admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-18T23:00:25.033958+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-18 23:00:28 +00:00
parent 109bee3a18
commit 1413c23e02
33 changed files with 2382 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2023/CVE-2023-04xx/CVE-2023-0437.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-0437",
"sourceIdentifier": "cna@mongodb.com",
"published": "2024-01-12T14:15:47.387",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:18:53.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When calling bson_utf8_validate\u00a0on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n\n"
},
{
"lang": "es",
"value": "Al llamar a bson_utf8_validate en algunas entradas puede ocurrir un bucle con una condici\u00f3n de salida que no se puede alcanzar, es decir, un bucle infinito. Este problema afecta a All MongoDB C Driver anteriores a la versi\u00f3n 1.25.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*",
"versionEndExcluding": "1.25.0",
"matchCriteriaId": "82F06E2D-CEA4-4506-A89D-50D8E6551222"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.mongodb.org/browse/CDRIVER-4747",
"source": "cna@mongodb.com"
"source": "cna@mongodb.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-20xx/CVE-2023-2030.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2030",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:47.833",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:18:39.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 12.2 anterior a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2 en el que un atacante podr\u00eda modificar los metadatos de las confirmaciones firmadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "64C111BB-CD2F-42AE-AD4E-2DED5FF34907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "C1FCE458-EACF-476C-B0F5-D31373E4457D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*",
"matchCriteriaId": "150F88EA-DA27-4042-9778-932904C2FD41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*",
"matchCriteriaId": "D385A20C-BC93-4BB9-A47D-50C89D4DFA95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407252",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1929929",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43815.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43815",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:08.717",
"lastModified": "2024-01-18T22:15:08.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wscreendesctextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43816.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43816",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:08.957",
"lastModified": "2024-01-18T22:15:08.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wkpfstringlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43817.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43817",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.183",
"lastModified": "2024-01-18T22:15:09.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wmailcontentlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43818.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43818",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.383",
"lastModified": "2024-01-18T22:15:09.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43819.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43819",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.587",
"lastModified": "2024-01-18T22:15:09.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-initialmacrolen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43820.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43820",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.800",
"lastModified": "2024-01-18T22:15:09.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesprevvaluelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43821.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43821",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.017",
"lastModified": "2024-01-18T22:15:10.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesactionlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43822.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43822",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.220",
"lastModified": "2024-01-18T22:15:10.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlestimelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43823.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43823",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.430",
"lastModified": "2024-01-18T22:15:10.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wttitlelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43824.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-43824",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.630",
"lastModified": "2024-01-18T22:15:10.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtitletextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

15
CVE-2023/CVE-2023-470xx/CVE-2023-47092.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-47092",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T21:15:08.177",
"lastModified": "2024-01-18T21:15:08.177",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

98
CVE-2023/CVE-2023-48xx/CVE-2023-4812.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4812",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:48.510",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:18:27.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 15.3 anteriores a 16.5.6, todas las versiones desde 16.6 anteriores a 16.6.4, todas las versiones desde 16.7 anteriores a 16.7.2. La aprobaci\u00f3n requerida de CODEOWNERS podr\u00eda omitirse agregando cambios a una solicitud de fusi\u00f3n previamente aprobada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.3.0",
"versionEndExcluding": "16.5.5",
"matchCriteriaId": "B4DEAEEE-6DB8-4426-B577-97961307110D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.3.0",
"versionEndExcluding": "16.5.5",
"matchCriteriaId": "D547FEBC-A6BC-4057-B23D-1A7F91DFAF47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424398",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2115574",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

