admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-08T19:00:18.480736+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-08 19:00:22 +00:00
parent 8eff9528bf
commit 243e4dbff0
51 changed files with 4739 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-182xx/CVE-2019-18279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-18279",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-13T18:15:11.000",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-12-08T18:54:42.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,10 +84,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phoenix:securecore_technology:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:phoenix:securecore_technology:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.12.0",
"versionEndIncluding": "1.5.74.0",
"matchCriteriaId": "42A85F49-223A-4639-8E85-D192CE964460"
"matchCriteriaId": "E8AFEF5A-A0B8-4044-A520-7252C30F075E"
}
]
}

81
CVE-2022/CVE-2022-464xx/CVE-2022-46480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46480",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:07.460",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:27:55.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,84 @@
"value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-294"
},
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*",
"matchCriteriaId": "BA191DAF-E479-4B8D-99BF-2AC6147C4490"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2D1265-D7A7-4F4D-B0BC-DE788C2163A6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-240xx/CVE-2023-24052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.410",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:38:12.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Un problema descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a, ya que no solicita la contrase\u00f1a actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC3408F-6CB5-4B0E-9536-D08A4DE072B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C55398C2-DC1C-4623-8AD8-7064125604FA"
}
]
}
]
}
],
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-269xx/CVE-2023-26941.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26941",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.110",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:27:42.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Conexis L1 v1.1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:assaabloy:yale_conexis_l1_firmware:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71B4794-D7C8-4706-BE6C-CCB7DD1501BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:assaabloy:yale_conexis_l1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F42CFF42-528A-46E9-B17D-3A4BD6C96E56"
}
]
}
]
}
],
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-269xx/CVE-2023-26942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26942",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.163",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:27:34.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Mecanismos de cifrado d\u00e9biles en etiquetas RFID en Yale IA-210 Alarm v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica al original."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:assaabloy:yale_ia-210_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A113202F-3607-460D-B5EF-8709CF1ABE99"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:assaabloy:yale_ia-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3EC236-4CB0-41B5-9716-FFD2116C76E2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-269xx/CVE-2023-26943.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26943",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.227",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:27:23.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Keyless Lock v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:assaabloy:yale_keyless_smart_lock_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "409D79C4-6F3B-4DC8-80C2-064B045EED63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:assaabloy:yale_keyless_smart_lock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEF2DB4-31EF-40EA-8650-93DABCDE79D2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

1152
CVE-2023/CVE-2023-288xx/CVE-2023-28811.json
View File

File diff suppressed because it is too large Load Diff

6
CVE-2023/CVE-2023-335xx/CVE-2023-33595.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33595",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.920",
"lastModified": "2023-06-15T14:58:42.833",
"lastModified": "2023-12-08T17:03:53.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:cpython:3.12.0:alpha_7:*:*:*:*:*:*",
"matchCriteriaId": "9B61BE28-33F3-425C-9788-867DF50D9AC9"
"criteria": "cpe:2.3:a:python:python:3.12.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "BA2D7BE3-5AEE-42DC-892C-747202C4A542"
}
]
}

273
CVE-2023/CVE-2023-338xx/CVE-2023-33873.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33873",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-15T17:15:41.313",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:27:53.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios est\u00e1ndar escale a privilegios del sistema en la m\u00e1quina donde est\u00e1n instalados estos productos, lo que resulta en un compromiso total de la m\u00e1quina de destino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,245 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "5C2AEDAE-18DB-40C0-AFB0-57136A822BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "F546770E-B402-4577-8E0D-C7D34CFDE549"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6A67B8AC-2282-4F39-9795-D61F48304049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "D62B3995-706D-4285-A3C7-900ED2D176B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "D97EE6DC-CCB3-40FF-BC75-A694DCBCE50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "B74F0988-CB5D-4FC4-8CBD-6B43F6CB4C22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "B38368FD-D573-4C6A-BBB7-B0CC477C44AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20.1.101",
"matchCriteriaId": "6CE5AEFF-0C5F-499C-B4AF-3594CC591061"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.002",
"matchCriteriaId": "9D63D153-5F92-4732-8CE7-BF821FDC1FFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "310008CD-1FB4-47C3-9B20-1DF0BC537019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "33FE93BF-8221-4A84-845B-13693E28F570"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "D479F013-5ABC-4B59-845A-E06EF0ADF107"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "5B67B330-EB63-4026-A961-EA2EE76A8355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "06F39A93-CE38-4696-A301-3B08BB02AA0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "87B6DFEA-FED8-4A02-B09A-2676D5C8A5DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "A3FDBC50-37E5-4F02-BDAC-22490D139C71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "A7D7123E-2439-4325-9733-F10DFF180C35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "E5519C16-D78F-4B03-BF68-25977782C15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "1288B3F5-2A5F-4516-96F8-FDB33A71060A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*",
"matchCriteriaId": "353CAFF0-2928-46F1-B5B5-9F0122BCDF38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "2244B652-6874-4BD3-9F6A-C01274CE7F25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "40D03AD9-31E2-422F-9137-4E881A942C74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "B9AA5D22-126E-4E0B-AD44-8990B9218AA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "062CEF6D-5308-4CC7-A20A-84298C527C14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "63BCBC30-F337-47AB-96F1-54E46F735B1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "7B493552-4A0D-49DC-8669-C7E714669D98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "2B714DE8-6E27-48ED-8CB5-6FD3DECB8718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "4FF7755E-D26A-4D55-88BB-2811A18C2589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "5B0AB6DC-D05F-429F-9FEF-500BE9780456"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "8E69E722-AA58-49BD-9D22-5A6DC40FE85F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "18048EB2-8F4C-4C75-93BD-0C3D6C42AB4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "D47F4B07-B67F-4855-AED2-D17B0E76FA8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "1ED7E9C7-B882-4F57-B796-59A4F90EE185"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "33D5FF9C-590D-4BA3-A265-35956E4F36DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*",
"matchCriteriaId": "12AD341A-07AE-4837-A1DC-471FFF0926DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "62A91A30-CB69-4E14-9C32-BF848E740944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "061DD968-A34E-4AA2-B0EC-ECBAF4B15605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "78E65146-9CB1-423B-A565-48530C453382"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"matchCriteriaId": "64EF2703-3C49-468A-ADA9-E78173DF4F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*",
"matchCriteriaId": "4131B6FF-AF15-4F52-9415-A9E150B169DD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

