admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-14T21:00:24.921161+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-14 21:00:28 +00:00
parent d16e351b94
commit 26af71ca94
68 changed files with 4419 additions and 300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
CVE-2009/CVE-2009-41xx/CVE-2009-4123.json
View File

@ -2,31 +2,100 @@
"id": "CVE-2009-4123",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T16:15:07.407",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:36:27.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation."
},
{
"lang": "es",
"value": "La gema jruby-openssl anterior a 0.6 para JRuby maneja mal la validaci\u00f3n del certificado SSL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jruby:jruby-openssl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6",
"matchCriteriaId": "EE19B114-736D-4954-B481-4FDC948A6ABE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2013/CVE-2013-25xx/CVE-2013-2513.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2013-2513",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T16:15:07.490",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:35:18.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file."
},
{
"lang": "es",
"value": "La gema flash_tool hasta 0.6.0 para Ruby permite la ejecuci\u00f3n de comandos mediante metacaracteres de shell en el nombre de un archivo descargado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:milboj:flash_tool:*:*:*:*:*:ruby:*:*",
"versionEndIncluding": "0.6.0",
"matchCriteriaId": "748F9BDE-66DE-47F3-B1C4-0DF7F2B20895"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-6325-6g32-7p35",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2015/CVE-2015-21xx/CVE-2015-2179.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2015-2179",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.383",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:35:06.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments."
},
{
"lang": "es",
"value": "xaviershay-dm-rails gem 0.10.3.8 para Ruby permite a los usuarios locales descubrir las credenciales de MySQL enumerando un proceso y sus argumentos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xaviershay-dm-rails_porject:xaviershay-dm-rails:0.10.3.8:*:*:*:*:ruby:*:*",
"matchCriteriaId": "B433654E-4DB3-478F-8703-EDB7F9111EED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.vapid.dhs.org/advisory.php?v=115",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

79
CVE-2015/CVE-2015-83xx/CVE-2015-8314.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2015-8314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.450",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:34:05.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access."
},
{
"lang": "es",
"value": "Devise gem anterior a 3.5.4 para Ruby maneja mal las cookies Recordarme para las sesiones, lo que puede permitir que un adversario obtenga acceso persistente no autorizado a la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:heartcombo:devise:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "3.5.4",
"matchCriteriaId": "693703F3-9D16-4FB7-930F-0FD309D1D3F4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://rubysec.com/advisories/CVE-2015-8314/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2018/CVE-2018-161xx/CVE-2018-16153.json
View File

@ -2,31 +2,101 @@
"id": "CVE-2018-16153",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.517",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:30:45.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Apereo Opencast 4.x a 10.x antes de 10.6. Env\u00eda credenciales de resumen del sistema durante los intentos de autenticaci\u00f3n a servicios externos arbitrarios en algunas situaciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "10.6",
"matchCriteriaId": "8AB1096F-E6FE-4478-B7EE-9A9672C041D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://docs.opencast.org/r/10.x/admin/#changelog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/advisories/GHSA-hcxx-mp6g-6gr9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.apereo.org/projects/opencast/news",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

91
CVE-2020/CVE-2020-106xx/CVE-2020-10676.json
View File

@ -2,31 +2,108 @@
"id": "CVE-2020-10676",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.580",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:43:09.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project."
},
{
"lang": "es",
"value": "En Rancher 2.x anterior a 2.6.13 y 2.7.x anterior a 2.7.4, una verificaci\u00f3n de autorizaci\u00f3n aplicada incorrectamente permite a los usuarios que tienen cierto acceso a un espacio de nombres mover ese espacio de nombres a un proyecto diferente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.6.13",
"matchCriteriaId": "75BBD6AD-2585-4F51-BDB7-72963821FC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.4",
"matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://forums.rancher.com/c/announcements",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/advisories/GHSA-8vhc-hwhc-cpj4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rancher/rancher/releases/tag/v2.6.13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/rancher/rancher/releases/tag/v2.7.4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

