 067afd5a208..0a9c95f95a2 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46214.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46214.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46214", "sourceIdentifier": "prodsec@splunk.com", "published": "2023-11-16T21:15:08.630", - "lastModified": "2023-11-16T23:57:47.237", + "lastModified": "2023-11-20T21:15:08.133", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance." + }, + { + "lang": "es", + "value": "En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, Splunk Enterprise no sanitiza de forma segura las transformaciones de lenguaje de hojas de estilo extensibles (XSLT) que proporcionan los usuarios. Esto significa que un atacante puede cargar XSLT malicioso, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo en la instancia de Splunk Enterprise." } ], "metrics": { @@ -50,6 +54,10 @@ { "url": "https://advisory.splunk.com/advisories/SVD-2023-1104", "source": "prodsec@splunk.com" + }, + { + "url": "https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/", + "source": "prodsec@splunk.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json new file mode 100644 index 00000000000..b028351e29d --- /dev/null +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46470.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46470", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T21:15:08.210", + "lastModified": "2023-11-20T21:15:08.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json new file mode 100644 index 00000000000..b6f6d7fba1a --- /dev/null +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46471.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46471", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T21:15:08.253", + "lastModified": "2023-11-20T21:15:08.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46604.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46604.json index 0edc61ee227..1968037b025 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46604.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46604.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46604", "sourceIdentifier": "security@apache.org", "published": "2023-10-27T15:15:14.017", - "lastModified": "2023-11-14T03:15:09.620", + "lastModified": "2023-11-20T22:15:07.083", "vulnStatus": "Modified", "cisaExploitAdd": "2023-11-02", "cisaActionDue": "2023-11-23", @@ -162,6 +162,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", + "source": "security@apache.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0010/", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json new file mode 100644 index 00000000000..132cfca9f26 --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47172.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47172", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T21:15:08.293", + "lastModified": "2023-11-20T21:15:08.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47172", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json new file mode 100644 index 00000000000..48723059779 --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47311.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47311", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T21:15:08.337", + "lastModified": "2023-11-20T21:15:08.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json new file mode 100644 index 00000000000..b64d1e351ed --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48176.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48176", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T22:15:07.187", + "lastModified": "2023-11-20T22:15:07.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://prairie-steed-4d7.notion.site/WebsiteGuide-vulnerability-analysis-33a701c4fbf24555bffde17da0c73d8d?pvs=4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48192.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48192.json new file mode 100644 index 00000000000..5904dc1f63f --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48192.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-48192", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T22:15:07.243", + "lastModified": "2023-11-20T22:15:07.