83
CVE-2023/CVE-2023-492xx/CVE-2023-49253.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49253",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-12T15:15:08.927",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:14:22.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Root user password is hardcoded into the device and cannot be changed in the user interface.\n\n"
},
{
"lang": "es",
"value": "La contrase\u00f1a del usuario root est\u00e1 codificada en el dispositivo y no se puede cambiar en la interfaz de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -23,14 +60,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2310271149",
"matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-492xx/CVE-2023-49254.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49254",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-12T15:15:09.017",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:14:11.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \"destination\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly."
},
{
"lang": "es",
"value": "El usuario autenticado puede ejecutar comandos arbitrarios en el contexto del usuario root proporcionando un payload en el campo \"destination\" de las herramientas de prueba de red. Esto es similar a la vulnerabilidad CVE-2021-28151 mitigada en el nivel de la interfaz de usuario al incluir caracteres en la lista negra con JavaScript; sin embargo, a\u00fan se puede explotar enviando solicitudes POST directamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -23,14 +60,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2310271149",
"matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-492xx/CVE-2023-49256.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49256",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-12T15:15:09.160",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:14:03.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key."
},
{
"lang": "es",
"value": "Es posible descargar la copia de seguridad de la configuraci\u00f3n sin autorizaci\u00f3n y descifrar las contrase\u00f1as incluidas utilizando una clave est\u00e1tica codificada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -23,14 +60,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2310271149",
"matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-492xx/CVE-2023-49257.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49257",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-12T15:15:09.230",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:13:51.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges."
},
{
"lang": "es",
"value": "Un usuario autenticado puede cargar un archivo arbitrario compatible con CGI utilizando la utilidad de carga de certificados y ejecutarlo con privilegios de usuario root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -23,14 +60,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2310271149",
"matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-506xx/CVE-2023-50614.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50614",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T22:15:10.843",
"lastModified": "2024-01-18T22:15:10.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/Password-plaintext-output/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

72
CVE-2023/CVE-2023-510xx/CVE-2023-51063.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2023-51063",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T04:15:07.820",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:38:53.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0, contiene una vulnerabilidad de scross site scripting (XSS) reflejado basada en DOM dentro del componente qnme-ajax?method=tree_level."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*",
"matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51063.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-512xx/CVE-2023-51217.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51217",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T21:15:08.243",
"lastModified": "2024-01-18T21:15:08.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/websafe2021/CVE/blob/main/TenghuTOS-TWS-200.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-512xx/CVE-2023-51258.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51258",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T21:15:08.293",
"lastModified": "2024-01-18T21:15:08.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hanxuer/crashes/blob/main/yasm/04/readme.md",
"source": "cve@mitre.org"
}
]
}

80
CVE-2023/CVE-2023-51xx/CVE-2023-5130.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-5130",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.890",
"lastModified": "2024-01-18T22:15:10.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 4.9,
"impactScore": 9.5,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-51xx/CVE-2023-5131.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-5131",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:11.100",
"lastModified": "2024-01-18T22:15:11.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:C",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 4.9,
"impactScore": 9.5,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/",
"source": "disclosures@exodusintel.com"
}
]
}

104
CVE-2023/CVE-2023-53xx/CVE-2023-5356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5356",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:48.707",
"lastModified": "2024-01-16T08:15:09.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:17:29.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.13.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "A0266465-DBD2-4133-90B2-8DAE8D5C8588"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.13.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "75FBB40A-5B80-4CCC-81A1-B134B9529A23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*",
"matchCriteriaId": "150F88EA-DA27-4042-9778-932904C2FD41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*",
"matchCriteriaId": "D385A20C-BC93-4BB9-A47D-50C89D4DFA95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2188868",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

101
CVE-2023/CVE-2023-69xx/CVE-2023-6955.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6955",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:49.233",
"lastModified": "2024-01-12T15:54:26.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T21:16:42.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. "
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso inadecuado en GitLab Remote Development que afecta a todas las versiones anteriores a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2. Esta condici\u00f3n permite a un atacante crear un workspace en un grupo asociado con un agente de otro grupo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "69C82A9A-87DA-4974-94B2-0623B86F482D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "FC133DE0-541F-4FEE-ADA5-7A2855BDB7EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*",
"matchCriteriaId": "150F88EA-DA27-4042-9778-932904C2FD41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*",
"matchCriteriaId": "D385A20C-BC93-4BB9-A47D-50C89D4DFA95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

