From 243e4dbff0128510f2d4506ac22b5ab9be90ff2f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 8 Dec 2023 19:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-12-08T19:00:18.480736+00:00 --- CVE-2019/CVE-2019-182xx/CVE-2019-18279.json | 6 +- CVE-2022/CVE-2022-464xx/CVE-2022-46480.json | 81 +- CVE-2023/CVE-2023-240xx/CVE-2023-24052.json | 75 +- CVE-2023/CVE-2023-269xx/CVE-2023-26941.json | 77 +- CVE-2023/CVE-2023-269xx/CVE-2023-26942.json | 77 +- CVE-2023/CVE-2023-269xx/CVE-2023-26943.json | 77 +- CVE-2023/CVE-2023-288xx/CVE-2023-28811.json | 1152 ++++++++++++++++++- CVE-2023/CVE-2023-335xx/CVE-2023-33595.json | 6 +- CVE-2023/CVE-2023-338xx/CVE-2023-33873.json | 273 ++++- CVE-2023/CVE-2023-349xx/CVE-2023-34982.json | 273 ++++- CVE-2023/CVE-2023-356xx/CVE-2023-35668.json | 78 +- CVE-2023/CVE-2023-364xx/CVE-2023-36404.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40073.json | 83 +- CVE-2023/CVE-2023-400xx/CVE-2023-40074.json | 78 +- CVE-2023/CVE-2023-400xx/CVE-2023-40075.json | 83 +- CVE-2023/CVE-2023-400xx/CVE-2023-40076.json | 63 +- CVE-2023/CVE-2023-400xx/CVE-2023-40077.json | 83 +- CVE-2023/CVE-2023-400xx/CVE-2023-40078.json | 63 +- CVE-2023/CVE-2023-400xx/CVE-2023-40079.json | 63 +- CVE-2023/CVE-2023-400xx/CVE-2023-40080.json | 68 +- CVE-2023/CVE-2023-400xx/CVE-2023-40081.json | 83 +- CVE-2023/CVE-2023-400xx/CVE-2023-40082.json | 63 +- CVE-2023/CVE-2023-400xx/CVE-2023-40083.json | 78 +- CVE-2023/CVE-2023-42xx/CVE-2023-4295.json | 8 +- CVE-2023/CVE-2023-452xx/CVE-2023-45252.json | 77 +- CVE-2023/CVE-2023-452xx/CVE-2023-45253.json | 77 +- CVE-2023/CVE-2023-468xx/CVE-2023-46818.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47100.json | 69 +- CVE-2023/CVE-2023-486xx/CVE-2023-48695.json | 47 +- CVE-2023/CVE-2023-492xx/CVE-2023-49284.json | 53 +- CVE-2023/CVE-2023-492xx/CVE-2023-49285.json | 79 +- CVE-2023/CVE-2023-492xx/CVE-2023-49286.json | 73 +- CVE-2023/CVE-2023-492xx/CVE-2023-49288.json | 48 +- CVE-2023/CVE-2023-492xx/CVE-2023-49289.json | 67 +- CVE-2023/CVE-2023-492xx/CVE-2023-49290.json | 60 +- CVE-2023/CVE-2023-492xx/CVE-2023-49291.json | 88 +- CVE-2023/CVE-2023-492xx/CVE-2023-49292.json | 74 +- CVE-2023/CVE-2023-492xx/CVE-2023-49293.json | 166 ++- CVE-2023/CVE-2023-58xx/CVE-2023-5808.json | 69 +- CVE-2023/CVE-2023-59xx/CVE-2023-5915.json | 118 +- CVE-2023/CVE-2023-59xx/CVE-2023-5944.json | 62 +- CVE-2023/CVE-2023-65xx/CVE-2023-6579.json | 6 +- CVE-2023/CVE-2023-66xx/CVE-2023-6606.json | 63 + CVE-2023/CVE-2023-66xx/CVE-2023-6610.json | 63 + CVE-2023/CVE-2023-66xx/CVE-2023-6615.json | 88 ++ CVE-2023/CVE-2023-66xx/CVE-2023-6616.json | 88 ++ CVE-2023/CVE-2023-66xx/CVE-2023-6617.json | 88 ++ CVE-2023/CVE-2023-66xx/CVE-2023-6618.json | 88 ++ CVE-2023/CVE-2023-66xx/CVE-2023-6619.json | 88 ++ CVE-2023/CVE-2023-66xx/CVE-2023-6622.json | 63 + README.md | 93 +- 51 files changed, 4739 insertions(+), 223 deletions(-) create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6606.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6610.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6615.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6616.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6617.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6618.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6619.json create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6622.json diff --git a/CVE-2019/CVE-2019-182xx/CVE-2019-18279.json b/CVE-2019/CVE-2019-182xx/CVE-2019-18279.json index 769bcd11ee6..f9b76086893 100644 --- a/CVE-2019/CVE-2019-182xx/CVE-2019-18279.json +++ b/CVE-2019/CVE-2019-182xx/CVE-2019-18279.json @@ -2,7 +2,7 @@ "id": "CVE-2019-18279", "sourceIdentifier": "cve@mitre.org", "published": "2019-11-13T18:15:11.000", - "lastModified": "2020-08-24T17:37:01.140", + "lastModified": "2023-12-08T18:54:42.680", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,10 +84,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phoenix:securecore_technology:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:o:phoenix:securecore_technology:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.1.12.0", "versionEndIncluding": "1.5.74.0", - "matchCriteriaId": "42A85F49-223A-4639-8E85-D192CE964460" + "matchCriteriaId": "E8AFEF5A-A0B8-4044-A520-7252C30F075E" } ] } diff --git a/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json b/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json index f9798aec04d..bb1a8858818 100644 --- a/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json +++ b/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46480", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:07.460", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:27:55.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,84 @@ "value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + }, + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*", + "matchCriteriaId": "BA191DAF-E479-4B8D-99BF-2AC6147C4490" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*", + "matchCriteriaId": "AF2D1265-D7A7-4F4D-B0BC-DE788C2163A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json index 3d4b0aa276c..de499459a5c 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24052", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.410", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:38:12.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "Un problema descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a, ya que no solicita la contrase\u00f1a actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*", + "matchCriteriaId": "7CC3408F-6CB5-4B0E-9536-D08A4DE072B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C55398C2-DC1C-4623-8AD8-7064125604FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json index 33884e8b814..1167b4f55a7 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26941", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.110", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:27:42.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,80 @@ "value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Conexis L1 v1.1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:assaabloy:yale_conexis_l1_firmware:1.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B71B4794-D7C8-4706-BE6C-CCB7DD1501BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:assaabloy:yale_conexis_l1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F42CFF42-528A-46E9-B17D-3A4BD6C96E56" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json index e66d40bc725..6c74686ea38 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26942", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.163", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:27:34.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,80 @@ "value": "Mecanismos de cifrado d\u00e9biles en etiquetas RFID en Yale IA-210 Alarm v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica al original." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:assaabloy:yale_ia-210_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A113202F-3607-460D-B5EF-8709CF1ABE99" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:assaabloy:yale_ia-210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3EC236-4CB0-41B5-9716-FFD2116C76E2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json index 7d557ea490c..1f985fbbaae 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26943", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.227", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:27:23.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,80 @@ "value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Keyless Lock v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:assaabloy:yale_keyless_smart_lock_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "409D79C4-6F3B-4DC8-80C2-064B045EED63" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:assaabloy:yale_keyless_smart_lock:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FEF2DB4-31EF-40EA-8650-93DABCDE79D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json index c92baef101f..78b180b8510 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28811.