From 217b45aa1335e2e24c4338d025966e712613473d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 23 Nov 2023 09:04:08 +0000 Subject: [PATCH] Auto-Update: 2023-11-23T09:04:04.384330+00:00 --- CVE-2023/CVE-2023-288xx/CVE-2023-28811.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39253.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-430xx/CVE-2023-43086.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44289.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44290.json | 55 +++++++++++++++++++++ README.md | 46 ++++------------- 6 files changed, 273 insertions(+), 36 deletions(-) create mode 100644 CVE-2023/CVE-2023-288xx/CVE-2023-28811.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39253.json create mode 100644 CVE-2023/CVE-2023-430xx/CVE-2023-43086.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44289.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44290.json diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json new file mode 100644 index 00000000000..dca79a9e707 --- /dev/null +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28811", + "sourceIdentifier": "hsrc@hikvision.com", + "published": "2023-11-23T07:15:43.883", + "lastModified": "2023-11-23T07:15:43.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "hsrc@hikvision.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/", + "source": "hsrc@hikvision.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json new file mode 100644 index 00000000000..7052f44bdec --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39253.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39253", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-11-23T07:15:45.300", + "lastModified": "2023-11-23T07:15:45.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000217699/dsa-2023-336-security-update-for-a-dell-os-recovery-tool-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43086.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43086.json new file mode 100644 index 00000000000..631d83bb828 --- /dev/null +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43086.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43086", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-11-23T07:15:46.203", + "lastModified": "2023-11-23T07:15:46.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218424/dsa-2023-387-security-update-for-a-dell-command-configure-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44289.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44289.json new file mode 100644 index 00000000000..e4ee16f0228 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44289.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44289", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-11-23T07:15:46.950", + "lastModified": "2023-11-23T07:15:46.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44290.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44290.json new file mode 100644 index 00000000000..6cc4fed7600 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44290.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44290", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-11-23T07:15:47.710", + "lastModified": "2023-11-23T07:15:47.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ac2a76be4e3..00e3e349963 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-23T05:00:18.560738+00:00 +2023-11-23T09:04:04.384330+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-23T04:15:07.550000+00:00 +2023-11-23T07:15:47.710000+00:00 ``` ### Last Data Feed Release @@ -29,50 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231425 +231430 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `5` -* [CVE-2023-29073](CVE-2023/CVE-2023-290xx/CVE-2023-29073.json) (`2023-11-23T03:15:41.303`) -* [CVE-2023-29074](CVE-2023/CVE-2023-290xx/CVE-2023-29074.json) (`2023-11-23T04:15:07.260`) -* [CVE-2023-29075](CVE-2023/CVE-2023-290xx/CVE-2023-29075.json) (`2023-11-23T04:15:07.340`) -* [CVE-2023-29076](CVE-2023/CVE-2023-290xx/CVE-2023-29076.json) (`2023-11-23T04:15:07.410`) -* [CVE-2023-41139](CVE-2023/CVE-2023-411xx/CVE-2023-41139.json) (`2023-11-23T04:15:07.467`) -* [CVE-2023-41140](CVE-2023/CVE-2023-411xx/CVE-2023-41140.json) (`2023-11-23T04:15:07.550`) +* [CVE-2023-28811](CVE-2023/CVE-2023-288xx/CVE-2023-28811.json) (`2023-11-23T07:15:43.883`) +* [CVE-2023-39253](CVE-2023/CVE-2023-392xx/CVE-2023-39253.json) (`2023-11-23T07:15:45.300`) +* [CVE-2023-43086](CVE-2023/CVE-2023-430xx/CVE-2023-43086.json) (`2023-11-23T07:15:46.203`) +* [CVE-2023-44289](CVE-2023/CVE-2023-442xx/CVE-2023-44289.json) (`2023-11-23T07:15:46.950`) +* [CVE-2023-44290](CVE-2023/CVE-2023-442xx/CVE-2023-44290.json) (`2023-11-23T07:15:47.710`) ### CVEs modified in the last Commit -Recently modified CVEs: `27` +Recently modified CVEs: `0` -* [CVE-2023-5997](CVE-2023/CVE-2023-59xx/CVE-2023-5997.json) (`2023-11-23T03:15:41.490`) -* [CVE-2023-6112](CVE-2023/CVE-2023-61xx/CVE-2023-6112.json) (`2023-11-23T03:15:41.550`) -* [CVE-2023-39259](CVE-2023/CVE-2023-392xx/CVE-2023-39259.json) (`2023-11-23T03:29:34.637`) -* [CVE-2023-36008](CVE-2023/CVE-2023-360xx/CVE-2023-36008.json) (`2023-11-23T03:30:31.723`) -* [CVE-2023-36026](CVE-2023/CVE-2023-360xx/CVE-2023-36026.json) (`2023-11-23T03:32:39.373`) -* [CVE-2023-39926](CVE-2023/CVE-2023-399xx/CVE-2023-39926.json) (`2023-11-23T03:34:14.590`) -* [CVE-2023-38315](CVE-2023/CVE-2023-383xx/CVE-2023-38315.json) (`2023-11-23T03:34:50.727`) -* [CVE-2023-38316](CVE-2023/CVE-2023-383xx/CVE-2023-38316.json) (`2023-11-23T03:35:41.227`) -* [CVE-2023-38320](CVE-2023/CVE-2023-383xx/CVE-2023-38320.json) (`2023-11-23T03:35:49.027`) -* [CVE-2023-44351](CVE-2023/CVE-2023-443xx/CVE-2023-44351.json) (`2023-11-23T03:36:15.277`) -* [CVE-2023-44352](CVE-2023/CVE-2023-443xx/CVE-2023-44352.json) (`2023-11-23T03:36:27.907`) -* [CVE-2023-38324](CVE-2023/CVE-2023-383xx/CVE-2023-38324.json) (`2023-11-23T03:36:57.720`) -* [CVE-2023-38313](CVE-2023/CVE-2023-383xx/CVE-2023-38313.json) (`2023-11-23T03:37:09.847`) -* [CVE-2023-38314](CVE-2023/CVE-2023-383xx/CVE-2023-38314.json) (`2023-11-23T03:37:21.490`) -* [CVE-2023-44353](CVE-2023/CVE-2023-443xx/CVE-2023-44353.json) (`2023-11-23T03:38:51.077`) -* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2023-11-23T03:39:03.367`) -* [CVE-2023-26347](CVE-2023/CVE-2023-263xx/CVE-2023-26347.json) (`2023-11-23T03:39:14.323`) -* [CVE-2023-44350](CVE-2023/CVE-2023-443xx/CVE-2023-44350.json) (`2023-11-23T03:39:25.393`) -* [CVE-2023-28621](CVE-2023/CVE-2023-286xx/CVE-2023-28621.json) (`2023-11-23T03:40:19.607`) -* [CVE-2023-47797](CVE-2023/CVE-2023-477xx/CVE-2023-47797.json) (`2023-11-23T03:40:36.303`) -* [CVE-2023-41699](CVE-2023/CVE-2023-416xx/CVE-2023-41699.json) (`2023-11-23T03:41:18.107`) -* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2023-11-23T03:42:18.233`) -* [CVE-2023-47688](CVE-2023/CVE-2023-476xx/CVE-2023-47688.json) (`2023-11-23T03:42:32.830`) -* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-23T03:43:00.230`) -* [CVE-2023-38322](CVE-2023/CVE-2023-383xx/CVE-2023-38322.json) (`2023-11-23T03:43:20.190`) ## Download and Usage