73
CVE-2020/CVE-2020-126xx/CVE-2020-12614.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2020-12614",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.363",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:24:55.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Si se seleccionan los criterios del editor, se define el nombre de un editor que debe estar presente en el certificado (y tambi\u00e9n requiere que el certificado sea v\u00e1lido). Si un token Agregar administrador est\u00e1 protegido por este criterio, un actor malintencionado puede aprovecharlo para lograr la elevaci\u00f3n de privilegios de usuario est\u00e1ndar a administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.6",
"matchCriteriaId": "9E9A81CC-3192-447F-97C9-7913C5410962"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2020/CVE-2020-283xx/CVE-2020-28369.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2020-28369",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.450",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:22:08.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp."
},
{
"lang": "es",
"value": "En BeyondTrust Privilege Management para Windows (tambi\u00e9n conocido como PMfW) hasta 5.7, una instalaci\u00f3n de SISTEMA hace que Cryptbase.dll se cargue desde la ubicaci\u00f3n de escritura del usuario %WINDIR%\\Temp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.7",
"matchCriteriaId": "653794F5-3E2F-455F-8788-72885B8BD698"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/privilege-management/windows-mac",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2022/CVE-2022-427xx/CVE-2022-42716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42716",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-12T20:15:10.713",
"lastModified": "2023-03-01T15:08:26.957",
"lastModified": "2023-12-14T20:02:26.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -53,26 +53,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r1p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "48F069A5-6E3A-4E30-A69A-CCA50D66E8B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r4p0",
"versionEndIncluding": "r32p0",
"matchCriteriaId": "66BA8ABE-5D0E-45DF-892D-57C9C246CA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r19p0",
"versionStartIncluding": "r29p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "E6BB9E6B-1620-486F-98C5-397292AA1EB4"
"matchCriteriaId": "EA28D70F-8D10-4352-BA08-E09ABBD533C5"
}
]
}

85
CVE-2022/CVE-2022-445xx/CVE-2022-44543.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2022-44543",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.663",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:42:42.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled."
},
{
"lang": "es",
"value": "La extensi\u00f3n femanager anterior a 5.5.2, 6.x anterior a 6.3.3 y 7.x anterior a 7.0.1 para TYPO3 permite la creaci\u00f3n de usuarios frontend en grupos restringidos (si hay un campo de grupo de usuarios en el formulario de registro). Esto ocurre porque el mecanismo de protecci\u00f3n usergroup.inList no se maneja correctamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*",
"versionEndExcluding": "5.5.2",
"matchCriteriaId": "E0EAE8E8-47BE-4D35-BE8C-530CC4668BF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.3.3",
"matchCriteriaId": "93866A98-CFC8-4CFB-B227-CA98ADEA8FEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:in2code:femanager:7.0.0:*:*:*:*:typo3:*:*",
"matchCriteriaId": "ADE46436-77C4-4E8E-A3DF-1C26D55B8F69"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://typo3.org/help/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2022/CVE-2022-468xx/CVE-2022-46891.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46891",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-17T08:15:10.453",
"lastModified": "2023-01-24T21:43:36.747",
"lastModified": "2023-12-14T20:03:01.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,24 +55,24 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r1p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "8B9AAAAC-2DEC-4408-A029-A7C4113BFF54"
"matchCriteriaId": "48F069A5-6E3A-4E30-A69A-CCA50D66E8B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r13p0",
"versionEndIncluding": "r32p0",
"matchCriteriaId": "3810F654-D958-48A0-956E-054B23488785"
"matchCriteriaId": "48B2F411-CC76-4D35-98DB-1CC997C36F84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r19p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "8DE4A4E3-FC1B-4FD2-974F-8ED8D76943C9"
"matchCriteriaId": "E6BB9E6B-1620-486F-98C5-397292AA1EB4"
}
]
}

6
CVE-2023/CVE-2023-249xx/CVE-2023-24922.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24922",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-03-14T17:15:19.233",
"lastModified": "2023-04-28T15:02:47.330",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-14T19:15:14.667",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Information Disclosure Vulnerability"
"value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability"
}
],
"metrics": {