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28811", "sourceIdentifier": "hsrc@hikvision.com", "published": "2023-11-23T07:15:43.883", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:53:08.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "hsrc@hikvision.com", "type": "Secondary", @@ -38,10 +58,1136 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-216mh-c\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "2866C462-CAFE-4C36-8E56-D6E90E1AA05C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-216mh-c\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "C0FCA884-E56F-4BA6-B9F1-BFDB9B2CB7C8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-216mh-c\\/16p\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "6EF85CF4-A784-4016-8E6D-10D85805B1D9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-216mh-c\\/16p\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D541596-7401-48CA-81CA-C0A51ADB7E9B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-208mh-c\\/8p\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "FF49EAFA-0600-451A-B10B-B7D30561BEC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-208mh-c\\/8p\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FDB452E-8872-402C-8F0D-048797D7DCE4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-c\\/4p\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "AA12A4C1-1197-4BE5-9C5E-BBD3F2C56915" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-c\\/4p\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE816CA7-541F-43A2-AEB0-E7933539BFEF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-c\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "A899EA64-31F2-44E2-A34C-96190DD5CD2E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-c\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "60D1E687-A3CA-40C9-ADB9-2BDE0F02D507" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-c\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "4CECFE7F-08FE-497A-B0AB-102BAAD6A97A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-c\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87F821C-C4C9-440D-A707-D3CACA8AF01F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-116mh-c\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "0EA9DB35-E758-436B-A4D5-55110EC6AE38" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-116mh-c\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FD85111-5C2B-4BBB-A38A-530F33F88267" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7104ni-q1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "EB62A6E2-5707-4E98-B77F-B66C8D417160" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7104ni-q1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B03652C6-1B5D-4A06-961D-E539A11695F3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7104ni-q1\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "376855CF-EFE0-4475-8A2F-F6917BBBC759" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7104ni-q1\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8A0918C-0944-48AC-B2EC-B9F76BA470A8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7108ni-q1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "FC46EA11-F556-4BCC-9C2B-ED8CB276F5F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7108ni-q1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6F810ED-B8FC-489A-9CC7-1DF7F62D412A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7108ni-q1\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "FB3F868B-744E-4FAB-97FB-C0474312F5F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7108ni-q1\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "0141B360-B87C-40CF-8AAC-C2C46D25779A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-d\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "80FEBC09-58E5-4405-B77D-DB675A306215" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-d\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E164711-9E65-4FA9-B97E-99FC162FD80B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-d\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "883F8125-923C-47D4-8E5E-6B9412555793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-d\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "07CD4DE7-18A4-4158-80C3-404A529C7371" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108h-d\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "93AE98BC-C1CC-488C-86D8-518A3D075434" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108h-d\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7A833AB3-14AC-4FEC-8932-3C40B854D0C6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-d\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "8D3B8968-5319-4281-970E-E54BF28964A9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-d\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "C19B9342-E287-442F-8C20-9242D7F8F557" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-d\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "CB6F7F3C-CE13-45C8-AE09-A46D8B84EC0E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-d\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "CBCF9D96-3568-431E-B524-8D1ED3E6CB67" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-d\\/4p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "404A345D-15F9-47D1-B7F9-09AA4F4F30CB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-d\\/4p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DA8BC89-DCDB-4888-868E-2A876A2BD566" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108h-d\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "21E04072-4DA3-4755-B716-BAE2C99D431A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108h-d\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "37613B35-63B9-40D4-999A-E154682B923C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108h-d\\/8p\\(d\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "B92F3C03-341A-4D8F-AC49-0A7AD1890365" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108h-d\\/8p\\(d\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "881ABC7F-FAE3-46C0-9DB1-B9FDB2AF882D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-d\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "C9EDE8FF-2E93-484D-BEFB-76DC883B4F3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-d\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "0589FDC3-C72C-49E9-9770-CB7941AF4F83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7604ni-q1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "E3F2081D-8FC4-4202-A3D0-305C3AC9AFF0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7604ni-q1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDE75D7F-016C-4283-8C79-62C25EA7F6DD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7604ni-q1\\/4p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "BCAFF353-7447-4E3A-8A6D-F3A35FE63094" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7604ni-q1\\/4p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB14B267-05CD-4F1A-BC1B-51CA73F3F554" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-q1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "CE27F258-75A3-4C26-B18F-9DB56F091CAE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-q1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "31969AAC-C947-41DF-BE80-AB60B446EC31" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-q1\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "3F55B2DC-39D1-4836-B18A-238A4D8F31E6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-q1\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "C558B77E-2B6B-49DD-B64B-00E7F2A8F19C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-q2\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "0D915E6F-0A2C-472F-9353-B053CA3A1E70" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-q2\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "0102689C-DD24-47A1-A53B-4C220608FFCF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-q2\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "5CA110C5-A666-4A8B-B8A3-A86C428C4C43" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-q2\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "496E40B6-EED2-4B28-9142-EF064C90EDF5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7616ni-q1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "90BED1A9-7B25-4D3D-B015-0825E19AF672" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7616ni-q1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D77558E-9733-4C0B-9B00-56CCE691A2D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7616ni-q2\\/16p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "C3037FD6-9457-4AC9-9BC9-E49A3E6D3FEC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7616ni-q2\\/16p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "CBDD014F-549C-4ADD-B14F-27940DD52A83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7616ni-q2\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "91BAC09E-FC54-468D-BF5D-847F3BB98979" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7616ni-q2\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC8F09D0-23AA-47E5-BB63-10483F2A934D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7604ni-k1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "0B1C6E27-CD1C-4817-823D-34178D49C618" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7604ni-k1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "903FAF50-4812-4F40-88BE-9607398621F2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7604ni-k1\\/4p\\/4g\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "8BD8A78F-0BD9-45B5-88CE-C031761B8600" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7604ni-k1\\/4p\\/4g\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "753D77F9-A091-4774-B9E8-EC25C7DE14F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-k1\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "59F23962-60F7-405E-A190-93554F7BA864" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-k1\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B03EFB2C-A104-46F4-A9BD-1DA9FB9D465F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7608ni-k1\\/8p\\/4g\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "43AC9816-A0E0-4FEB-BC84-A54FA63CA6F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7608ni-k1\\/8p\\/4g\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "31894565-AC5F-41EE-AA45-253F8212EB5E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-7616ni-k1\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "07D57007-8117-404B-8C51-A269144861D2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-7616ni-k1\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "A11A0DC5-C7FE-4F17-8E5B-54A86F0D8D02" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-208mh-c\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "EE41C2EF-67AA-4B68-9EDE-7F9D847BBE58" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-208mh-c\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "F4C7B754-918D-4DF0-8342-0FD5107BB1EE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-104mh-c\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "F5C6A180-76FD-42FD-996C-2BD6A6B8228F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-104mh-c\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE98FEEB-BBD8-47E8-9B5C-39ED7FE26903" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-c\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "66649621-F6A2-436A-B1DC-2E425679E1F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-c\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9696985-6736-4429-AA2E-74B5E98A5414" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-108mh-c\\/8p\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "7D3685B2-05A3-4FE7-BC12-018DDBEB6E00" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-108mh-c\\/8p\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E543F8E1-683F-4619-B851-046CE97E4C06" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:nvr-116mh-c\\(c\\)_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "7DF5DCCE-D9F0-4E37-AAF8-C3DAE5C0FAA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:nvr-116mh-c\\(c\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3689612-344B-4C08-9ABF-1AA349E0322B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:dvr_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.60", + "matchCriteriaId": "51572509-A13A-4BCA-9D9C-7265C5603FC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/", - "source": "hsrc@hikvision.com" + "source": "hsrc@hikvision.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json index 2e6804bc654..70df6b52fb4 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33595", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T20:15:09.920", - "lastModified": "2023-06-15T14:58:42.833", + "lastModified": "2023-12-08T17:03:53.690", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:python:cpython:3.12.0:alpha_7:*:*:*:*:*:*", - "matchCriteriaId": "9B61BE28-33F3-425C-9788-867DF50D9AC9" + "criteria": "cpe:2.3:a:python:python:3.12.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "BA2D7BE3-5AEE-42DC-892C-747202C4A542" } ] } diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json index 3a8fb79165b..1505e7a6595 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33873", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-15T17:15:41.313", - "lastModified": "2023-11-16T01:43:41.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:27:53.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios est\u00e1ndar escale a privilegios del sistema en la m\u00e1quina donde est\u00e1n instalados estos productos, lo que resulta en un compromiso total de la m\u00e1quina de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,245 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "5C2AEDAE-18DB-40C0-AFB0-57136A822BBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "F546770E-B402-4577-8E0D-C7D34CFDE549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*", + "matchCriteriaId": "6A67B8AC-2282-4F39-9795-D61F48304049" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "D62B3995-706D-4285-A3C7-900ED2D176B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "D97EE6DC-CCB3-40FF-BC75-A694DCBCE50D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "B74F0988-CB5D-4FC4-8CBD-6B43F6CB4C22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "B38368FD-D573-4C6A-BBB7-B0CC477C44AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20.1.101", + "matchCriteriaId": "6CE5AEFF-0C5F-499C-B4AF-3594CC591061" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.7.002", + "matchCriteriaId": "9D63D153-5F92-4732-8CE7-BF821FDC1FFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "310008CD-1FB4-47C3-9B20-1DF0BC537019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "33FE93BF-8221-4A84-845B-13693E28F570" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "D479F013-5ABC-4B59-845A-E06EF0ADF107" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "5B67B330-EB63-4026-A961-EA2EE76A8355" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "06F39A93-CE38-4696-A301-3B08BB02AA0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "87B6DFEA-FED8-4A02-B09A-2676D5C8A5DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "A3FDBC50-37E5-4F02-BDAC-22490D139C71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "A7D7123E-2439-4325-9733-F10DFF180C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "E5519C16-D78F-4B03-BF68-25977782C15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*", + "matchCriteriaId": "1288B3F5-2A5F-4516-96F8-FDB33A71060A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*", + "matchCriteriaId": "353CAFF0-2928-46F1-B5B5-9F0122BCDF38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "2244B652-6874-4BD3-9F6A-C01274CE7F25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*", + "matchCriteriaId": "40D03AD9-31E2-422F-9137-4E881A942C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "B9AA5D22-126E-4E0B-AD44-8990B9218AA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*", + "matchCriteriaId": "062CEF6D-5308-4CC7-A20A-84298C527C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "63BCBC30-F337-47AB-96F1-54E46F735B1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "7B493552-4A0D-49DC-8669-C7E714669D98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "2B714DE8-6E27-48ED-8CB5-6FD3DECB8718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "4FF7755E-D26A-4D55-88BB-2811A18C2589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "5B0AB6DC-D05F-429F-9FEF-500BE9780456" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*", + "matchCriteriaId": "8E69E722-AA58-49BD-9D22-5A6DC40FE85F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "18048EB2-8F4C-4C75-93BD-0C3D6C42AB4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "D47F4B07-B67F-4855-AED2-D17B0E76FA8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "1ED7E9C7-B882-4F57-B796-59A4F90EE185" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "33D5FF9C-590D-4BA3-A265-35956E4F36DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*", + "matchCriteriaId": "12AD341A-07AE-4837-A1DC-471FFF0926DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "62A91A30-CB69-4E14-9C32-BF848E740944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "061DD968-A34E-4AA2-B0EC-ECBAF4B15605" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "78E65146-9CB1-423B-A565-48530C453382" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*", + "matchCriteriaId": "64EF2703-3C49-468A-ADA9-E78173DF4F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*", + "matchCriteriaId": "4131B6FF-AF15-4F52-9415-A9E150B169DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json index 1042832b937..99724ae41b3 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34982", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-15T17:15:41.563", - "lastModified": "2023-11-16T01:43:41.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:53:18.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad de control externo, si se explota, podr\u00eda permitir que un usuario local autenticado en el sistema operativo con privilegios est\u00e1ndar elimine archivos con privilegios de sistema en la m\u00e1quina donde est\u00e1n instalados estos productos, lo que resultar\u00eda en una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,245 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "5C2AEDAE-18DB-40C0-AFB0-57136A822BBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "F546770E-B402-4577-8E0D-C7D34CFDE549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*", + "matchCriteriaId": "6A67B8AC-2282-4F39-9795-D61F48304049" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "D62B3995-706D-4285-A3C7-900ED2D176B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "D97EE6DC-CCB3-40FF-BC75-A694DCBCE50D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "B74F0988-CB5D-4FC4-8CBD-6B43F6CB4C22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "B38368FD-D573-4C6A-BBB7-B0CC477C44AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20.1.101", + "matchCriteriaId": "6CE5AEFF-0C5F-499C-B4AF-3594CC591061" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.7.002", + "matchCriteriaId": "9D63D153-5F92-4732-8CE7-BF821FDC1FFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "310008CD-1FB4-47C3-9B20-1DF0BC537019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "33FE93BF-8221-4A84-845B-13693E28F570" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "D479F013-5ABC-4B59-845A-E06EF0ADF107" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "5B67B330-EB63-4026-A961-EA2EE76A8355" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "06F39A93-CE38-4696-A301-3B08BB02AA0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "87B6DFEA-FED8-4A02-B09A-2676D5C8A5DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "A3FDBC50-37E5-4F02-BDAC-22490D139C71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "A7D7123E-2439-4325-9733-F10DFF180C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "E5519C16-D78F-4B03-BF68-25977782C15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*", + "matchCriteriaId": "1288B3F5-2A5F-4516-96F8-FDB33A71060A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*", + "matchCriteriaId": "353CAFF0-2928-46F1-B5B5-9F0122BCDF38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "2244B652-6874-4BD3-9F6A-C01274CE7F25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*", + "matchCriteriaId": "40D03AD9-31E2-422F-9137-4E881A942C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "B9AA5D22-126E-4E0B-AD44-8990B9218AA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*", + "matchCriteriaId": "062CEF6D-5308-4CC7-A20A-84298C527C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "63BCBC30-F337-47AB-96F1-54E46F735B1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "7B493552-4A0D-49DC-8669-C7E714669D98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "2B714DE8-6E27-48ED-8CB5-6FD3DECB8718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "4FF7755E-D26A-4D55-88BB-2811A18C2589" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "5B0AB6DC-D05F-429F-9FEF-500BE9780456" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*", + "matchCriteriaId": "8E69E722-AA58-49BD-9D22-5A6DC40FE85F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "18048EB2-8F4C-4C75-93BD-0C3D6C42AB4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "D47F4B07-B67F-4855-AED2-D17B0E76FA8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "1ED7E9C7-B882-4F57-B796-59A4F90EE185" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*", + "matchCriteriaId": "33D5FF9C-590D-4BA3-A265-35956E4F36DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*", + "matchCriteriaId": "12AD341A-07AE-4837-A1DC-471FFF0926DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "62A91A30-CB69-4E14-9C32-BF848E740944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2020", + "matchCriteriaId": "061DD968-A34E-4AA2-B0EC-ECBAF4B15605" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "78E65146-9CB1-423B-A565-48530C453382" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*", + "matchCriteriaId": "64EF2703-3C49-468A-ADA9-E78173DF4F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*", + "matchCriteriaId": "4131B6FF-AF15-4F52-9415-A9E150B169DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json index d30060eb5a1..0d0ddfe5820 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35668", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.460", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:47:02.357", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -14,11 +14,81 @@ "value": "En visitUris de Notification.java, existe una forma posible de mostrar im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json index d479f247006..9387fda91e0 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36404.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36404", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T18:15:42.100", - "lastModified": "2023-11-20T20:24:29.553", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-08T17:15:07.307", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176110/Windows-Kernel-Information-Disclosure.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36404", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json index 3b28c89c67a..e6ff939d2aa 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40073", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.553", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:50:29.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,86 @@ "value": "En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json index 3377b5b205c..e2d8c06001f 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40074", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.607", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:51:45.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,81 @@ "value": "En saveToXml de PersistableBundle.java, los datos no v\u00e1lidos podr\u00edan provocar una denegaci\u00f3n de servicio persistente local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json index e993382bfaa..1ff27a1ba98 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40075", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.660", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:55:45.