admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-19T02:00:28.796022+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-19 02:00:32 +00:00
parent 5ef5f9b096
commit 124bc8b54b
26 changed files with 1635 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
CVE-2022/CVE-2022-467xx/CVE-2022-46706.json
View File

@ -2,27 +2,175 @@
"id": "CVE-2022-46706",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.237",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:48:18.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213183",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "https://support.apple.com/en-us/HT213184",
"source": "product-security@apple.com"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT213185",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
"matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.6.5",
"matchCriteriaId": "BFCD1738-94C6-42DF-8699-BC96589F7221"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.3",
"matchCriteriaId": "9422A022-F279-4596-BC97-3223611D73DC"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213183",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213184",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213185",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

76
CVE-2022/CVE-2022-467xx/CVE-2022-46722.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2022-46722",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.303",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:43:34.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0",
"matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "13.0",
"matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2022/CVE-2022-467xx/CVE-2022-46724.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2022-46724",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.360",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:43:43.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2022/CVE-2022-467xx/CVE-2022-46725.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2022-46725",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.420",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:43:53.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

140
CVE-2022/CVE-2022-485xx/CVE-2022-48503.json
View File

@ -2,35 +2,139 @@
"id": "CVE-2022-48503",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.490",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:35.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213340",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
{
"url": "https://support.apple.com/en-us/HT213341",
"source": "product-security@apple.com"
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT213342",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/HT213345",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213346",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "5CB295E5-F980-40EC-AF3D-8D5739204C04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.5",
"matchCriteriaId": "F86C9DC9-3814-4254-A332-257455B6880A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "83FC1965-2381-49FF-9521-355D29B28B71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213340",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213341",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213342",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213345",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213346",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-279xx/CVE-2023-27939.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-27939",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.573",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:42.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-279xx/CVE-2023-27947.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-27947",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.637",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:22.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-279xx/CVE-2023-27948.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-27948",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.710",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:48.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-281xx/CVE-2023-28179.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-28179",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.770",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:44:01.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-281xx/CVE-2023-28198.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-28198",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.830",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:43:25.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-281xx/CVE-2023-28199.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-28199",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.893",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:57.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-284xx/CVE-2023-28479.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-28479",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T14:15:09.770",
"lastModified": "2023-08-15T16:06:01.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:44:22.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://neo4j.com/security/cve-2023-28479/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"
}
]
}
]
}
],
"references": [
{
"url": "https://neo4j.com/security/cve-2023-28479/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-323xx/CVE-2023-32358.json
View File

@ -2,23 +2,99 @@
"id": "CVE-2023-32358",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.957",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:42:12.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "79A85DA3-B374-444F-B9A2-7E4F334C26DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38851.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38851",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:10.603",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:45:27.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38852.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:10.760",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:43:18.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38853.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38853",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:10.897",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:45:35.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38854.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38854",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.047",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:45:44.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38855.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38855",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.153",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:45:53.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38856.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.270",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:46:02.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libxls_project:libxls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "716193D2-B36C-4AED-BB10-43E8E89E2E0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libxls/libxls/issues/124",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38857.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.420",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:46:29.767",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/knik0/faad2/issues/171",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faad2_project:faad2:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2F342-2F20-4146-8972-7FFE7B524B0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/knik0/faad2/issues/171",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-388xx/CVE-2023-38858.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38858",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.597",
"lastModified": "2023-08-15T17:15:41.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-19T00:46:47.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/knik0/faad2/issues/173",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faad2_project:faad2:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2F342-2F20-4146-8972-7FFE7B524B0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/knik0/faad2/issues/173",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

6
CVE-2023/CVE-2023-39xx/CVE-2023-3997.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-3997",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-07-31T17:15:10.110",
"lastModified": "2023-08-04T17:09:13.420",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-19T01:15:09.100",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action."
"value": "Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action."
}
],
"metrics": {

6
CVE-2023/CVE-2023-400xx/CVE-2023-40037.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40037",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-18T22:15:10.690",
"lastModified": "2023-08-18T22:15:10.690",
"lastModified": "2023-08-19T00:15:09.703",
"vulnStatus": "Received",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/18/2",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q",
"source": "security@apache.org"

59
CVE-2023/CVE-2023-44xx/CVE-2023-4432.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4432",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-19T01:15:09.290",
"lastModified": "2023-08-19T01:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-44xx/CVE-2023-4433.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4433",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-19T01:15:09.573",
"lastModified": "2023-08-19T01:15:09.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a",
"source": "security@huntr.dev"
}
]
}