273
CVE-2023/CVE-2023-349xx/CVE-2023-34982.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34982",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-15T17:15:41.563",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:53:18.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad de control externo, si se explota, podr\u00eda permitir que un usuario local autenticado en el sistema operativo con privilegios est\u00e1ndar elimine archivos con privilegios de sistema en la m\u00e1quina donde est\u00e1n instalados estos productos, lo que resultar\u00eda en una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,245 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "5C2AEDAE-18DB-40C0-AFB0-57136A822BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "F546770E-B402-4577-8E0D-C7D34CFDE549"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6A67B8AC-2282-4F39-9795-D61F48304049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "D62B3995-706D-4285-A3C7-900ED2D176B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "D97EE6DC-CCB3-40FF-BC75-A694DCBCE50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "B74F0988-CB5D-4FC4-8CBD-6B43F6CB4C22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "B38368FD-D573-4C6A-BBB7-B0CC477C44AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20.1.101",
"matchCriteriaId": "6CE5AEFF-0C5F-499C-B4AF-3594CC591061"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.002",
"matchCriteriaId": "9D63D153-5F92-4732-8CE7-BF821FDC1FFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "310008CD-1FB4-47C3-9B20-1DF0BC537019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "33FE93BF-8221-4A84-845B-13693E28F570"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "D479F013-5ABC-4B59-845A-E06EF0ADF107"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "5B67B330-EB63-4026-A961-EA2EE76A8355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "06F39A93-CE38-4696-A301-3B08BB02AA0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "87B6DFEA-FED8-4A02-B09A-2676D5C8A5DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "A3FDBC50-37E5-4F02-BDAC-22490D139C71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "A7D7123E-2439-4325-9733-F10DFF180C35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "E5519C16-D78F-4B03-BF68-25977782C15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "1288B3F5-2A5F-4516-96F8-FDB33A71060A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*",
"matchCriteriaId": "353CAFF0-2928-46F1-B5B5-9F0122BCDF38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "2244B652-6874-4BD3-9F6A-C01274CE7F25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "40D03AD9-31E2-422F-9137-4E881A942C74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "B9AA5D22-126E-4E0B-AD44-8990B9218AA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "062CEF6D-5308-4CC7-A20A-84298C527C14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "63BCBC30-F337-47AB-96F1-54E46F735B1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "7B493552-4A0D-49DC-8669-C7E714669D98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "2B714DE8-6E27-48ED-8CB5-6FD3DECB8718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "4FF7755E-D26A-4D55-88BB-2811A18C2589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "5B0AB6DC-D05F-429F-9FEF-500BE9780456"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "8E69E722-AA58-49BD-9D22-5A6DC40FE85F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "18048EB2-8F4C-4C75-93BD-0C3D6C42AB4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "D47F4B07-B67F-4855-AED2-D17B0E76FA8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"matchCriteriaId": "1ED7E9C7-B882-4F57-B796-59A4F90EE185"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"matchCriteriaId": "33D5FF9C-590D-4BA3-A265-35956E4F36DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*",
"matchCriteriaId": "12AD341A-07AE-4837-A1DC-471FFF0926DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "62A91A30-CB69-4E14-9C32-BF848E740944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "061DD968-A34E-4AA2-B0EC-ECBAF4B15605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "78E65146-9CB1-423B-A565-48530C453382"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"matchCriteriaId": "64EF2703-3C49-468A-ADA9-E78173DF4F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*",
"matchCriteriaId": "4131B6FF-AF15-4F52-9415-A9E150B169DD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