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,86 @@ "value": "En forceReplaceShortcutInner de ShortcutPackage.java, existe una forma posible de registrar paquetes ilimitados debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local, lo que dar\u00eda lugar a un bucle de inicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json index 010d80e9144..a1b6c2da65d 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40076", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.713", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:57:47.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "En createPendingIntent de CredentialManagerUi.java, existe una forma posible de acceder a las credenciales de otros usuarios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json index 69c2a443e56..b33155fe566 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40077", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.760", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:01:28.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,86 @@ "value": "En m\u00faltiples funciones de MetaDataBase.cpp, existe una posible escritura UAF debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json index c701a744f2b..aaaeb1fe13e 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40078", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.807", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:00:30.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "En a2dp_vendor_opus_decoder_decode_packet de a2dp_vendor_opus_decoder.cc, hay una posible escritura fuera de los l\u00edmites debido a un desbordamiento del heap del b\u00fafer. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json index 68ce3a42de5..bb0ca9fb6bb 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40079", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.857", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:05:46.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "En injectSendIntentSender de ShortcutService.java, existe un posible inicio de actividad en segundo plano debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json index bd8a0b393df..21907509847 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40080", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.913", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:10:39.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,71 @@ "value": "En m\u00faltiples funciones de btm_ble_gap.cc, existe una posible escritura fuera de los l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json index 3481a325063..b764cd78792 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40081", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.973", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:14:18.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,86 @@ "value": "En loadMediaDataInBgForResumption de MediaDataManager.kt, existe una forma posible de ver las im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json index 6250161555c..b091c8847f7 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40082", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.023", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:24:29.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "En modify_for_next_stage de fdt.rs, existe una manera posible de hacer que KASLR sea ineficaz debido a un uso incorrecto de la criptograf\u00eda. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json index 239d2716f5b..2daefeb5b7d 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40083", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.073", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:31:19.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,81 @@ "value": "En parse_gap_data de utils.cc, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-12-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4295.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4295.json index 2ca6f3e5857..5f84f334dd7 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4295.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4295.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4295", "sourceIdentifier": "arm-security@arm.com", "published": "2023-11-07T16:15:29.340", - "lastModified": "2023-11-14T23:15:12.123", - "vulnStatus": "Modified", + "lastModified": "2023-12-08T17:15:07.540", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -91,6 +91,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html", + "source": "arm-security@arm.com" + }, { "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "source": "arm-security@arm.com", diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45252.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45252.json index fca42b96d92..fd4069d44a7 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45252.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45252", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T06:15:47.840", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:45:28.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,80 @@ "value": "Vulnerabilidad de secuestro de DLL en Huddly HuddlyCameraService anterior a la versi\u00f3n 8.0.7, sin incluir la versi\u00f3n 7.99, debido a la instalaci\u00f3n del servicio en un directorio que otorga privilegios de escritura a usuarios est\u00e1ndar, permite a los atacantes manipular archivos, ejecutar c\u00f3digo arbitrario y escalar privilegios." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huddly:huddlycameraservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.7", + "matchCriteriaId": "00ECAAF1-5655-4639-8E76-069BFF8FCB40" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45253.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45253.json index e7c0d9005bf..ebb67a0b5a2 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45253.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45253", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-01T06:15:47.903", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:31:28.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,80 @@ "value": "Se descubri\u00f3 un problema en Huddly HuddlyCameraService anterior a la versi\u00f3n 8.0.7, sin incluir la versi\u00f3n 7.99, que permite a los atacantes manipular archivos y escalar privilegios a trav\u00e9s del m\u00e9todo RollingFileAppender.DeleteFile realizado por la librer\u00eda log4net." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huddly:huddlycameraservices:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.7", + "matchCriteriaId": "03330B8E-7829-42A6-8A4C-5288A2B5B0B8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json index fa3ee5b095a..3f62bf74778 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46818", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T04:15:10.907", - "lastModified": "2023-11-08T13:56:23.527", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-08T17:15:07.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -74,6 +74,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html", + "source": "cve@mitre.org" + }, { "url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json index e73f3c0432c..bc5765b9d02 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47100.json @@ -2,19 +2,80 @@ "id": "CVE-2023-47100", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-02T23:15:07.187", - "lastModified": "2023-12-03T16:37:30.347", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:57:01.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0." + }, + { + "lang": "es", + "value": "En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcci\u00f3n de expresi\u00f3n regular \\p{...} est\u00e1 mal manejado. La primera versi\u00f3n afectada es la 5.30.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.30.0", + "versionEndExcluding": "5.38.2", + "matchCriteriaId": "14B8DD8C-B79A-41F6-B743-6D319ACD6741" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json index a92045a5236..2333aae6d57 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48695", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:08.640", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:51:23.