165
CVE-2023/CVE-2023-70xx/CVE-2023-7028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7028",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:49.420",
"lastModified": "2024-01-17T20:15:50.813",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-18T21:15:51.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,18 +80,143 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "64C111BB-CD2F-42AE-AD4E-2DED5FF34907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "16.5.6",
"matchCriteriaId": "C1FCE458-EACF-476C-B0F5-D31373E4457D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.6",
"matchCriteriaId": "4D1D5473-F384-420D-BD91-F2466F2CA278"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.6",
"matchCriteriaId": "6BEF9E84-75C1-41C0-BE14-7F550E2BE932"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2.0",
"versionEndExcluding": "16.2.9",
"matchCriteriaId": "1D29FF9D-9113-44A9-99C2-074B1B217B7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2.0",
"versionEndExcluding": "16.2.9",
"matchCriteriaId": "AEA35F1C-5E02-407B-ADC6-4FDEFF885E59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.7",
"matchCriteriaId": "B3F039EF-84DD-41B6-AB5D-BF3F44A488C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.7",
"matchCriteriaId": "02C5947D-659A-4AE9-B2C8-08287AC03BF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.4.5",
"matchCriteriaId": "C89EFE63-81D9-4964-BE91-BF31AA40C165"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.4.5",
"matchCriteriaId": "4B4C9455-DBA2-480B-8C59-898BC9DB8795"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "16.6.4",
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:*",
"matchCriteriaId": "150F88EA-DA27-4042-9778-932904C2FD41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "29C6355F-1CD3-4E4A-AACA-19B497A631D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:*",
"matchCriteriaId": "D385A20C-BC93-4BB9-A47D-50C89D4DFA95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77D86BC4-D4DD-4848-B0FD-0C16A3D2DF89"
}
]
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2293343",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