78
CVE-2023/CVE-2023-356xx/CVE-2023-35668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35668",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.460",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:47:02.357",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,81 @@
"value": "En visitUris de Notification.java, existe una forma posible de mostrar im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-364xx/CVE-2023-36404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36404",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T18:15:42.100",
"lastModified": "2023-11-20T20:24:29.553",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-08T17:15:07.307",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -163,6 +163,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176110/Windows-Kernel-Information-Disclosure.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36404",
"source": "secure@microsoft.com",

83
CVE-2023/CVE-2023-400xx/CVE-2023-40073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40073",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.553",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:50:29.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,86 @@
"value": "En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-400xx/CVE-2023-40074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40074",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.607",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:51:45.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,81 @@
"value": "En saveToXml de PersistableBundle.java, los datos no v\u00e1lidos podr\u00edan provocar una denegaci\u00f3n de servicio persistente local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-400xx/CVE-2023-40075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40075",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.660",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:55:45.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,86 @@
"value": "En forceReplaceShortcutInner de ShortcutPackage.java, existe una forma posible de registrar paquetes ilimitados debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local, lo que dar\u00eda lugar a un bucle de inicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-400xx/CVE-2023-40076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40076",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.713",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:57:47.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "En createPendingIntent de CredentialManagerUi.java, existe una forma posible de acceder a las credenciales de otros usuarios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-400xx/CVE-2023-40077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40077",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.760",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:01:28.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,86 @@
"value": "En m\u00faltiples funciones de MetaDataBase.cpp, existe una posible escritura UAF debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-400xx/CVE-2023-40078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40078",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.807",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:00:30.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "En a2dp_vendor_opus_decoder_decode_packet de a2dp_vendor_opus_decoder.cc, hay una posible escritura fuera de los l\u00edmites debido a un desbordamiento del heap del b\u00fafer. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-400xx/CVE-2023-40079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40079",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.857",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:05:46.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "En injectSendIntentSender de ShortcutService.java, existe un posible inicio de actividad en segundo plano debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-400xx/CVE-2023-40080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40080",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.913",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:10:39.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,71 @@
"value": "En m\u00faltiples funciones de btm_ble_gap.cc, existe una posible escritura fuera de los l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-400xx/CVE-2023-40081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40081",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.973",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:14:18.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,86 @@
"value": "En loadMediaDataInBgForResumption de MediaDataManager.kt, existe una forma posible de ver las im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-400xx/CVE-2023-40082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40082",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.023",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:24:29.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "En modify_for_next_stage de fdt.rs, existe una manera posible de hacer que KASLR sea ineficaz debido a un uso incorrecto de la criptograf\u00eda. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-400xx/CVE-2023-40083.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40083",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.073",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:31:19.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,81 @@
"value": "En parse_gap_data de utils.cc, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-42xx/CVE-2023-4295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4295",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-11-07T16:15:29.340",
"lastModified": "2023-11-14T23:15:12.123",
"vulnStatus": "Modified",
"lastModified": "2023-12-08T17:15:07.540",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -91,6 +91,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html",
"source": "arm-security@arm.com"
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com",

77
CVE-2023/CVE-2023-452xx/CVE-2023-45252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45252",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T06:15:47.840",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:45:28.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Vulnerabilidad de secuestro de DLL en Huddly HuddlyCameraService anterior a la versi\u00f3n 8.0.7, sin incluir la versi\u00f3n 7.99, debido a la instalaci\u00f3n del servicio en un directorio que otorga privilegios de escritura a usuarios est\u00e1ndar, permite a los atacantes manipular archivos, ejecutar c\u00f3digo arbitrario y escalar privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huddly:huddlycameraservice:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.7",
"matchCriteriaId": "00ECAAF1-5655-4639-8E76-069BFF8FCB40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-452xx/CVE-2023-45253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45253",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T06:15:47.903",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:31:28.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Se descubri\u00f3 un problema en Huddly HuddlyCameraService anterior a la versi\u00f3n 8.0.7, sin incluir la versi\u00f3n 7.99, que permite a los atacantes manipular archivos y escalar privilegios a trav\u00e9s del m\u00e9todo RollingFileAppender.DeleteFile realizado por la librer\u00eda log4net."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huddly:huddlycameraservices:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.7",
"matchCriteriaId": "03330B8E-7829-42A6-8A4C-5288A2B5B0B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-468xx/CVE-2023-46818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46818",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.907",
"lastModified": "2023-11-08T13:56:23.527",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-08T17:15:07.433",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -74,6 +74,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/",
"source": "cve@mitre.org",