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:azure_rtos_usbx:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3.0", + "matchCriteriaId": "8DFED452-108C-4B30-95FD-076DB22072F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json index ba7a7733911..96b0050769a 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49284", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:08.737", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:26:11.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.6.2", + "matchCriteriaId": "2274FD09-F6AF-4F35-AAD6-9D48F8045BB7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json index dea6bfb5285..4c7690bf136 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49285", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.007", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:30:27.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,26 +80,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.4", + "matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json index b85aabe40f7..27329ad1597 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49286", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.243", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:30:06.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + }, + { + "lang": "en", + "value": "CWE-754" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -54,18 +88,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.4", + "matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json index aea3b5f76da..a8f2597b4a4 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49288", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.477", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:29:23.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5", + "versionEndIncluding": "5.9", + "matchCriteriaId": "58165CD0-BDD1-48E3-86A8-4A3CA5AC2039" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json index 93ebbaf121b..f8a2bd8e8b0 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49289", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:08.967", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:25:37.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:michaelschwarz:ajax.net_professional:*:*:*:*:*:asp.net:*:*", + "versionEndExcluding": "21.12.22.1", + "matchCriteriaId": "A26A2313-1FB9-4489-BB02-9176E6002074" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.nuget.org/packages/AjaxNetProfessional/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json index b8aa643c1ed..184d00b4998 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49290", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.190", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:25:26.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.2.27", + "matchCriteriaId": "1E36615F-24CB-4999-B852-484E597CE4F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.0.18", + "matchCriteriaId": "566A6052-A735-4FDB-975D-47C594210E70" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lestrrat-go/jwx/commit/64f2a229b8e18605f47361d292b526bdc4aee01c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json index 2cc828703fa..6d1a84aa251 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49291", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.403", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:24:26.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,26 +80,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tj-actions:branch-names:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.0", + "matchCriteriaId": "4AB0A58B-E056-49E3-9CD4-063AF78D1ECB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tj-actions:branch-names:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.1", + "versionEndExcluding": "7.0.7", + "matchCriteriaId": "04A7066A-CDAB-4C39-AD1F-87ADAF23495A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-untrusted-input", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json index 9406bee1bc0..fa2d503a625 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49292", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.627", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:20:40.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,22 +80,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ecies:go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.8", + "matchCriteriaId": "B03A6379-B738-4870-806D-614DC8B1ADE2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ecies/go/releases/tag/v2.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json index ea317a84209..1bea81aaffe 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49293", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.730", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:28:27.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,150 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "4.4.0", + "versionEndIncluding": "4.4.11", + "matchCriteriaId": "794F0A24-E042-454A-8AF4-410CA6B9B7ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.0.4", + "matchCriteriaId": "5035825C-DE1D-4C3E-B80A-B80BAA9B9B83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:-:*:*:*:node.js:*:*", + "matchCriteriaId": "49DB9151-3306-4887-B467-54BF1CB59077" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta0:*:*:*:node.js:*:*", + "matchCriteriaId": "AD12B845-C230-4731-A1C3-F7C8563EC330" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta1:*:*:*:node.js:*:*", + "matchCriteriaId": "71B39887-494A-42B0-97B5-3A27BBDA384F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta10:*:*:*:node.js:*:*", + "matchCriteriaId": "42748778-8084-4E85-A870-F4938B2B4197" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta11:*:*:*:node.js:*:*", + "matchCriteriaId": "8CEA9A64-2C3B-48CD-B553-1B266E6D98DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta12:*:*:*:node.js:*:*", + "matchCriteriaId": "C4335B97-76B1-4B91-BDF1-0DFFB8B5D966" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta13:*:*:*:node.js:*:*", + "matchCriteriaId": "D4393D1C-F71A-4FBB-896E-91F5BDE99F5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta14:*:*:*:node.js:*:*", + "matchCriteriaId": "41F91182-DFB5-4900-967A-3467C1160FD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta15:*:*:*:node.js:*:*", + "matchCriteriaId": "E3A2BCC8-1B86-47D9-B1D9-374B3FAF452F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta16:*:*:*:node.js:*:*", + "matchCriteriaId": "659D1924-3224-4F96-B88C-1A98909C3129" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta17:*:*:*:node.js:*:*", + "matchCriteriaId": "239A48C0-7571-46A9-ADF8-8044F89312DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta18:*:*:*:node.js:*:*", + "matchCriteriaId": "0DBF0C24-7E51-4E33-B265-872250BAAFFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta19:*:*:*:node.js:*:*", + "matchCriteriaId": "061FD0EC-C333-43A4-B003-0B2C7CC5F377" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta2:*:*:*:node.js:*:*", + "matchCriteriaId": "CDAA6C11-11F8-466A-910F-CEB4ECA6C2B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta20:*:*:*:node.js:*:*", + "matchCriteriaId": "E3FE8672-FB0B-4E18-8830-85A858B4EBCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta3:*:*:*:node.js:*:*", + "matchCriteriaId": "9DBA3329-186A-48FD-A1F1-0F0F4487FEB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta4:*:*:*:node.js:*:*", + "matchCriteriaId": "A4C137DE-8111-447B-AB2A-5DCF19C1EDE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta5:*:*:*:node.js:*:*", + "matchCriteriaId": "1866630A-7067-4B2D-BB66-FA5A49556046" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta6:*:*:*:node.js:*:*", + "matchCriteriaId": "0490F00F-EE92-4A86-A11F-7A81345700AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta7:*:*:*:node.js:*:*", + "matchCriteriaId": "F7947662-99E7-42FA-9F5B-FBB84B370E76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta8:*:*:*:node.js:*:*", + "matchCriteriaId": "DC5DF679-2F1D-4DDC-AD63-D4013D61D5F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta9:*:*:*:node.js:*:*", + "matchCriteriaId": "D3EE21DD-285A-4B6A-A607-60D4E3842B28" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json index 31b81ab277b..35b2ffe3383 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5808", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2023-12-05T00:15:09.840", - "lastModified": "2023-12-07T23:15:07.580", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T17:18:15.