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://totolink.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zxsssd/TotoLink-", + "source": "cve@mitre.org" + }, + { + "url": "https://www.totolink.net/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6062.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6062.json new file mode 100644 index 00000000000..92ad23ae383 --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6062.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6062", + "sourceIdentifier": "vulnreport@tenable.com", + "published": "2023-11-20T21:15:08.387", + "lastModified": "2023-11-20T21:15:08.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAn arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. \n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnreport@tenable.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.tenable.com/security/tns-2023-39", + "source": "vulnreport@tenable.com" + }, + { + "url": "https://www.tenable.com/security/tns-2023-40", + "source": "vulnreport@tenable.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6178.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6178.json new file mode 100644 index 00000000000..c4296d71b44 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6178.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-6178", + "sourceIdentifier": "vulnreport@tenable.com", + "published": "2023-11-20T21:15:08.550", + "lastModified": "2023-11-20T21:15:08.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAn arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. \n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnreport@tenable.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.tenable.com/security/tns-2023-41", + "source": "vulnreport@tenable.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 86b0c8d02a0..9f6aba38cfc 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-20T21:00:17.812134+00:00 +2023-11-20T23:00:17.974728+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-20T20:59:22.650000+00:00 +2023-11-20T22:15:07.243000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231177 +231185 ``` ### CVEs added in the last Commit -Recently added CVEs: `33` +Recently added CVEs: `8` -* [CVE-2023-4808](CVE-2023/CVE-2023-48xx/CVE-2023-4808.json) (`2023-11-20T19:15:09.497`) -* [CVE-2023-4824](CVE-2023/CVE-2023-48xx/CVE-2023-4824.json) (`2023-11-20T19:15:09.537`) -* [CVE-2023-4970](CVE-2023/CVE-2023-49xx/CVE-2023-4970.json) (`2023-11-20T19:15:09.580`) -* [CVE-2023-5119](CVE-2023/CVE-2023-51xx/CVE-2023-5119.json) (`2023-11-20T19:15:09.620`) -* [CVE-2023-5140](CVE-2023/CVE-2023-51xx/CVE-2023-5140.json) (`2023-11-20T19:15:09.677`) -* [CVE-2023-5340](CVE-2023/CVE-2023-53xx/CVE-2023-5340.json) (`2023-11-20T19:15:09.723`) -* [CVE-2023-5343](CVE-2023/CVE-2023-53xx/CVE-2023-5343.json) (`2023-11-20T19:15:09.770`) -* [CVE-2023-5509](CVE-2023/CVE-2023-55xx/CVE-2023-5509.json) (`2023-11-20T19:15:09.813`) -* [CVE-2023-5609](CVE-2023/CVE-2023-56xx/CVE-2023-5609.json) (`2023-11-20T19:15:09.853`) -* [CVE-2023-5610](CVE-2023/CVE-2023-56xx/CVE-2023-5610.json) (`2023-11-20T19:15:09.897`) -* [CVE-2023-5640](CVE-2023/CVE-2023-56xx/CVE-2023-5640.json) (`2023-11-20T19:15:09.940`) -* [CVE-2023-5651](CVE-2023/CVE-2023-56xx/CVE-2023-5651.json) (`2023-11-20T19:15:09.983`) -* [CVE-2023-5652](CVE-2023/CVE-2023-56xx/CVE-2023-5652.json) (`2023-11-20T19:15:10.027`) -* [CVE-2023-5799](CVE-2023/CVE-2023-57xx/CVE-2023-5799.json) (`2023-11-20T19:15:10.070`) -* [CVE-2023-38879](CVE-2023/CVE-2023-388xx/CVE-2023-38879.json) (`2023-11-20T19:15:08.560`) -* [CVE-2023-38880](CVE-2023/CVE-2023-388xx/CVE-2023-38880.json) (`2023-11-20T19:15:08.600`) -* [CVE-2023-38881](CVE-2023/CVE-2023-388xx/CVE-2023-38881.json) (`2023-11-20T19:15:08.640`) -* [CVE-2023-38882](CVE-2023/CVE-2023-388xx/CVE-2023-38882.json) (`2023-11-20T19:15:08.683`) -* [CVE-2023-38883](CVE-2023/CVE-2023-388xx/CVE-2023-38883.json) (`2023-11-20T19:15:08.730`) -* [CVE-2023-38823](CVE-2023/CVE-2023-388xx/CVE-2023-38823.json) (`2023-11-20T20:15:07.357`) -* [CVE-2023-46990](CVE-2023/CVE-2023-469xx/CVE-2023-46990.json) (`2023-11-20T20:15:07.407`) -* [CVE-2023-47417](CVE-2023/CVE-2023