69
CVE-2023/CVE-2023-471xx/CVE-2023-47100.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-47100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-02T23:15:07.187",
"lastModified": "2023-12-03T16:37:30.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:57:01.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0."
},
{
"lang": "es",
"value": "En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcci\u00f3n de expresi\u00f3n regular \\p{...} est\u00e1 mal manejado. La primera versi\u00f3n afectada es la 5.30.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.30.0",
"versionEndExcluding": "5.38.2",
"matchCriteriaId": "14B8DD8C-B79A-41F6-B743-6D319ACD6741"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

47
CVE-2023/CVE-2023-486xx/CVE-2023-48695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48695",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T01:15:08.640",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:51:23.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:azure_rtos_usbx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.0",
"matchCriteriaId": "8DFED452-108C-4B30-95FD-076DB22072F5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-492xx/CVE-2023-49284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49284",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:08.737",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:26:11.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.2",
"matchCriteriaId": "2274FD09-F6AF-4F35-AAD6-9D48F8045BB7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-492xx/CVE-2023-49285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49285",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.007",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:30:27.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,26 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.4",
"matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0"
}
]
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-492xx/CVE-2023-49286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49286",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.243",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:30:06.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,22 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
},
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,18 +88,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.4",
"matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0"
}
]
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-492xx/CVE-2023-49288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49288",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.477",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:29:23.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndIncluding": "5.9",
"matchCriteriaId": "58165CD0-BDD1-48E3-86A8-4A3CA5AC2039"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-492xx/CVE-2023-49289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49289",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:08.967",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:25:37.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:michaelschwarz:ajax.net_professional:*:*:*:*:*:asp.net:*:*",
"versionEndExcluding": "21.12.22.1",
"matchCriteriaId": "A26A2313-1FB9-4489-BB02-9176E6002074"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.nuget.org/packages/AjaxNetProfessional/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

60
CVE-2023/CVE-2023-492xx/CVE-2023-49290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49290",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.190",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:25:26.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.27",
"matchCriteriaId": "1E36615F-24CB-4999-B852-484E597CE4F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.18",
"matchCriteriaId": "566A6052-A735-4FDB-975D-47C594210E70"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lestrrat-go/jwx/commit/64f2a229b8e18605f47361d292b526bdc4aee01c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-492xx/CVE-2023-49291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49291",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.403",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:24:26.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,26 +80,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tj-actions:branch-names:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "4AB0A58B-E056-49E3-9CD4-063AF78D1ECB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tj-actions:branch-names:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.1",
"versionEndExcluding": "7.0.7",
"matchCriteriaId": "04A7066A-CDAB-4C39-AD1F-87ADAF23495A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-492xx/CVE-2023-49292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49292",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.627",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:20:40.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ecies:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"matchCriteriaId": "B03A6379-B738-4870-806D-614DC8B1ADE2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ecies/go/releases/tag/v2.0.8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

166
CVE-2023/CVE-2023-492xx/CVE-2023-49293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49293",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.730",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:28:27.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,150 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "4.4.0",
"versionEndIncluding": "4.4.11",
"matchCriteriaId": "794F0A24-E042-454A-8AF4-410CA6B9B7ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.0.4",
"matchCriteriaId": "5035825C-DE1D-4C3E-B80A-B80BAA9B9B83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "49DB9151-3306-4887-B467-54BF1CB59077"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta0:*:*:*:node.js:*:*",
"matchCriteriaId": "AD12B845-C230-4731-A1C3-F7C8563EC330"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "71B39887-494A-42B0-97B5-3A27BBDA384F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta10:*:*:*:node.js:*:*",
"matchCriteriaId": "42748778-8084-4E85-A870-F4938B2B4197"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta11:*:*:*:node.js:*:*",
"matchCriteriaId": "8CEA9A64-2C3B-48CD-B553-1B266E6D98DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta12:*:*:*:node.js:*:*",
"matchCriteriaId": "C4335B97-76B1-4B91-BDF1-0DFFB8B5D966"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta13:*:*:*:node.js:*:*",
"matchCriteriaId": "D4393D1C-F71A-4FBB-896E-91F5BDE99F5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta14:*:*:*:node.js:*:*",
"matchCriteriaId": "41F91182-DFB5-4900-967A-3467C1160FD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta15:*:*:*:node.js:*:*",
"matchCriteriaId": "E3A2BCC8-1B86-47D9-B1D9-374B3FAF452F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta16:*:*:*:node.js:*:*",
"matchCriteriaId": "659D1924-3224-4F96-B88C-1A98909C3129"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta17:*:*:*:node.js:*:*",
"matchCriteriaId": "239A48C0-7571-46A9-ADF8-8044F89312DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta18:*:*:*:node.js:*:*",
"matchCriteriaId": "0DBF0C24-7E51-4E33-B265-872250BAAFFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta19:*:*:*:node.js:*:*",
"matchCriteriaId": "061FD0EC-C333-43A4-B003-0B2C7CC5F377"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "CDAA6C11-11F8-466A-910F-CEB4ECA6C2B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta20:*:*:*:node.js:*:*",
"matchCriteriaId": "E3FE8672-FB0B-4E18-8830-85A858B4EBCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "9DBA3329-186A-48FD-A1F1-0F0F4487FEB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "A4C137DE-8111-447B-AB2A-5DCF19C1EDE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "1866630A-7067-4B2D-BB66-FA5A49556046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "0490F00F-EE92-4A86-A11F-7A81345700AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "F7947662-99E7-42FA-9F5B-FBB84B370E76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "DC5DF679-2F1D-4DDC-AD63-D4013D61D5F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:5.0.0:beta9:*:*:*:node.js:*:*",
"matchCriteriaId": "D3EE21DD-285A-4B6A-A607-60D4E3842B28"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-58xx/CVE-2023-5808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5808",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-05T00:15:09.840",
"lastModified": "2023-12-07T23:15:07.580",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-08T17:18:15.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:vantara_hitachi_network_attached_storage:*:*:*:*:*:*:*:*",
"versionEndIncluding": "14.8.7825.01",
"matchCriteriaId": "CD9B85DC-B57B-4A45-B157-D66255C06876"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hitachivantara.com/",
"source": "security.vulnerabilities@hitachivantara.com"
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Not Applicable"
]
}
]
}