78
CVE-2023/CVE-2023-269xx/CVE-2023-26920.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-26920",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.720",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:41:19.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution."
},
{
"lang": "es",
"value": "fast-xml-parser anterior a 4.1.2 permite __proto__ para Prototype Pollution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:naturalintelligence:fast_xml_parser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.2",
"matchCriteriaId": "94905D51-E4A0-4FAF-A3BC-98F8A0F87DCB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/advisories/GHSA-793h-6f7r-6qvm",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35619.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35619",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:16.913",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:39:57.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook for Mac Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Outlook para Mac"
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-356xx/CVE-2023-35628.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35628",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.807",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:48:31.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la plataforma Windows MSHTML"
}
],
"metrics": {
@ -34,10 +38,122 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.584",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-356xx/CVE-2023-35629.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35629",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.990",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:47:46.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador de dispositivo Microsoft USBHUB 3.0"
}
],
"metrics": {
@ -34,10 +38,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35629",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

127
CVE-2023/CVE-2023-356xx/CVE-2023-35630.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35630",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.183",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:46:37.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de conexi\u00f3n compartida a Internet (ICS)"
}
],
"metrics": {
@ -34,10 +38,127 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.584",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-356xx/CVE-2023-35631.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35631",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.360",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:46:22.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"metrics": {
@ -34,10 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.584",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-356xx/CVE-2023-35632.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35632",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.547",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:46:02.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Controlador de funci\u00f3n auxiliar de Windows para la vulnerabilidad de elevaci\u00f3n de privilegios de WinSock"
}
],
"metrics": {
@ -34,10 +38,93 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6529",
"matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-356xx/CVE-2023-35633.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35633",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.760",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:45:09.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"metrics": {
@ -34,10 +38,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20345",
"matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-356xx/CVE-2023-35634.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-35634",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.937",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:44:58.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador Bluetooth de Windows"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -34,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

50
CVE-2023/CVE-2023-356xx/CVE-2023-35635.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35635",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.107",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:42:38.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del kernel de Windows"
}
],
"metrics": {
@ -34,10 +38,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-356xx/CVE-2023-35636.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35636",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.277",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:42:06.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Outlook"
}
],
"metrics": {
@ -34,10 +38,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*",
"matchCriteriaId": "DC9D0A78-9F16-41E0-910E-E93269DB9B30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
"matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-366xx/CVE-2023-36696.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36696",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:22.690",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:47:25.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del minifiltro de archivos en la nube de Windows"
}
],
"metrics": {
@ -34,10 +38,90 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5206",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3803",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3803",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2652",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2861",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.2861",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.584",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-374xx/CVE-2023-37457.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37457",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.260",
"lastModified": "2023-12-14T20:15:52.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"source": "security-advisories@github.com"
}
]
}

87
CVE-2023/CVE-2023-411xx/CVE-2023-41119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41119",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T07:15:45.387",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:48:44.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.21.32",
"matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.16.20",
"matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.12.17",
"matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.9.0",
"matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.4.0",
"matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341119/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-411xx/CVE-2023-41120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41120",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T07:15:45.860",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:54:24.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.21.32",
"matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.16.20",
"matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.12.17",
"matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.9.0",
"matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.4.0",
"matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341120/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-411xx/CVE-2023-41151.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T19:15:16.193",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing."
}
],
"metrics": {},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html",
"source": "cve@mitre.org"
}
]
}

327
CVE-2023/CVE-2023-419xx/CVE-2023-41963.json
View File

@ -2,23 +2,340 @@
"id": "CVE-2023-41963",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.253",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:41:34.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el servicio FTP de la serie HMI GC-A2. Si un atacante remoto no autenticado env\u00eda paquetes especialmente manipulados a puertos espec\u00edficos, puede producirse una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6BFC0-2629-40E6-9560-F4CCF247FF86"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E58817AE-FC2B-4196-A09D-7BF15368373F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F462AD0-21AD-4FBD-98F9-2BD920135243"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24w-c\\(w\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9C7A9-D352-4DC6-AD86-09C9D73D010F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3F78EB-466C-4E82-83CA-07BD6F04FFF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26w-c\\(w\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD63E1F9-5446-4EAD-9B1E-F13FF8777A90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6FAC57-BE6E-4278-9BD9-3752EACA1276"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3772C-2354-47F9-B240-13D83BE15918"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3DC5A5-FFA1-44E9-BE37-17BBFC521BBD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D13B24-686E-4276-9225-2D72216FB295"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA028275-6BCB-4E72-8C9D-EDE94ADAFC8C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "943F5C5F-FFE8-42FC-ACFD-ADA72E9998C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080F664B-552A-4E18-B0B5-E1D747DDACAA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F132BC-7E89-4350-A126-9E4DCECA056A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72440455-A361-4C9A-B8D3-62E0158ACD5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6513442-366F-4C44-BA69-A8FFC3A4DD5B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C474BB0-2ACC-4B2D-9F32-4106C71157D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2F9BBA-89AE-4B8D-9889-C4D4C05F6CB8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B478A37-3780-436D-893F-C0375EEA3EC4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1530E0C4-B18C-4C5D-AE8F-F76844F30273"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-458xx/CVE-2023-45894.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45894",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:52.687",
"lastModified": "2023-12-14T20:15:52.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/Parallels%20Remote%20Server/readme.md",
"source": "cve@mitre.org"
}
]
}