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:vantara_hitachi_network_attached_storage:*:*:*:*:*:*:*:*", + "versionEndIncluding": "14.8.7825.01", + "matchCriteriaId": "CD9B85DC-B57B-4A45-B157-D66255C06876" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hitachivantara.com/", - "source": "security.vulnerabilities@hitachivantara.com" + "source": "security.vulnerabilities@hitachivantara.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5915.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5915.json index f926210433e..58e4edcd2d0 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5915.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5915", "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9", "published": "2023-12-01T07:15:12.627", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T18:24:27.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Se ha identificado una vulnerabilidad de consumo incontrolado de recursos en STARDOM proporcionado por Yokogawa Electric Corporation. Esta vulnerabilidad puede permitir que un atacante remoto cause una condici\u00f3n de denegaci\u00f3n de servicio al controlador FCN/FCJ mediante el env\u00edo de un paquete manipulado. Mientras se enviaba el paquete, no se pudo acceder a la p\u00e1gina de inicio de mantenimiento del controlador. Por lo tanto, las funciones de la p\u00e1gina de inicio de mantenimiento, cambio de configuraci\u00f3n, visualizaci\u00f3n de registros, etc. no est\u00e1n disponibles. Pero la condici\u00f3n no detiene el funcionamiento del controlador. Los productos y versiones afectados son los siguientes: STARDOM FCN/FCJ R1.01 a R4.31." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "7168b535-132a-4efe-a076-338f829b2eb9", "type": "Secondary", @@ -27,18 +60,91 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "r1.01", + "versionEndIncluding": "r4.31", + "matchCriteriaId": "03BF3DA1-FA1C-4633-A665-EE5826650EC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37EFAADB-EF41-4B63-A9C4-9A410682F47D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "r1.01", + "versionEndIncluding": "r4.31", + "matchCriteriaId": "A08E6234-7D44-4C8D-9D5B-373A085D0716" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6051604E-7FAF-44D7-BDB6-7D2D71DFC416" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/vu/JVNVU95177889/index.html", - "source": "7168b535-132a-4efe-a076-338f829b2eb9" + "source": "7168b535-132a-4efe-a076-338f829b2eb9", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf", - "source": "7168b535-132a-4efe-a076-338f829b2eb9" + "source": "7168b535-132a-4efe-a076-338f829b2eb9", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02", - "source": "7168b535-132a-4efe-a076-338f829b2eb9" + "source": "7168b535-132a-4efe-a076-338f829b2eb9", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json index e614191949d..3013da98d53 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5944", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-12-04T23:15:27.940", - "lastModified": "2023-12-05T13:51:04.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-08T17:28:11.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*", + "matchCriteriaId": "9386A747-1745-461E-B7DC-75293A166EC5" + } + ] + } + ] + } + ], "references": [ { "url": "https://diastudio.deltaww.com/home/downloads?sec=download#catalog", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json index 82badbadb86..d2b20ed4ebf 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6579.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6579", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-07T22:15:08.300", - "lastModified": "2023-12-08T14:23:14.473", + "lastModified": "2023-12-08T17:15:07.647", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.247160", "source": "cna@vuldb.com" diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json new file mode 100644 index 00000000000..57434d13c20 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-6606", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-08T17:15:07.733", + "lastModified": "2023-12-08T17:15:07.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6606", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6610.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6610.json new file mode 100644 index 00000000000..57df10bec68 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6610.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-6610", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-08T17:15:07.933", + "lastModified": "2023-12-08T17:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6610", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6615.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6615.json new file mode 100644 index 00000000000..bd4a924bde0 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6615.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6615", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T17:15:08.143", + "lastModified": "2023-12-08T17:15:08.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 5.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247250", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247250", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6616.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6616.json new file mode 100644 index 00000000000..32a6e1a31a0 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6616.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6616", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T17:15:08.367", + "lastModified": "2023-12-08T17:15:08.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.247253", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247253", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.yuque.com/u39339523/el4dxs/sxa6f9gywg6vfbur", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6617.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6617.json new file mode 100644 index 00000000000..c4a26a0de2f --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6617.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6617", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T17:15:08.600", + "lastModified": "2023-12-08T17:15:08.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.247254", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247254", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6618.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6618.json new file mode 100644 index 00000000000..fb09fcf26d7 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6618.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6618", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T17:15:08.827", + "lastModified": "2023-12-08T17:15:08.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.247255", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247255", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6619.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6619.json new file mode 100644 index 00000000000..e4f691fd385 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6619.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6619", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-08T18:15:06.930", + "lastModified": "2023-12-08T18:15:06.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247256", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247256", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6622.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6622.json new file mode 100644 index 00000000000..ee07fce1442 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6622.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-6622", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-08T18:15:07.163", + "lastModified": "2023-12-08T18:15:07.