118
CVE-2023/CVE-2023-59xx/CVE-2023-5915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5915",
"sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9",
"published": "2023-12-01T07:15:12.627",
"lastModified": "2023-12-01T13:54:29.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T18:24:27.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Se ha identificado una vulnerabilidad de consumo incontrolado de recursos en STARDOM proporcionado por Yokogawa Electric Corporation. Esta vulnerabilidad puede permitir que un atacante remoto cause una condici\u00f3n de denegaci\u00f3n de servicio al controlador FCN/FCJ mediante el env\u00edo de un paquete manipulado. Mientras se enviaba el paquete, no se pudo acceder a la p\u00e1gina de inicio de mantenimiento del controlador. Por lo tanto, las funciones de la p\u00e1gina de inicio de mantenimiento, cambio de configuraci\u00f3n, visualizaci\u00f3n de registros, etc. no est\u00e1n disponibles. Pero la condici\u00f3n no detiene el funcionamiento del controlador. Los productos y versiones afectados son los siguientes: STARDOM FCN/FCJ R1.01 a R4.31."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "7168b535-132a-4efe-a076-338f829b2eb9",
"type": "Secondary",
@ -27,18 +60,91 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r1.01",
"versionEndIncluding": "r4.31",
"matchCriteriaId": "03BF3DA1-FA1C-4633-A665-EE5826650EC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37EFAADB-EF41-4B63-A9C4-9A410682F47D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r1.01",
"versionEndIncluding": "r4.31",
"matchCriteriaId": "A08E6234-7D44-4C8D-9D5B-373A085D0716"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6051604E-7FAF-44D7-BDB6-7D2D71DFC416"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU95177889/index.html",
"source": "7168b535-132a-4efe-a076-338f829b2eb9"
"source": "7168b535-132a-4efe-a076-338f829b2eb9",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf",
"source": "7168b535-132a-4efe-a076-338f829b2eb9"
"source": "7168b535-132a-4efe-a076-338f829b2eb9",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02",
"source": "7168b535-132a-4efe-a076-338f829b2eb9"
"source": "7168b535-132a-4efe-a076-338f829b2eb9",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

62
CVE-2023/CVE-2023-59xx/CVE-2023-5944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5944",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-04T23:15:27.940",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-08T17:28:11.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9386A747-1745-461E-B7DC-75293A166EC5"
}
]
}
]
}
],
"references": [
{
"url": "https://diastudio.deltaww.com/home/downloads?sec=download#catalog",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

6
CVE-2023/CVE-2023-65xx/CVE-2023-6579.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6579",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.300",
"lastModified": "2023-12-08T14:23:14.473",
"lastModified": "2023-12-08T17:15:07.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -72,6 +72,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247160",
"source": "cna@vuldb.com"

63
CVE-2023/CVE-2023-66xx/CVE-2023-6606.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6606",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-08T17:15:07.733",
"lastModified": "2023-12-08T17:15:07.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6606",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611",
"source": "secalert@redhat.com"
}
]
}