-474xx/CVE-2023-47417.json) (`2023-11-20T20:15:07.457`) -* [CVE-2023-48109](CVE-2023/CVE-2023-481xx/CVE-2023-48109.json) (`2023-11-20T20:15:07.510`) -* [CVE-2023-48110](CVE-2023/CVE-2023-481xx/CVE-2023-48110.json) (`2023-11-20T20:15:07.557`) -* [CVE-2023-48111](CVE-2023/CVE-2023-481xx/CVE-2023-48111.json) (`2023-11-20T20:15:07.600`) +* [CVE-2023-46470](CVE-2023/CVE-2023-464xx/CVE-2023-46470.json) (`2023-11-20T21:15:08.210`) +* [CVE-2023-46471](CVE-2023/CVE-2023-464xx/CVE-2023-46471.json) (`2023-11-20T21:15:08.253`) +* [CVE-2023-47172](CVE-2023/CVE-2023-471xx/CVE-2023-47172.json) (`2023-11-20T21:15:08.293`) +* [CVE-2023-47311](CVE-2023/CVE-2023-473xx/CVE-2023-47311.json) (`2023-11-20T21:15:08.337`) +* [CVE-2023-6062](CVE-2023/CVE-2023-60xx/CVE-2023-6062.json) (`2023-11-20T21:15:08.387`) +* [CVE-2023-6178](CVE-2023/CVE-2023-61xx/CVE-2023-6178.json) (`2023-11-20T21:15:08.550`) +* [CVE-2023-48176](CVE-2023/CVE-2023-481xx/CVE-2023-48176.json) (`2023-11-20T22:15:07.187`) +* [CVE-2023-48192](CVE-2023/CVE-2023-481xx/CVE-2023-48192.json) (`2023-11-20T22:15:07.243`) ### CVEs modified in the last Commit -Recently modified CVEs: `106` +Recently modified CVEs: `7` -* [CVE-2023-47532](CVE-2023/CVE-2023-475xx/CVE-2023-47532.json) (`2023-11-20T20:30:41.437`) -* [CVE-2023-47528](CVE-2023/CVE-2023-475xx/CVE-2023-47528.json) (`2023-11-20T20:33:17.070`) -* [CVE-2023-47524](CVE-2023/CVE-2023-475xx/CVE-2023-47524.json) (`2023-11-20T20:33:57.610`) -* [CVE-2023-47522](CVE-2023/CVE-2023-475xx/CVE-2023-47522.json) (`2023-11-20T20:34:17.370`) -* [CVE-2023-47520](CVE-2023/CVE-2023-475xx/CVE-2023-47520.json) (`2023-11-20T20:34:47.700`) -* [CVE-2023-46582](CVE-2023/CVE-2023-465xx/CVE-2023-46582.json) (`2023-11-20T20:35:04.477`) -* [CVE-2023-46022](CVE-2023/CVE-2023-460xx/CVE-2023-46022.json) (`2023-11-20T20:35:12.013`) -* [CVE-2023-36038](CVE-2023/CVE-2023-360xx/CVE-2023-36038.json) (`2023-11-20T20:36:46.283`) -* [CVE-2023-28377](CVE-2023/CVE-2023-283xx/CVE-2023-28377.json) (`2023-11-20T20:49:59.327`) -* [CVE-2023-28397](CVE-2023/CVE-2023-283xx/CVE-2023-28397.json) (`2023-11-20T20:50:38.043`) -* [CVE-2023-26589](CVE-2023/CVE-2023-265xx/CVE-2023-26589.json) (`2023-11-20T20:50:48.007`) -* [CVE-2023-25949](CVE-2023/CVE-2023-259xx/CVE-2023-25949.json) (`2023-11-20T20:51:01.480`) -* [CVE-2023-25603](CVE-2023/CVE-2023-256xx/CVE-2023-25603.json) (`2023-11-20T20:52:25.217`) -* [CVE-2023-22310](CVE-2023/CVE-2023-223xx/CVE-2023-22310.json) (`2023-11-20T20:52:46.387`) -* [CVE-2023-22305](CVE-2023/CVE-2023-223xx/CVE-2023-22305.json) (`2023-11-20T20:52:53.930`) -* [CVE-2023-34431](CVE-2023/CVE-2023-344xx/CVE-2023-34431.json) (`2023-11-20T20:55:51.143`) -* [CVE-2023-33874](CVE-2023/CVE-2023-338xx/CVE-2023-33874.json) (`2023-11-20T20:56:52.927`) -* [CVE-2023-32661](CVE-2023/CVE-2023-326xx/CVE-2023-32661.json) (`2023-11-20T20:57:14.177`) -* [CVE-2023-33878](CVE-2023/CVE-2023-338xx/CVE-2023-33878.json) (`2023-11-20T20:57:36.867`) -* [CVE-2023-32660](CVE-2023/CVE-2023-326xx/CVE-2023-32660.json) (`2023-11-20T20:57:55.033`) -* [CVE-2023-32658](CVE-2023/CVE-2023-326xx/CVE-2023-32658.json) (`2023-11-20T20:58:05.023`) -* [CVE-2023-32655](CVE-2023/CVE-2023-326xx/CVE-2023-32655.json) (`2023-11-20T20:58:37.973`) -* [CVE-2023-32278](CVE-2023/CVE-2023-322xx/CVE-2023-32278.json) (`2023-11-20T20:59:00.060`) -* [CVE-2023-28737](CVE-2023/CVE-2023-287xx/CVE-2023-28737.json) (`2023-11-20T20:59:13.887`) -* [CVE-2023-28723](CVE-2023/CVE-2023-287xx/CVE-2023-28723.json) (`2023-11-20T20:59:22.650`) +* [CVE-2020-13920](CVE-2020/CVE-2020-139xx/CVE-2020-13920.json) (`2023-11-20T22:15:06.783`) +* [CVE-2021-26117](CVE-2021/CVE-2021-261xx/CVE-2021-26117.json) (`2023-11-20T22:15:06.903`) +* [CVE-2023-38177](CVE-2023/CVE-2023-381xx/CVE-2023-38177.json) (`2023-11-20T21:00:46.393`) +* [CVE-2023-36719](CVE-2023/CVE-2023-367xx/CVE-2023-36719.json) (`2023-11-20T21:02:51.473`) +* [CVE-2023-46213](CVE-2023/CVE-2023-462xx/CVE-2023-46213.json) (`2023-11-20T21:15:08.043`) +* [CVE-2023-46214](CVE-2023/CVE-2023-462xx/CVE-2023-46214.json) (`2023-11-20T21:15:08.133`) +* [CVE-2023-46604](CVE-2023/CVE-2023-466xx/CVE-2023-46604.json) (`2023-11-20T22:15:07.083`) ## Download and Usage