admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-14T15:00:17.660167+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-14 15:00:21 +00:00
parent ad879663aa
commit 20c712dcaa
12 changed files with 601 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CVE-2017/CVE-2017-201xx/CVE-2017-20187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20187",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-05T21:15:09.190",
"lastModified": "2023-11-07T02:43:26.043",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:44:43.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -39,7 +59,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -65,7 +85,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -75,22 +95,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:floriangaerber:magnesium-php:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.3.0",
"matchCriteriaId": "676606C9-E5D4-4AEB-BB62-2532B3B85E1B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.244482",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.244482",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-258xx/CVE-2023-25800.json
View File

@ -2,18 +2,45 @@
"id": "CVE-2023-25800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T17:15:08.487",
"lastModified": "2023-11-03T18:05:16.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T13:57:41.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Themeum Tutor LMS permite la inyecci\u00f3n SQL. Este problema afecta a Tutor LMS: desde n/a hasta 2.2.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +48,43 @@
"value": "CWE-89"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.0",
"matchCriteriaId": "8C1DD00B-3284-4709-BF45-F5BABB884DCB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-1-10-multiple-student-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-392xx/CVE-2023-39299.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39299",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-11-03T17:15:08.900",
"lastModified": "2023-11-03T18:05:16.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:07:58.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nMusic Station 4.8.11 and later\nMusic Station 5.1.16 and later\nMusic Station 5.3.23 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de path traversal que afecta a Music Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: Music Station 4.8.11 y posteriores Music Station 5.1.16 y posteriores Music Station 5.3.23 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8.0",
"versionEndExcluding": "4.8.11",
"matchCriteriaId": "E9FA0BAC-F9DE-420E-A9DC-3E1A01A3F6EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.16",
"matchCriteriaId": "017EC098-8277-4DDB-8BD3-6466108022CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "5.3.23",
"matchCriteriaId": "95DA9DC0-2461-400D-AACF-9CD9186F8E3D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-61",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-394xx/CVE-2023-39417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39417",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.870",
"lastModified": "2023-11-07T04:17:31.503",
"lastModified": "2023-11-14T14:15:28.793",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -197,6 +197,14 @@
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5553",
"source": "secalert@redhat.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5554",
"source": "secalert@redhat.com"
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-39417",
"source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-394xx/CVE-2023-39418.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39418",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.963",
"lastModified": "2023-09-15T14:15:10.857",
"lastModified": "2023-11-14T14:15:28.957",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PostgreSQL con el uso del comando MERGE, que no puede probar nuevas filas con las pol\u00edticas de seguridad de filas definidas para ACTUALIZAR y SELECCIONAR. Si las pol\u00edticas ACTUALIZAR y SELECCIONAR proh\u00edben algunas filas que las pol\u00edticas INSERTAR no proh\u00edben, un usuario podr\u00eda almacenar dichas filas."
}
],
"metrics": {
@ -134,6 +138,10 @@
"url": "https://security.netapp.com/advisory/ntap-20230915-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5553",
"source": "secalert@redhat.com"
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-39418/",
"source": "secalert@redhat.com",

76
CVE-2023/CVE-2023-469xx/CVE-2023-46964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-05T00:15:08.527",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:42:26.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante el uso de filtrado front-end en lugar de filtrado back-end."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hillstonenet:sc-6000-e3960_firmware:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D36094D-0597-496F-A5A8-0FDC358CAB81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hillstonenet:sc-6000-e3960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF7DE45-27A1-4403-9E04-39D85B155DCE"
}
]
}
]
}
],
"references": [
{
"url": "https://foremost-smash-52a.notion.site/Hillstone-Next-Generation-FireWall-XSS-CVE-2023-46964-6cf1fe91e7ed4795adb1d89d75030d16",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-469xx/CVE-2023-46980.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T16:15:31.103",
"lastModified": "2023-11-03T16:26:21.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T13:37:31.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter."