63
CVE-2023/CVE-2023-66xx/CVE-2023-6610.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6610",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-08T17:15:07.933",
"lastModified": "2023-12-08T17:15:07.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6610",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614",
"source": "secalert@redhat.com"
}
]
}

88
CVE-2023/CVE-2023-66xx/CVE-2023-6615.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6615",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.143",
"lastModified": "2023-12-08T17:15:08.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247250",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247250",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-66xx/CVE-2023-6616.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6616",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.367",
"lastModified": "2023-12-08T17:15:08.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247253",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247253",
"source": "cna@vuldb.com"
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/sxa6f9gywg6vfbur",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-66xx/CVE-2023-6617.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6617",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.600",
"lastModified": "2023-12-08T17:15:08.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247254",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247254",
"source": "cna@vuldb.com"
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-66xx/CVE-2023-6618.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6618",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T17:15:08.827",
"lastModified": "2023-12-08T17:15:08.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.247255",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247255",
"source": "cna@vuldb.com"
},
{
"url": "https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-66xx/CVE-2023-6619.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6619",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-08T18:15:06.930",
"lastModified": "2023-12-08T18:15:06.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247256",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247256",
"source": "cna@vuldb.com"
}
]
}

63
CVE-2023/CVE-2023-66xx/CVE-2023-6622.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6622",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-08T18:15:07.163",
"lastModified": "2023-12-08T18:15:07.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6622",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea",
"source": "secalert@redhat.com"
}
]
}

