Auto-Update: 2023-11-23T09:04:04.384330+00:00

2025-05-08 11:37:26 +00:00 · 2023-11-23 09:04:08 +00:00 · 2023-11-23 09:04:08 +00:00 · 217b45aa13
commit 217b45aa13
parent 73254b3c17
6 changed files with 273 additions and 36 deletions
--- a/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-28811",
+  "sourceIdentifier": "hsrc@hikvision.com",
+  "published": "2023-11-23T07:15:43.883",
+  "lastModified": "2023-11-23T07:15:43.883",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "hsrc@hikvision.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/",
+      "source": "hsrc@hikvision.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-39253",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-11-23T07:15:45.300",
+  "lastModified": "2023-11-23T07:15:45.300",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000217699/dsa-2023-336-security-update-for-a-dell-os-recovery-tool-vulnerability",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-430xx/CVE-2023-43086.json
+++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43086.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-43086",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-11-23T07:15:46.203",
+  "lastModified": "2023-11-23T07:15:46.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000218424/dsa-2023-387-security-update-for-a-dell-command-configure-vulnerability",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-442xx/CVE-2023-44289.json
+++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44289.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44289",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-11-23T07:15:46.950",
+  "lastModified": "2023-11-23T07:15:46.950",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-442xx/CVE-2023-44290.json
+++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44290.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44290",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-11-23T07:15:47.710",
+  "lastModified": "2023-11-23T07:15:47.710",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-23T05:00:18.560738+00:00
+2023-11-23T09:04:04.384330+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-23T04:15:07.550000+00:00
+2023-11-23T07:15:47.710000+00:00
 ```

 ### Last Data Feed Release
@ -29,50 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-231425
+231430
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `5`

-* [CVE-2023-29073](CVE-2023/CVE-2023-290xx/CVE-2023-29073.json) (`2023-11-23T03:15:41.303`)
-* [CVE-2023-29074](CVE-2023/CVE-2023-290xx/CVE-2023-29074.json) (`2023-11-23T04:15:07.260`)
-* [CVE-2023-29075](CVE-2023/CVE-2023-290xx/CVE-2023-29075.json) (`2023-11-23T04:15:07.340`)
-* [CVE-2023-29076](CVE-2023/CVE-2023-290xx/CVE-2023-29076.json) (`2023-11-23T04:15:07.410`)
-* [CVE-2023-41139](CVE-2023/CVE-2023-411xx/CVE-2023-41139.json) (`2023-11-23T04:15:07.467`)
-* [CVE-2023-41140](CVE-2023/CVE-2023-411xx/CVE-2023-41140.json) (`2023-11-23T04:15:07.550`)
+* [CVE-2023-28811](CVE-2023/CVE-2023-288xx/CVE-2023-28811.json) (`2023-11-23T07:15:43.883`)
+* [CVE-2023-39253](CVE-2023/CVE-2023-392xx/CVE-2023-39253.json) (`2023-11-23T07:15:45.300`)
+* [CVE-2023-43086](CVE-2023/CVE-2023-430xx/CVE-2023-43086.json) (`2023-11-23T07:15:46.203`)
+* [CVE-2023-44289](CVE-2023/CVE-2023-442xx/CVE-2023-44289.json) (`2023-11-23T07:15:46.950`)
+* [CVE-2023-44290](CVE-2023/CVE-2023-442xx/CVE-2023-44290.json) (`2023-11-23T07:15:47.710`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `27`
+Recently modified CVEs: `0`

-* [CVE-2023-5997](CVE-2023/CVE-2023-59xx/CVE-2023-5997.json) (`2023-11-23T03:15:41.490`)
-* [CVE-2023-6112](CVE-2023/CVE-2023-61xx/CVE-2023-6112.json) (`2023-11-23T03:15:41.550`)
-* [CVE-2023-39259](CVE-2023/CVE-2023-392xx/CVE-2023-39259.json) (`2023-11-23T03:29:34.637`)
-* [CVE-2023-36008](CVE-2023/CVE-2023-360xx/CVE-2023-36008.json) (`2023-11-23T03:30:31.723`)
-* [CVE-2023-36026](CVE-2023/CVE-2023-360xx/CVE-2023-36026.json) (`2023-11-23T03:32:39.373`)
-* [CVE-2023-39926](CVE-2023/CVE-2023-399xx/CVE-2023-39926.json) (`2023-11-23T03:34:14.590`)
-* [CVE-2023-38315](CVE-2023/CVE-2023-383xx/CVE-2023-38315.json) (`2023-11-23T03:34:50.727`)
-* [CVE-2023-38316](CVE-2023/CVE-2023-383xx/CVE-2023-38316.json) (`2023-11-23T03:35:41.227`)
-* [CVE-2023-38320](CVE-2023/CVE-2023-383xx/CVE-2023-38320.json) (`2023-11-23T03:35:49.027`)
-* [CVE-2023-44351](CVE-2023/CVE-2023-443xx/CVE-2023-44351.json) (`2023-11-23T03:36:15.277`)
-* [CVE-2023-44352](CVE-2023/CVE-2023-443xx/CVE-2023-44352.json) (`2023-11-23T03:36:27.907`)
-* [CVE-2023-38324](CVE-2023/CVE-2023-383xx/CVE-2023-38324.json) (`2023-11-23T03:36:57.720`)
-* [CVE-2023-38313](CVE-2023/CVE-2023-383xx/CVE-2023-38313.json) (`2023-11-23T03:37:09.847`)
-* [CVE-2023-38314](CVE-2023/CVE-2023-383xx/CVE-2023-38314.json) (`2023-11-23T03:37:21.490`)
-* [CVE-2023-44353](CVE-2023/CVE-2023-443xx/CVE-2023-44353.json) (`2023-11-23T03:38:51.077`)
-* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2023-11-23T03:39:03.367`)
-* [CVE-2023-26347](CVE-2023/CVE-2023-263xx/CVE-2023-26347.json) (`2023-11-23T03:39:14.323`)
-* [CVE-2023-44350](CVE-2023/CVE-2023-443xx/CVE-2023-44350.json) (`2023-11-23T03:39:25.393`)
-* [CVE-2023-28621](CVE-2023/CVE-2023-286xx/CVE-2023-28621.json) (`2023-11-23T03:40:19.607`)
-* [CVE-2023-47797](CVE-2023/CVE-2023-477xx/CVE-2023-47797.json) (`2023-11-23T03:40:36.303`)
-* [CVE-2023-41699](CVE-2023/CVE-2023-416xx/CVE-2023-41699.json) (`2023-11-23T03:41:18.107`)
-* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2023-11-23T03:42:18.233`)
-* [CVE-2023-47688](CVE-2023/CVE-2023-476xx/CVE-2023-47688.json) (`2023-11-23T03:42:32.830`)
-* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-23T03:43:00.230`)
-* [CVE-2023-38322](CVE-2023/CVE-2023-383xx/CVE-2023-38322.json) (`2023-11-23T03:43:20.190`)


 ## Download and Usage