63
CVE-2024/CVE-2024-224xx/CVE-2024-22401.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-22401",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.343",
"lastModified": "2024-01-18T21:15:08.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/guests/pull/1082",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2250398",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-224xx/CVE-2024-22402.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-22402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.590",
"lastModified": "2024-01-18T21:15:08.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. However subsequent API calls all failed correctly, so in most apps no additional information was leaked. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/guests/pull/1082",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2251074",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-224xx/CVE-2024-22404.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-22404",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.830",
"lastModified": "2024-01-18T21:15:08.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2247457",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-224xx/CVE-2024-22415.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-22415",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:09.087",
"lastModified": "2024-01-18T21:15:09.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-224xx/CVE-2024-22418.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22418",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:09.323",
"lastModified": "2024-01-18T21:15:09.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as \u201c><img src=x onerror=prompt('XSS')>.jpg\u201d triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp",
"source": "security-advisories@github.com"
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-18T21:00:25.551968+00:00
2024-01-18T23:00:25.033958+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-18T20:58:47.270000+00:00
2024-01-18T22:15:11.100000+00:00
```
### Last Data Feed Release
@ -29,50 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236322
236343
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `21`
* [CVE-2023-49943](CVE-2023/CVE-2023-499xx/CVE-2023-49943.json) (`2024-01-18T19:15:09.340`)
* [CVE-2024-22212](CVE-2024/CVE-2024-222xx/CVE-2024-22212.json) (`2024-01-18T19:15:10.353`)
* [CVE-2024-22419](CVE-2024/CVE-2024-224xx/CVE-2024-22419.json) (`2024-01-18T19:15:10.550`)
* [CVE-2024-22213](CVE-2024/CVE-2024-222xx/CVE-2024-22213.json) (`2024-01-18T20:15:08.113`)
* [CVE-2024-22400](CVE-2024/CVE-2024-224xx/CVE-2024-22400.json) (`2024-01-18T20:15:08.360`)
* [CVE-2024-22403](CVE-2024/CVE-2024-224xx/CVE-2024-22403.json) (`2024-01-18T20:15:08.610`)
* [CVE-2023-47092](CVE-2023/CVE-2023-470xx/CVE-2023-47092.json) (`2024-01-18T21:15:08.177`)
* [CVE-2023-51217](CVE-2023/CVE-2023-512xx/CVE-2023-51217.json) (`2024-01-18T21:15:08.243`)
* [CVE-2023-51258](CVE-2023/CVE-2023-512xx/CVE-2023-51258.json) (`2024-01-18T21:15:08.293`)
* [CVE-2023-43815](CVE-2023/CVE-2023-438xx/CVE-2023-43815.json) (`2024-01-18T22:15:08.717`)
* [CVE-2023-43816](CVE-2023/CVE-2023-438xx/CVE-2023-43816.json) (`2024-01-18T22:15:08.957`)
* [CVE-2023-43817](CVE-2023/CVE-2023-438xx/CVE-2023-43817.json) (`2024-01-18T22:15:09.183`)
* [CVE-2023-43818](CVE-2023/CVE-2023-438xx/CVE-2023-43818.json) (`2024-01-18T22:15:09.383`)
* [CVE-2023-43819](CVE-2023/CVE-2023-438xx/CVE-2023-43819.json) (`2024-01-18T22:15:09.587`)
* [CVE-2023-43820](CVE-2023/CVE-2023-438xx/CVE-2023-43820.json) (`2024-01-18T22:15:09.800`)
* [CVE-2023-43821](CVE-2023/CVE-2023-438xx/CVE-2023-43821.json) (`2024-01-18T22:15:10.017`)
* [CVE-2023-43822](CVE-2023/CVE-2023-438xx/CVE-2023-43822.json) (`2024-01-18T22:15:10.220`)
* [CVE-2023-43823](CVE-2023/CVE-2023-438xx/CVE-2023-43823.json) (`2024-01-18T22:15:10.430`)
* [CVE-2023-43824](CVE-2023/CVE-2023-438xx/CVE-2023-43824.json) (`2024-01-18T22:15:10.630`)
* [CVE-2023-50614](CVE-2023/CVE-2023-506xx/CVE-2023-50614.json) (`2024-01-18T22:15:10.843`)