93
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-08T17:00:18.496155+00:00
2023-12-08T19:00:18.480736+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-08T16:50:35.540000+00:00
2023-12-08T18:54:42.680000+00:00
```
### Last Data Feed Release
@ -29,69 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232622
232630
```
### CVEs added in the last Commit
Recently added CVEs: `41`
Recently added CVEs: `8`
* [CVE-2023-48423](CVE-2023/CVE-2023-484xx/CVE-2023-48423.json) (`2023-12-08T16:15:18.657`)
* [CVE-2023-6612](CVE-2023/CVE-2023-66xx/CVE-2023-6612.json) (`2023-12-08T16:15:18.713`)
* [CVE-2023-6613](CVE-2023/CVE-2023-66xx/CVE-2023-6613.json) (`2023-12-08T16:15:19.610`)
* [CVE-2023-6614](CVE-2023/CVE-2023-66xx/CVE-2023-6614.json) (`2023-12-08T16:15:20.223`)
* [CVE-2023-49444](CVE-2023/CVE-2023-494xx/CVE-2023-49444.json) (`2023-12-08T15:15:07.790`)
* [CVE-2023-49484](CVE-2023/CVE-2023-494xx/CVE-2023-49484.json) (`2023-12-08T15:15:07.840`)
* [CVE-2023-49485](CVE-2023/CVE-2023-494xx/CVE-2023-49485.json) (`2023-12-08T15:15:07.893`)
* [CVE-2023-49486](CVE-2023/CVE-2023-494xx/CVE-2023-49486.json) (`2023-12-08T15:15:07.943`)
* [CVE-2023-49487](CVE-2023/CVE-2023-494xx/CVE-2023-49487.json) (`2023-12-08T15:15:07.990`)
* [CVE-2023-6146](CVE-2023/CVE-2023-61xx/CVE-2023-6146.json) (`2023-12-08T15:15:08.037`)
* [CVE-2023-6245](CVE-2023/CVE-2023-62xx/CVE-2023-6245.json) (`2023-12-08T15:15:08.233`)
* [CVE-2023-6608](CVE-2023/CVE-2023-66xx/CVE-2023-6608.json) (`2023-12-08T15:15:08.457`)
* [CVE-2023-6609](CVE-2023/CVE-2023-66xx/CVE-2023-6609.json) (`2023-12-08T15:15:08.683`)
* [CVE-2023-6611](CVE-2023/CVE-2023-66xx/CVE-2023-6611.json) (`2023-12-08T15:15:08.917`)
* [CVE-2023-23372](CVE-2023/CVE-2023-233xx/CVE-2023-23372.json) (`2023-12-08T16:15:15.720`)
* [CVE-2023-32968](CVE-2023/CVE-2023-329xx/CVE-2023-32968.json) (`2023-12-08T16:15:15.943`)
* [CVE-2023-32975](CVE-2023/CVE-2023-329xx/CVE-2023-32975.json) (`2023-12-08T16:15:16.153`)
* [CVE-2023-47565](CVE-2023/CVE-2023-475xx/CVE-2023-47565.json) (`2023-12-08T16:15:16.367`)
* [CVE-2023-48397](CVE-2023/CVE-2023-483xx/CVE-2023-48397.json) (`2023-12-08T16:15:16.560`)
* [CVE-2023-48398](CVE-2023/CVE-2023-483xx/CVE-2023-48398.json) (`2023-12-08T16:15:16.617`)
* [CVE-2023-48399](CVE-2023/CVE-2023-483xx/CVE-2023-48399.json) (`2023-12-08T16:15:16.670`)
* [CVE-2023-48401](CVE-2023/CVE-2023-484xx/CVE-2023-48401.json) (`2023-12-08T16:15:16.720`)
* [CVE-2023-48402](CVE-2023/CVE-2023-484xx/CVE-2023-48402.json) (`2023-12-08T16:15:16.933`)
* [CVE-2023-48403](CVE-2023/CVE-2023-484xx/CVE-2023-48403.json) (`2023-12-08T16:15:17.120`)
* [CVE-2023-49443](CVE-2023/CVE-2023-494xx/CVE-2023-49443.json) (`2023-12-08T15:15:07.740`)
* [CVE-2023-6606](CVE-2023/CVE-2023-66xx/CVE-2023-6606.json) (`2023-12-08T17:15:07.733`)
* [CVE-2023-6610](CVE-2023/CVE-2023-66xx/CVE-2023-6610.json) (`2023-12-08T17:15:07.933`)
* [CVE-2023-6615](CVE-2023/CVE-2023-66xx/CVE-2023-6615.json) (`2023-12-08T17:15:08.143`)
* [CVE-2023-6616](CVE-2023/CVE-2023-66xx/CVE-2023-6616.json) (`2023-12-08T17:15:08.367`)
* [CVE-2023-6617](CVE-2023/CVE-2023-66xx/CVE-2023-6617.json) (`2023-12-08T17:15:08.600`)
* [CVE-2023-6618](CVE-2023/CVE-2023-66xx/CVE-2023-6618.json) (`2023-12-08T17:15:08.827`)
* [CVE-2023-6619](CVE-2023/CVE-2023-66xx/CVE-2023-6619.json) (`2023-12-08T18:15:06.930`)
* [CVE-2023-6622](CVE-2023/CVE-2023-66xx/CVE-2023-6622.json) (`2023-12-08T18:15:07.163`)
### CVEs modified in the last Commit
Recently modified CVEs: `75`
Recently modified CVEs: `42`
* [CVE-2023-40463](CVE-2023/CVE-2023-404xx/CVE-2023-40463.json) (`2023-12-08T15:46:41.393`)
* [CVE-2023-40462](CVE-2023/CVE-2023-404xx/CVE-2023-40462.json) (`2023-12-08T15:46:50.287`)
* [CVE-2023-40461](CVE-2023/CVE-2023-404xx/CVE-2023-40461.json) (`2023-12-08T15:47:23.163`)
* [CVE-2023-40460](CVE-2023/CVE-2023-404xx/CVE-2023-40460.json) (`2023-12-08T15:47:41.403`)
* [CVE-2023-40459](CVE-2023/CVE-2023-404xx/CVE-2023-40459.json) (`2023-12-08T15:47:51.637`)
* [CVE-2023-40103](CVE-2023/CVE-2023-401xx/CVE-2023-40103.json) (`2023-12-08T15:48:11.713`)