},
{
"lang": "es",
"value": "Un problema en Best Courier Management System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de un script manipulado al par\u00e1metro ID de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0B90AE-6DFA-40B1-A97C-B445F29F3EB3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sajaljat/CVE-2023-46980/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/3Mz2lSElg7Y",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-472xx/CVE-2023-47234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47234",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T21:15:17.420",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:18:17.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir un bloqueo al procesar un mensaje BGP UPDATE manipulado con un atributo MP_UNREACH_NLRI y datos NLRI adicionales (que carecen de atributos de ruta obligatorios)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "96E183F4-1C38-4876-BA65-38E96CD3E5DC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

64
CVE-2023/CVE-2023-472xx/CVE-2023-47235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47235",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T21:15:17.470",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:16:24.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir una ca\u00edda cuando se procesa un mensaje malformado de BGP UPDATE con un EOR, porque la presencia de un EOR no conduce a un resultado de treat-as-withdraw."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0.1",
"matchCriteriaId": "96E183F4-1C38-4876-BA65-38E96CD3E5DC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-472xx/CVE-2023-47249.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47249",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-05T00:15:08.627",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T14:43:52.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "En International Color Consortium DemoIccMAX 79ecb74, una funci\u00f3n CIccXmlArrayType:::ParseText (para abreviatura sin firmar) en IccUtilXml.cpp en libIccXML.a tiene una lectura fuera de los l\u00edmites."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:color:demoiccmax:2022-06-21:*:*:*:*:*:*:*",
"matchCriteriaId": "10975878-B3F5-48A0-80B1-2AC1EBD0298D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6111.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6111",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-11-14T14:15:29.063",
"lastModified": "2023-11-14T14:15:29.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times.\n\nWe recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93995bf4af2c5a99e2a87f0cd5ce547d31eb7630",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630",
"source": "cve-coordination@google.com"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-14T13:00:18.021497+00:00
2023-11-14T15:00:17.660167+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-14T12:15:20.030000+00:00
2023-11-14T14:44:43.743000+00:00
```
### Last Data Feed Release
@ -29,62 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230528
230529
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `1`
* [CVE-2023-43503](CVE-2023/CVE-2023-435xx/CVE-2023-43503.json) (`2023-11-14T11:15:11.297`)
* [CVE-2023-43504](CVE-2023/CVE-2023-435xx/CVE-2023-43504.json) (`2023-11-14T11:15:11.600`)
* [CVE-2023-43505](CVE-2023/CVE-2023-435xx/CVE-2023-43505.json) (`2023-11-14T11:15:11.853`)
* [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2023-11-14T11:15:12.067`)
* [CVE-2023-44318](CVE-2023/CVE-2023-443xx/CVE-2023-44318.json) (`2023-11-14T11:15:12.287`)
* [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2023-11-14T11:15:12.510`)
* [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2023-11-14T11:15:12.757`)
* [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2023-11-14T11:15:12.973`)
* [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2023-11-14T11:15:13.187`)
* [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2023-11-14T11:15:13.417`)
* [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2023-11-14T11:15:13.753`)