* [CVE-2023-5130](CVE-2023/CVE-2023-51xx/CVE-2023-5130.json) (`2024-01-18T22:15:10.890`)
* [CVE-2023-5131](CVE-2023/CVE-2023-51xx/CVE-2023-5131.json) (`2024-01-18T22:15:11.100`)
* [CVE-2024-22401](CVE-2024/CVE-2024-224xx/CVE-2024-22401.json) (`2024-01-18T21:15:08.343`)
* [CVE-2024-22402](CVE-2024/CVE-2024-224xx/CVE-2024-22402.json) (`2024-01-18T21:15:08.590`)
* [CVE-2024-22404](CVE-2024/CVE-2024-224xx/CVE-2024-22404.json) (`2024-01-18T21:15:08.830`)
* [CVE-2024-22415](CVE-2024/CVE-2024-224xx/CVE-2024-22415.json) (`2024-01-18T21:15:09.087`)
* [CVE-2024-22418](CVE-2024/CVE-2024-224xx/CVE-2024-22418.json) (`2024-01-18T21:15:09.323`)
### CVEs modified in the last Commit
Recently modified CVEs: `99`
Recently modified CVEs: `11`
* [CVE-2024-0416](CVE-2024/CVE-2024-04xx/CVE-2024-0416.json) (`2024-01-18T20:09:52.287`)
* [CVE-2024-0415](CVE-2024/CVE-2024-04xx/CVE-2024-0415.json) (`2024-01-18T20:10:13.733`)
* [CVE-2024-0414](CVE-2024/CVE-2024-04xx/CVE-2024-0414.json) (`2024-01-18T20:11:45.007`)
* [CVE-2024-0413](CVE-2024/CVE-2024-04xx/CVE-2024-0413.json) (`2024-01-18T20:12:44.737`)
* [CVE-2024-21594](CVE-2024/CVE-2024-215xx/CVE-2024-21594.json) (`2024-01-18T20:14:10.903`)
* [CVE-2024-21591](CVE-2024/CVE-2024-215xx/CVE-2024-21591.json) (`2024-01-18T20:14:24.380`)
* [CVE-2024-21642](CVE-2024/CVE-2024-216xx/CVE-2024-21642.json) (`2024-01-18T20:15:52.813`)
* [CVE-2024-21982](CVE-2024/CVE-2024-219xx/CVE-2024-21982.json) (`2024-01-18T20:16:20.420`)
* [CVE-2024-0443](CVE-2024/CVE-2024-04xx/CVE-2024-0443.json) (`2024-01-18T20:16:39.840`)
* [CVE-2024-0412](CVE-2024/CVE-2024-04xx/CVE-2024-0412.json) (`2024-01-18T20:20:05.993`)
* [CVE-2024-23179](CVE-2024/CVE-2024-231xx/CVE-2024-23179.json) (`2024-01-18T20:21:13.830`)
* [CVE-2024-23178](CVE-2024/CVE-2024-231xx/CVE-2024-23178.json) (`2024-01-18T20:22:07.447`)
* [CVE-2024-23177](CVE-2024/CVE-2024-231xx/CVE-2024-23177.json) (`2024-01-18T20:22:24.457`)
* [CVE-2024-23174](CVE-2024/CVE-2024-231xx/CVE-2024-23174.json) (`2024-01-18T20:23:11.307`)
* [CVE-2024-23173](CVE-2024/CVE-2024-231xx/CVE-2024-23173.json) (`2024-01-18T20:23:22.817`)
* [CVE-2024-23172](CVE-2024/CVE-2024-231xx/CVE-2024-23172.json) (`2024-01-18T20:23:36.063`)
* [CVE-2024-23171](CVE-2024/CVE-2024-231xx/CVE-2024-23171.json) (`2024-01-18T20:23:45.707`)
* [CVE-2024-21617](CVE-2024/CVE-2024-216xx/CVE-2024-21617.json) (`2024-01-18T20:28:48.990`)
* [CVE-2024-21611](CVE-2024/CVE-2024-216xx/CVE-2024-21611.json) (`2024-01-18T20:30:07.573`)
* [CVE-2024-0460](CVE-2024/CVE-2024-04xx/CVE-2024-0460.json) (`2024-01-18T20:37:41.797`)
* [CVE-2024-21595](CVE-2024/CVE-2024-215xx/CVE-2024-21595.json) (`2024-01-18T20:37:57.160`)
* [CVE-2024-21606](CVE-2024/CVE-2024-216xx/CVE-2024-21606.json) (`2024-01-18T20:39:18.483`)
* [CVE-2024-22494](CVE-2024/CVE-2024-224xx/CVE-2024-22494.json) (`2024-01-18T20:39:35.327`)
* [CVE-2024-21607](CVE-2024/CVE-2024-216xx/CVE-2024-21607.json) (`2024-01-18T20:41:11.583`)
* [CVE-2024-21641](CVE-2024/CVE-2024-216xx/CVE-2024-21641.json) (`2024-01-18T20:42:19.490`)
* [CVE-2023-49257](CVE-2023/CVE-2023-492xx/CVE-2023-49257.json) (`2024-01-18T21:13:51.623`)
* [CVE-2023-49256](CVE-2023/CVE-2023-492xx/CVE-2023-49256.json) (`2024-01-18T21:14:03.490`)
* [CVE-2023-49254](CVE-2023/CVE-2023-492xx/CVE-2023-49254.json) (`2024-01-18T21:14:11.877`)
* [CVE-2023-49253](CVE-2023/CVE-2023-492xx/CVE-2023-49253.json) (`2024-01-18T21:14:22.820`)
* [CVE-2023-7028](CVE-2023/CVE-2023-70xx/CVE-2023-7028.json) (`2024-01-18T21:15:51.483`)
* [CVE-2023-6955](CVE-2023/CVE-2023-69xx/CVE-2023-6955.json) (`2024-01-18T21:16:42.053`)
* [CVE-2023-5356](CVE-2023/CVE-2023-53xx/CVE-2023-5356.json) (`2024-01-18T21:17:29.540`)
* [CVE-2023-4812](CVE-2023/CVE-2023-48xx/CVE-2023-4812.json) (`2024-01-18T21:18:27.850`)
* [CVE-2023-2030](CVE-2023/CVE-2023-20xx/CVE-2023-2030.json) (`2024-01-18T21:18:39.847`)
* [CVE-2023-0437](CVE-2023/CVE-2023-04xx/CVE-2023-0437.json) (`2024-01-18T21:18:53.223`)
* [CVE-2023-51063](CVE-2023/CVE-2023-510xx/CVE-2023-51063.json) (`2024-01-18T21:38:53.560`)
## Download and Usage