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6622", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6c3133bb2a3..128487668d1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-08T17:00:18.496155+00:00 +2023-12-08T19:00:18.480736+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-08T16:50:35.540000+00:00 +2023-12-08T18:54:42.680000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232622 +232630 ``` ### CVEs added in the last Commit -Recently added CVEs: `41` +Recently added CVEs: `8` -* [CVE-2023-48423](CVE-2023/CVE-2023-484xx/CVE-2023-48423.json) (`2023-12-08T16:15:18.657`) -* [CVE-2023-6612](CVE-2023/CVE-2023-66xx/CVE-2023-6612.json) (`2023-12-08T16:15:18.713`) -* [CVE-2023-6613](CVE-2023/CVE-2023-66xx/CVE-2023-6613.json) (`2023-12-08T16:15:19.610`) -* [CVE-2023-6614](CVE-2023/CVE-2023-66xx/CVE-2023-6614.json) (`2023-12-08T16:15:20.223`) -* [CVE-2023-49444](CVE-2023/CVE-2023-494xx/CVE-2023-49444.json) (`2023-12-08T15:15:07.790`) -* [CVE-2023-49484](CVE-2023/CVE-2023-494xx/CVE-2023-49484.json) (`2023-12-08T15:15:07.840`) -* [CVE-2023-49485](CVE-2023/CVE-2023-494xx/CVE-2023-49485.json) (`2023-12-08T15:15:07.893`) -* [CVE-2023-49486](CVE-2023/CVE-2023-494xx/CVE-2023-49486.json) (`2023-12-08T15:15:07.943`) -* [CVE-2023-49487](CVE-2023/CVE-2023-494xx/CVE-2023-49487.json) (`2023-12-08T15:15:07.990`) -* [CVE-2023-6146](CVE-2023/CVE-2023-61xx/CVE-2023-6146.json) (`2023-12-08T15:15:08.037`) -* [CVE-2023-6245](CVE-2023/CVE-2023-62xx/CVE-2023-6245.json) (`2023-12-08T15:15:08.233`) -* [CVE-2023-6608](CVE-2023/CVE-2023-66xx/CVE-2023-6608.json) (`2023-12-08T15:15:08.457`) -* [CVE-2023-6609](CVE-2023/CVE-2023-66xx/CVE-2023-6609.json) (`2023-12-08T15:15:08.683`) -* [CVE-2023-6611](CVE-2023/CVE-2023-66xx/CVE-2023-6611.json) (`2023-12-08T15:15:08.917`) -* [CVE-2023-23372](CVE-2023/CVE-2023-233xx/CVE-2023-23372.json) (`2023-12-08T16:15:15.720`) -* [CVE-2023-32968](CVE-2023/CVE-2023-329xx/CVE-2023-32968.json) (`2023-12-08T16:15:15.943`) -* [CVE-2023-32975](CVE-2023/CVE-2023-329xx/CVE-2023-32975.json) (`2023-12-08T16:15:16.153`) -* [CVE-2023-47565](CVE-2023/CVE-2023-475xx/CVE-2023-47565.json) (`2023-12-08T16:15:16.367`) -* [CVE-2023-48397](CVE-2023/CVE-2023-483xx/CVE-2023-48397.json) (`2023-12-08T16:15:16.560`) -* [CVE-2023-48398](CVE-2023/CVE-2023-483xx/CVE-2023-48398.json) (`2023-12-08T16:15:16.617`) -* [CVE-2023-48399](CVE-2023/CVE-2023-483xx/CVE-2023-48399.json) (`2023-12-08T16:15:16.670`) -* [CVE-2023-48401](CVE-2023/CVE-2023-484xx/CVE-2023-48401.json) (`2023-12-08T16:15:16.720`) -* [CVE-2023-48402](CVE-2023/CVE-2023-484xx/CVE-2023-48402.json) (`2023-12-08T16:15:16.933`) -* [CVE-2023-48403](CVE-2023/CVE-2023-484xx/CVE-2023-48403.json) (`2023-12-08T16:15:17.120`) -* [CVE-2023-49443](CVE-2023/CVE-2023-494xx/CVE-2023-49443.json) (`2023-12-08T15:15:07.740`) +* [CVE-2023-6606](CVE-2023/CVE-2023-66xx/CVE-2023-6606.json) (`2023-12-08T17:15:07.733`) +* [CVE-2023-6610](CVE-2023/CVE-2023-66xx/CVE-2023-6610.json) (`2023-12-08T17:15:07.933`) +* [CVE-2023-6615](CVE-2023/CVE-2023-66xx/CVE-2023-6615.json) (`2023-12-08T17:15:08.143`) +* [CVE-2023-6616](CVE-2023/CVE-2023-66xx/CVE-2023-6616.json) (`2023-12-08T17:15:08.367`) +* [CVE-2023-6617](CVE-2023/CVE-2023-66xx/CVE-2023-6617.json) (`2023-12-08T17:15:08.600`) +* [CVE-2023-6618](CVE-2023/CVE-2023-66xx/CVE-2023-6618.json) (`2023-12-08T17:15:08.827`) +* [CVE-2023-6619](CVE-2023/CVE-2023-66xx/CVE-2023-6619.json) (`2023-12-08T18:15:06.930`) +* [CVE-2023-6622](CVE-2023/CVE-2023-66xx/CVE-2023-6622.json) (`2023-12-08T18:15:07.163`) ### CVEs modified in the last Commit -Recently modified CVEs: `75` +Recently modified CVEs: `42` -* [CVE-2023-40463](CVE-2023/CVE-2023-404xx/CVE-2023-40463.json) (`2023-12-08T15:46:41.393`) -* [CVE-2023-40462](CVE-2023/CVE-2023-404xx/CVE-2023-40462.json) (`2023-12-08T15:46:50.287`) -* [CVE-2023-40461](CVE-2023/CVE-2023-404xx/CVE-2023-40461.json) (`2023-12-08T15:47:23.163`) -* [CVE-2023-40460](CVE-2023/CVE-2023-404xx/CVE-2023-40460.json) (`2023-12-08T15:47:41.403`) -* [CVE-2023-40459](CVE-2023/CVE-2023-404xx/CVE-2023-40459.json) (`2023-12-08T15:47:51.637`) -* [CVE-2023-40103](CVE-2023/CVE-2023-401xx/CVE-2023-40103.json) (`2023-12-08T15:48:11.713`) -* [CVE-2023-40098](CVE-2023/CVE-2023-400xx/CVE-2023-40098.json) (`2023-12-08T15:48:26.640`) -* [CVE-2023-40097](CVE-2023/CVE-2023-400xx/CVE-2023-40097.json) (`2023-12-08T15:48:56.323`) -* [CVE-2023-40096](CVE-2023/CVE-2023-400xx/CVE-2023-40096.json) (`2023-12-08T15:49:13.587`) -* [CVE-2023-40095](CVE-2023/CVE-2023-400xx/CVE-2023-40095.json) (`2023-12-08T15:49:28.417`) -* [CVE-2023-40094](CVE-2023/CVE-2023-400xx/CVE-2023-40094.json) (`2023-12-08T15:49:46.737`) -* [CVE-2023-40092](CVE-2023/CVE-2023-400xx/CVE-2023-40092.json) (`2023-12-08T15:49:57.273`) -* [CVE-2023-40091](CVE-2023/CVE-2023-400xx/CVE-2023-40091.json) (`2023-12-08T15:50:07.320`) -* [CVE-2023-40090](CVE-2023/CVE-2023-400xx/CVE-2023-40090.json) (`2023-12-08T15:53:14.603`) -* [CVE-2023-40089](CVE-2023/CVE-2023-400xx/CVE-2023-40089.json) (`2023-12-08T15:53:26.687`) -* [CVE-2023-40088](CVE-2023/CVE-2023-400xx/CVE-2023-40088.json) (`2023-12-08T15:53:48.937`) -* [CVE-2023-40087](CVE-2023/CVE-2023-400xx/CVE-2023-40087.json) (`2023-12-08T15:54:00.930`) -* [CVE-2023-40084](CVE-2023/CVE-2023-400xx/CVE-2023-40084.json) (`2023-12-08T15:54:10.807`) -* [CVE-2023-49280](CVE-2023/CVE-2023-492xx/CVE-2023-49280.json) (`2023-12-08T15:54:43.680`) -* [CVE-2023-45781](CVE-2023/CVE-2023-457xx/CVE-2023-45781.json) (`2023-12-08T15:55:05.953`) -* [CVE-2023-24046](CVE-2023/CVE-2023-240xx/CVE-2023-24046.json) (`2023-12-08T16:03:04.717`) -* [CVE-2023-24047](CVE-2023/CVE-2023-240xx/CVE-2023-24047.json) (`2023-12-08T16:23:33.007`) -* [CVE-2023-24049](CVE-2023/CVE-2023-240xx/CVE-2023-24049.json) (`2023-12-08T16:32:19.967`) -* [CVE-2023-24050](CVE-2023/CVE-2023-240xx/CVE-2023-24050.json) (`2023-12-08T16:37:34.153`) -* [CVE-2023-24051](CVE-2023/CVE-2023-240xx/CVE-2023-24051.json) (`2023-12-08T16:50:35.540`) +* [CVE-2023-5944](CVE-2023/CVE-2023-59xx/CVE-2023-5944.json) (`2023-12-08T17:28:11.723`) +* [CVE-2023-49293](CVE-2023/CVE-2023-492xx/CVE-2023-49293.json) (`2023-12-08T17:28:27.917`) +* [CVE-2023-49288](CVE-2023/CVE-2023-492xx/CVE-2023-49288.json) (`2023-12-08T17:29:23.270`) +* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2023-12-08T17:30:06.817`) +* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2023-12-08T17:30:27.670`) +* [CVE-2023-24052](CVE-2023/CVE-2023-240xx/CVE-2023-24052.json) (`2023-12-08T17:38:12.703`) +* [CVE-2023-35668](CVE-2023/CVE-2023-356xx/CVE-2023-35668.json) (`2023-12-08T17:47:02.357`) +* [CVE-2023-40073](CVE-2023/CVE-2023-400xx/CVE-2023-40073.json) (`2023-12-08T17:50:29.510`) +* [CVE-2023-40074](CVE-2023/CVE-2023-400xx/CVE-2023-40074.json) (`2023-12-08T17:51:45.870`) +* [CVE-2023-40075](CVE-2023/CVE-2023-400xx/CVE-2023-40075.json) (`2023-12-08T17:55:45.390`) +* [CVE-2023-47100](CVE-2023/CVE-2023-471xx/CVE-2023-47100.json) (`2023-12-08T17:57:01.690`) +* [CVE-2023-40076](CVE-2023/CVE-2023-400xx/CVE-2023-40076.json) (`2023-12-08T17:57:47.650`) +* [CVE-2023-40078](CVE-2023/CVE-2023-400xx/CVE-2023-40078.json) (`2023-12-08T18:00:30.370`) +* [CVE-2023-40077](CVE-2023/CVE-2023-400xx/CVE-2023-40077.json) (`2023-12-08T18:01:28.773`) +* [CVE-2023-40079](CVE-2023/CVE-2023-400xx/CVE-2023-40079.json) (`2023-12-08T18:05:46.703`) +* [CVE-2023-40080](CVE-2023/CVE-2023-400xx/CVE-2023-40080.json) (`2023-12-08T18:10:39.777`) +* [CVE-2023-40081](CVE-2023/CVE-2023-400xx/CVE-2023-40081.json) (`2023-12-08T18:14:18.023`) +* [CVE-2023-5915](CVE-2023/CVE-2023-59xx/CVE-2023-5915.json) (`2023-12-08T18:24:27.517`) +* [CVE-2023-40082](CVE-2023/CVE-2023-400xx/CVE-2023-40082.json) (`2023-12-08T18:24:29.763`) +* [CVE-2023-40083](CVE-2023/CVE-2023-400xx/CVE-2023-40083.json) (`2023-12-08T18:31:19.213`) +* [CVE-2023-45253](CVE-2023/CVE-2023-452xx/CVE-2023-45253.json) (`2023-12-08T18:31:28.750`) +* [CVE-2023-45252](CVE-2023/CVE-2023-452xx/CVE-2023-45252.json) (`2023-12-08T18:45:28.017`) +* [CVE-2023-48695](CVE-2023/CVE-2023-486xx/CVE-2023-48695.json) (`2023-12-08T18:51:23.953`) +* [CVE-2023-28811](CVE-2023/CVE-2023-288xx/CVE-2023-28811.json) (`2023-12-08T18:53:08.613`) +* [CVE-2023-34982](CVE-2023/CVE-2023-349xx/CVE-2023-34982.json) (`2023-12-08T18:53:18.187`) ## Download and Usage