* [CVE-2023-45794](CVE-2023/CVE-2023-457xx/CVE-2023-45794.json) (`2023-11-14T11:15:13.970`)
* [CVE-2023-46096](CVE-2023/CVE-2023-460xx/CVE-2023-46096.json) (`2023-11-14T11:15:14.167`)
* [CVE-2023-46097](CVE-2023/CVE-2023-460xx/CVE-2023-46097.json) (`2023-11-14T11:15:14.360`)
* [CVE-2023-46098](CVE-2023/CVE-2023-460xx/CVE-2023-46098.json) (`2023-11-14T11:15:14.553`)
* [CVE-2023-46099](CVE-2023/CVE-2023-460xx/CVE-2023-46099.json) (`2023-11-14T11:15:14.840`)
* [CVE-2023-46590](CVE-2023/CVE-2023-465xx/CVE-2023-46590.json) (`2023-11-14T11:15:15.063`)
* [CVE-2023-46601](CVE-2023/CVE-2023-466xx/CVE-2023-46601.json) (`2023-11-14T11:15:15.293`)
* [CVE-2023-6111](CVE-2023/CVE-2023-61xx/CVE-2023-6111.json) (`2023-11-14T14:15:29.063`)
### CVEs modified in the last Commit
Recently modified CVEs: `25`
Recently modified CVEs: `10`
* [CVE-2021-37209](CVE-2021/CVE-2021-372xx/CVE-2021-37209.json) (`2023-11-14T11:15:07.980`)
* [CVE-2022-24287](CVE-2022/CVE-2022-242xx/CVE-2022-24287.json) (`2023-11-14T11:15:08.413`)
* [CVE-2022-34663](CVE-2022/CVE-2022-346xx/CVE-2022-34663.json) (`2023-11-14T11:15:08.747`)
* [CVE-2022-39158](CVE-2022/CVE-2022-391xx/CVE-2022-39158.json) (`2023-11-14T11:15:08.910`)
* [CVE-2023-24845](CVE-2023/CVE-2023-248xx/CVE-2023-24845.json) (`2023-11-14T11:15:09.080`)
* [CVE-2023-38070](CVE-2023/CVE-2023-380xx/CVE-2023-38070.json) (`2023-11-14T11:15:09.300`)
* [CVE-2023-38071](CVE-2023/CVE-2023-380xx/CVE-2023-38071.json) (`2023-11-14T11:15:09.447`)
* [CVE-2023-38072](CVE-2023/CVE-2023-380xx/CVE-2023-38072.json) (`2023-11-14T11:15:09.557`)
* [CVE-2023-38073](CVE-2023/CVE-2023-380xx/CVE-2023-38073.json) (`2023-11-14T11:15:09.660`)
* [CVE-2023-38074](CVE-2023/CVE-2023-380xx/CVE-2023-38074.json) (`2023-11-14T11:15:09.770`)
* [CVE-2023-38075](CVE-2023/CVE-2023-380xx/CVE-2023-38075.json) (`2023-11-14T11:15:09.870`)
* [CVE-2023-38076](CVE-2023/CVE-2023-380xx/CVE-2023-38076.json) (`2023-11-14T11:15:09.973`)
* [CVE-2023-38524](CVE-2023/CVE-2023-385xx/CVE-2023-38524.json) (`2023-11-14T11:15:10.070`)
* [CVE-2023-38525](CVE-2023/CVE-2023-385xx/CVE-2023-38525.json) (`2023-11-14T11:15:10.190`)
* [CVE-2023-38526](CVE-2023/CVE-2023-385xx/CVE-2023-38526.json) (`2023-11-14T11:15:10.290`)
* [CVE-2023-38527](CVE-2023/CVE-2023-385xx/CVE-2023-38527.json) (`2023-11-14T11:15:10.373`)
* [CVE-2023-38528](CVE-2023/CVE-2023-385xx/CVE-2023-38528.json) (`2023-11-14T11:15:10.460`)
* [CVE-2023-38529](CVE-2023/CVE-2023-385xx/CVE-2023-38529.json) (`2023-11-14T11:15:10.553`)
* [CVE-2023-38530](CVE-2023/CVE-2023-385xx/CVE-2023-38530.json) (`2023-11-14T11:15:10.660`)
* [CVE-2023-38531](CVE-2023/CVE-2023-385xx/CVE-2023-38531.json) (`2023-11-14T11:15:10.750`)
* [CVE-2023-38532](CVE-2023/CVE-2023-385xx/CVE-2023-38532.json) (`2023-11-14T11:15:10.847`)
* [CVE-2023-39269](CVE-2023/CVE-2023-392xx/CVE-2023-39269.json) (`2023-11-14T11:15:10.950`)
* [CVE-2023-41032](CVE-2023/CVE-2023-410xx/CVE-2023-41032.json) (`2023-11-14T11:15:11.087`)
* [CVE-2023-41033](CVE-2023/CVE-2023-410xx/CVE-2023-41033.json) (`2023-11-14T11:15:11.207`)
* [CVE-2023-4128](CVE-2023/CVE-2023-41xx/CVE-2023-4128.json) (`2023-11-14T12:15:20.030`)
* [CVE-2017-20187](CVE-2017/CVE-2017-201xx/CVE-2017-20187.json) (`2023-11-14T14:44:43.743`)
* [CVE-2023-46980](CVE-2023/CVE-2023-469xx/CVE-2023-46980.json) (`2023-11-14T13:37:31.637`)
* [CVE-2023-25800](CVE-2023/CVE-2023-258xx/CVE-2023-25800.json) (`2023-11-14T13:57:41.837`)
* [CVE-2023-39299](CVE-2023/CVE-2023-392xx/CVE-2023-39299.json) (`2023-11-14T14:07:58.267`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-14T14:15:28.793`)
* [CVE-2023-39418](CVE-2023/CVE-2023-394xx/CVE-2023-39418.json) (`2023-11-14T14:15:28.957`)
* [CVE-2023-47235](CVE-2023/CVE-2023-472xx/CVE-2023-47235.json) (`2023-11-14T14:16:24.860`)
* [CVE-2023-47234](CVE-2023/CVE-2023-472xx/CVE-2023-47234.json) (`2023-11-14T14:18:17.747`)
* [CVE-2023-46964](CVE-2023/CVE-2023-469xx/CVE-2023-46964.json) (`2023-11-14T14:42:26.970`)
* [CVE-2023-47249](CVE-2023/CVE-2023-472xx/CVE-2023-47249.json) (`2023-11-14T14:43:52.597`)
## Download and Usage