43
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-18T23:55:27.099738+00:00
2023-08-19T02:00:28.796022+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-18T22:15:11.653000+00:00
2023-08-19T01:15:09.573000+00:00
```
### Last Data Feed Release
@ -23,31 +23,50 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-08-18T00:00:13.596307+00:00
2023-08-19T00:00:13.540076+00:00
```
### Total Number of included CVEs
```plain
223002
223004
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `2`
* [CVE-2023-38839](CVE-2023/CVE-2023-388xx/CVE-2023-38839.json) (`2023-08-18T22:15:09.803`)
* [CVE-2023-40037](CVE-2023/CVE-2023-400xx/CVE-2023-40037.json) (`2023-08-18T22:15:10.690`)
* [CVE-2023-40172](CVE-2023/CVE-2023-401xx/CVE-2023-40172.json) (`2023-08-18T22:15:11.017`)
* [CVE-2023-40173](CVE-2023/CVE-2023-401xx/CVE-2023-40173.json) (`2023-08-18T22:15:11.127`)
* [CVE-2023-40174](CVE-2023/CVE-2023-401xx/CVE-2023-40174.json) (`2023-08-18T22:15:11.423`)
* [CVE-2023-40175](CVE-2023/CVE-2023-401xx/CVE-2023-40175.json) (`2023-08-18T22:15:11.653`)
* [CVE-2023-4432](CVE-2023/CVE-2023-44xx/CVE-2023-4432.json) (`2023-08-19T01:15:09.290`)
* [CVE-2023-4433](CVE-2023/CVE-2023-44xx/CVE-2023-4433.json) (`2023-08-19T01:15:09.573`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `23`
* [CVE-2022-48503](CVE-2022/CVE-2022-485xx/CVE-2022-48503.json) (`2023-08-19T00:42:35.700`)
* [CVE-2022-46722](CVE-2022/CVE-2022-467xx/CVE-2022-46722.json) (`2023-08-19T00:43:34.500`)
* [CVE-2022-46724](CVE-2022/CVE-2022-467xx/CVE-2022-46724.json) (`2023-08-19T00:43:43.330`)
* [CVE-2022-46725](CVE-2022/CVE-2022-467xx/CVE-2022-46725.json) (`2023-08-19T00:43:53.407`)
* [CVE-2022-46706](CVE-2022/CVE-2022-467xx/CVE-2022-46706.json) (`2023-08-19T00:48:18.847`)
* [CVE-2023-40037](CVE-2023/CVE-2023-400xx/CVE-2023-40037.json) (`2023-08-19T00:15:09.703`)
* [CVE-2023-32358](CVE-2023/CVE-2023-323xx/CVE-2023-32358.json) (`2023-08-19T00:42:12.697`)
* [CVE-2023-27947](CVE-2023/CVE-2023-279xx/CVE-2023-27947.json) (`2023-08-19T00:42:22.560`)
* [CVE-2023-27939](CVE-2023/CVE-2023-279xx/CVE-2023-27939.json) (`2023-08-19T00:42:42.367`)
* [CVE-2023-27948](CVE-2023/CVE-2023-279xx/CVE-2023-27948.json) (`2023-08-19T00:42:48.767`)
* [CVE-2023-28199](CVE-2023/CVE-2023-281xx/CVE-2023-28199.json) (`2023-08-19T00:42:57.233`)
* [CVE-2023-38852](CVE-2023/CVE-2023-388xx/CVE-2023-38852.json) (`2023-08-19T00:43:18.217`)
* [CVE-2023-28198](CVE-2023/CVE-2023-281xx/CVE-2023-28198.json) (`2023-08-19T00:43:25.777`)
* [CVE-2023-28179](CVE-2023/CVE-2023-281xx/CVE-2023-28179.json) (`2023-08-19T00:44:01.763`)
* [CVE-2023-28479](CVE-2023/CVE-2023-284xx/CVE-2023-28479.json) (`2023-08-19T00:44:22.157`)
* [CVE-2023-38851](CVE-2023/CVE-2023-388xx/CVE-2023-38851.json) (`2023-08-19T00:45:27.833`)
* [CVE-2023-38853](CVE-2023/CVE-2023-388xx/CVE-2023-38853.json) (`2023-08-19T00:45:35.180`)
* [CVE-2023-38854](CVE-2023/CVE-2023-388xx/CVE-2023-38854.json) (`2023-08-19T00:45:44.393`)
* [CVE-2023-38855](CVE-2023/CVE-2023-388xx/CVE-2023-38855.json) (`2023-08-19T00:45:53.857`)
* [CVE-2023-38856](CVE-2023/CVE-2023-388xx/CVE-2023-38856.json) (`2023-08-19T00:46:02.807`)
* [CVE-2023-38857](CVE-2023/CVE-2023-388xx/CVE-2023-38857.json) (`2023-08-19T00:46:29.767`)
* [CVE-2023-38858](CVE-2023/CVE-2023-388xx/CVE-2023-38858.json) (`2023-08-19T00:46:47.003`)
* [CVE-2023-3997](CVE-2023/CVE-2023-39xx/CVE-2023-3997.json) (`2023-08-19T01:15:09.100`)
## Download and Usage