admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-11T10:00:25.001618+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-11 10:00:28 +00:00
parent 12fc63b362
commit 15df34c2e1
22 changed files with 645 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-358xx/CVE-2023-35845.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35845",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T08:15:07.493",
"lastModified": "2023-09-11T08:15:07.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected."
}
],
"metrics": {},
"references": [
{
"url": "https://uponfurtherinvestigation.blogspot.com/2023/06/cve-2023-35845-anaconda3-creates.html",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-396xx/CVE-2023-39676.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39676",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T14:15:11.293",
"lastModified": "2023-09-08T17:36:26.487",
"lastModified": "2023-09-11T09:15:08.227",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SimpleImportProduct Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php."
"value": "FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php."
}
],
"metrics": {},

14
CVE-2023/CVE-2023-40xx/CVE-2023-4051.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4051",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:10.147",
"lastModified": "2023-08-04T18:57:00.337",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T09:15:08.707",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116."
"value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {
@ -79,6 +79,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

14
CVE-2023/CVE-2023-40xx/CVE-2023-4053.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4053",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:10.267",
"lastModified": "2023-08-04T19:00:39.263",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T09:15:08.907",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116."
"value": "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {
@ -79,6 +79,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

40
CVE-2023/CVE-2023-41xx/CVE-2023-4104.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-4104",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:08.997",
"lastModified": "2023-09-11T09:15:08.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.\n*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1831318",
"source": "security@mozilla.org"
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055",
"source": "security@mozilla.org"
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110",
"source": "security@mozilla.org"
},
{
"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-39/",
"source": "security@mozilla.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/08/03/1",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-424xx/CVE-2023-42470.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T08:15:07.647",
"lastModified": "2023-09-11T08:15:07.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/imou/blob/main/poc.apk",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-424xx/CVE-2023-42471.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T08:15:07.703",
"lastModified": "2023-09-11T08:15:07.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/wave.ai.browser/blob/main/CWE-94.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/wave.ai.browser/blob/main/poc.apk",
"source": "cve@mitre.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4573.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4573",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T08:15:07.847",
"lastModified": "2023-09-11T08:15:07.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846687",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4574.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4574",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.087",
"lastModified": "2023-09-11T09:15:09.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846688",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4575.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4575",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.143",
"lastModified": "2023-09-11T09:15:09.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846689",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4576.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4576",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.217",
"lastModified": "2023-09-11T09:15:09.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846694",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4577.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4577",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.287",
"lastModified": "2023-09-11T09:15:09.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1847397",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4578.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4578",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.347",
"lastModified": "2023-09-11T09:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839007",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2023/CVE-2023-45xx/CVE-2023-4579.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-4579",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.407",
"lastModified": "2023-09-11T09:15:09.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4580.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4580",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.477",
"lastModified": "2023-09-11T09:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843046",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4581.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4581",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.550",
"lastModified": "2023-09-11T09:15:09.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843758",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4582.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4582",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.617",
"lastModified": "2023-09-11T09:15:09.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. \n*This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773874",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4583.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4583",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.680",
"lastModified": "2023-09-11T09:15:09.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842030",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

36
CVE-2023/CVE-2023-45xx/CVE-2023-4584.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4584",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.740",
"lastModified": "2023-09-11T09:15:09.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2023/CVE-2023-45xx/CVE-2023-4585.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4585",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-11T09:15:09.797",
"lastModified": "2023-09-11T09:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1833504%2C1841082%2C1847904%2C1848999",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38/",
"source": "security@mozilla.org"
}
]
}

55
CVE-2023/CVE-2023-48xx/CVE-2023-4816.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4816",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-09-11T08:15:07.917",
"lastModified": "2023-09-11T08:15:07.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf",
"source": "cybersecurity@hitachienergy.com"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-11T08:00:26.943602+00:00
2023-09-11T10:00:25.001618+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-11T07:15:08.123000+00:00
2023-09-11T09:15:09.797000+00:00
```
### Last Data Feed Release
@ -29,21 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224570
224588
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `18`
* [CVE-2023-40040](CVE-2023/CVE-2023-400xx/CVE-2023-40040.json) (`2023-09-11T06:15:43.830`)
* [CVE-2023-40039](CVE-2023/CVE-2023-400xx/CVE-2023-40039.json) (`2023-09-11T07:15:08.123`)
* [CVE-2023-35845](CVE-2023/CVE-2023-358xx/CVE-2023-35845.json) (`2023-09-11T08:15:07.493`)
* [CVE-2023-42470](CVE-2023/CVE-2023-424xx/CVE-2023-42470.json) (`2023-09-11T08:15:07.647`)
* [CVE-2023-42471](CVE-2023/CVE-2023-424xx/CVE-2023-42471.json) (`2023-09-11T08:15:07.703`)
* [CVE-2023-4573](CVE-2023/CVE-2023-45xx/CVE-2023-4573.json) (`2023-09-11T08:15:07.847`)
* [CVE-2023-4816](CVE-2023/CVE-2023-48xx/CVE-2023-4816.json) (`2023-09-11T08:15:07.917`)
* [CVE-2023-4104](CVE-2023/CVE-2023-41xx/CVE-2023-4104.json) (`2023-09-11T09:15:08.997`)
* [CVE-2023-4574](CVE-2023/CVE-2023-45xx/CVE-2023-4574.json) (`2023-09-11T09:15:09.087`)
* [CVE-2023-4575](CVE-2023/CVE-2023-45xx/CVE-2023-4575.json) (`2023-09-11T09:15:09.143`)
* [CVE-2023-4576](CVE-2023/CVE-2023-45xx/CVE-2023-4576.json) (`2023-09-11T09:15:09.217`)
* [CVE-2023-4577](CVE-2023/CVE-2023-45xx/CVE-2023-4577.json) (`2023-09-11T09:15:09.287`)
* [CVE-2023-4578](CVE-2023/CVE-2023-45xx/CVE-2023-4578.json) (`2023-09-11T09:15:09.347`)
* [CVE-2023-4579](CVE-2023/CVE-2023-45xx/CVE-2023-4579.json) (`2023-09-11T09:15:09.407`)
* [CVE-2023-4580](CVE-2023/CVE-2023-45xx/CVE-2023-4580.json) (`2023-09-11T09:15:09.477`)
* [CVE-2023-4581](CVE-2023/CVE-2023-45xx/CVE-2023-4581.json) (`2023-09-11T09:15:09.550`)
* [CVE-2023-4582](CVE-2023/CVE-2023-45xx/CVE-2023-4582.json) (`2023-09-11T09:15:09.617`)
* [CVE-2023-4583](CVE-2023/CVE-2023-45xx/CVE-2023-4583.json) (`2023-09-11T09:15:09.680`)
* [CVE-2023-4584](CVE-2023/CVE-2023-45xx/CVE-2023-4584.json) (`2023-09-11T09:15:09.740`)
* [CVE-2023-4585](CVE-2023/CVE-2023-45xx/CVE-2023-4585.json) (`2023-09-11T09:15:09.797`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `3`
* [CVE-2023-39676](CVE-2023/CVE-2023-396xx/CVE-2023-39676.json) (`2023-09-11T09:15:08.227`)
* [CVE-2023-4051](CVE-2023/CVE-2023-40xx/CVE-2023-4051.json) (`2023-09-11T09:15:08.707`)
* [CVE-2023-4053](CVE-2023/CVE-2023-40xx/CVE-2023-4053.json) (`2023-09-11T09:15:08.907`)
## Download and Usage