* [CVE-2023-40098](CVE-2023/CVE-2023-400xx/CVE-2023-40098.json) (`2023-12-08T15:48:26.640`)
* [CVE-2023-40097](CVE-2023/CVE-2023-400xx/CVE-2023-40097.json) (`2023-12-08T15:48:56.323`)
* [CVE-2023-40096](CVE-2023/CVE-2023-400xx/CVE-2023-40096.json) (`2023-12-08T15:49:13.587`)
* [CVE-2023-40095](CVE-2023/CVE-2023-400xx/CVE-2023-40095.json) (`2023-12-08T15:49:28.417`)
* [CVE-2023-40094](CVE-2023/CVE-2023-400xx/CVE-2023-40094.json) (`2023-12-08T15:49:46.737`)
* [CVE-2023-40092](CVE-2023/CVE-2023-400xx/CVE-2023-40092.json) (`2023-12-08T15:49:57.273`)
* [CVE-2023-40091](CVE-2023/CVE-2023-400xx/CVE-2023-40091.json) (`2023-12-08T15:50:07.320`)
* [CVE-2023-40090](CVE-2023/CVE-2023-400xx/CVE-2023-40090.json) (`2023-12-08T15:53:14.603`)
* [CVE-2023-40089](CVE-2023/CVE-2023-400xx/CVE-2023-40089.json) (`2023-12-08T15:53:26.687`)
* [CVE-2023-40088](CVE-2023/CVE-2023-400xx/CVE-2023-40088.json) (`2023-12-08T15:53:48.937`)
* [CVE-2023-40087](CVE-2023/CVE-2023-400xx/CVE-2023-40087.json) (`2023-12-08T15:54:00.930`)
* [CVE-2023-40084](CVE-2023/CVE-2023-400xx/CVE-2023-40084.json) (`2023-12-08T15:54:10.807`)
* [CVE-2023-49280](CVE-2023/CVE-2023-492xx/CVE-2023-49280.json) (`2023-12-08T15:54:43.680`)
* [CVE-2023-45781](CVE-2023/CVE-2023-457xx/CVE-2023-45781.json) (`2023-12-08T15:55:05.953`)
* [CVE-2023-24046](CVE-2023/CVE-2023-240xx/CVE-2023-24046.json) (`2023-12-08T16:03:04.717`)
* [CVE-2023-24047](CVE-2023/CVE-2023-240xx/CVE-2023-24047.json) (`2023-12-08T16:23:33.007`)
* [CVE-2023-24049](CVE-2023/CVE-2023-240xx/CVE-2023-24049.json) (`2023-12-08T16:32:19.967`)
* [CVE-2023-24050](CVE-2023/CVE-2023-240xx/CVE-2023-24050.json) (`2023-12-08T16:37:34.153`)
* [CVE-2023-24051](CVE-2023/CVE-2023-240xx/CVE-2023-24051.json) (`2023-12-08T16:50:35.540`)
* [CVE-2023-5944](CVE-2023/CVE-2023-59xx/CVE-2023-5944.json) (`2023-12-08T17:28:11.723`)
* [CVE-2023-49293](CVE-2023/CVE-2023-492xx/CVE-2023-49293.json) (`2023-12-08T17:28:27.917`)
* [CVE-2023-49288](CVE-2023/CVE-2023-492xx/CVE-2023-49288.json) (`2023-12-08T17:29:23.270`)
* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2023-12-08T17:30:06.817`)
* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2023-12-08T17:30:27.670`)
* [CVE-2023-24052](CVE-2023/CVE-2023-240xx/CVE-2023-24052.json) (`2023-12-08T17:38:12.703`)
* [CVE-2023-35668](CVE-2023/CVE-2023-356xx/CVE-2023-35668.json) (`2023-12-08T17:47:02.357`)
* [CVE-2023-40073](CVE-2023/CVE-2023-400xx/CVE-2023-40073.json) (`2023-12-08T17:50:29.510`)
* [CVE-2023-40074](CVE-2023/CVE-2023-400xx/CVE-2023-40074.json) (`2023-12-08T17:51:45.870`)
* [CVE-2023-40075](CVE-2023/CVE-2023-400xx/CVE-2023-40075.json) (`2023-12-08T17:55:45.390`)
* [CVE-2023-47100](CVE-2023/CVE-2023-471xx/CVE-2023-47100.json) (`2023-12-08T17:57:01.690`)
* [CVE-2023-40076](CVE-2023/CVE-2023-400xx/CVE-2023-40076.json) (`2023-12-08T17:57:47.650`)
* [CVE-2023-40078](CVE-2023/CVE-2023-400xx/CVE-2023-40078.json) (`2023-12-08T18:00:30.370`)
* [CVE-2023-40077](CVE-2023/CVE-2023-400xx/CVE-2023-40077.json) (`2023-12-08T18:01:28.773`)
* [CVE-2023-40079](CVE-2023/CVE-2023-400xx/CVE-2023-40079.json) (`2023-12-08T18:05:46.703`)
* [CVE-2023-40080](CVE-2023/CVE-2023-400xx/CVE-2023-40080.json) (`2023-12-08T18:10:39.777`)
* [CVE-2023-40081](CVE-2023/CVE-2023-400xx/CVE-2023-40081.json) (`2023-12-08T18:14:18.023`)
* [CVE-2023-5915](CVE-2023/CVE-2023-59xx/CVE-2023-5915.json) (`2023-12-08T18:24:27.517`)
* [CVE-2023-40082](CVE-2023/CVE-2023-400xx/CVE-2023-40082.json) (`2023-12-08T18:24:29.763`)
* [CVE-2023-40083](CVE-2023/CVE-2023-400xx/CVE-2023-40083.json) (`2023-12-08T18:31:19.213`)
* [CVE-2023-45253](CVE-2023/CVE-2023-452xx/CVE-2023-45253.json) (`2023-12-08T18:31:28.750`)
* [CVE-2023-45252](CVE-2023/CVE-2023-452xx/CVE-2023-45252.json) (`2023-12-08T18:45:28.017`)
* [CVE-2023-48695](CVE-2023/CVE-2023-486xx/CVE-2023-48695.json) (`2023-12-08T18:51:23.953`)
* [CVE-2023-28811](CVE-2023/CVE-2023-288xx/CVE-2023-28811.json) (`2023-12-08T18:53:08.613`)
* [CVE-2023-34982](CVE-2023/CVE-2023-349xx/CVE-2023-34982.json) (`2023-12-08T18:53:18.187`)
## Download and Usage