105
CVE-2023/CVE-2023-462xx/CVE-2023-46281.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46281",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.653",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:22:25.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones &lt; V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +70,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "15",
"matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15",
"versionEndExcluding": "16",
"matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16",
"versionEndExcluding": "17",
"matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"versionEndExcluding": "18",
"matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

117
CVE-2023/CVE-2023-462xx/CVE-2023-46282.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-46282",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.870",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:28:47.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones &lt; V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +80,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "15",
"matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15",
"versionEndExcluding": "16",
"matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16",
"versionEndExcluding": "17",
"matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"versionEndExcluding": "18",
"matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-464xx/CVE-2023-46454.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-46454",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.680",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:33:14.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality."
},
{
"lang": "es",
"value": "En los routers GL.iNET GL-AR300M con firmware v4.3.7, es posible inyectar comandos de shell arbitrarios a trav\u00e9s de un nombre de paquete manipulado en la funcionalidad de informaci\u00f3n del paquete."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-464xx/CVE-2023-46455.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-46455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.743",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:02:29.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality."
},
{
"lang": "es",
"value": "En los routers GL.iNET GL-AR300M con firmware v4.3.7 es posible escribir archivos arbitrarios mediante un ataque de path traversal en la funcionalidad de carga de archivos del cliente OpenVPN."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.gl-inet.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-46xx/CVE-2023-4694.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-4694",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-12-14T19:15:16.243",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_9823639-9823677-16/hpsbpi03894",
"source": "hp-security-alert@hp.com"
}
]
}

59
CVE-2023/CVE-2023-483xx/CVE-2023-48313.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48313",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T18:15:22.933",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:55:34.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue."
},
{
"lang": "es",
"value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 10.0.0 y antes de las versiones 10.8.1 y 12.3.4, Umbraco contiene una vulnerabilidad de Cross-Site Scripting (XSS) que permite a los atacantes introducir contenido malicioso en un sitio web o aplicaci\u00f3n. Las versiones 10.8.1 y 12.3.4 contienen un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.8.1",
"matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.3.4",
"matchCriteriaId": "AD471553-62B9-4DBB-8DF6-93F7C3A08957"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-484xx/CVE-2023-48427.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-48427",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.677",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:07:17.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones &lt; V1.0 SP2 Update 2). Los productos afectados no validan correctamente el certificado del servidor UMC configurado. Esto podr\u00eda permitir a un atacante interceptar las credenciales que se env\u00edan al servidor UMC, as\u00ed como manipular las respuestas, lo que podr\u00eda permitirle al atacante escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,64 @@
"value": "CWE-295"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*",
"matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-484xx/CVE-2023-48428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48428",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.873",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:38:27.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones &lt; V1.0 SP2 Update 2). El mecanismo de configuraci\u00f3n de radio de los productos afectados no verifica correctamente los certificados cargados. Un administrador malintencionado podr\u00eda cargar un certificado manipulado, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio o podr\u00eda emitir comandos a nivel del sistema."
}
],
"metrics": {
@ -36,7 +40,7 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +48,64 @@
"value": "CWE-78"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*",
"matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-484xx/CVE-2023-48429.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48429",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:15.083",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:37:51.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones &lt; V1.0 SP2 Update 2). La interfaz de usuario web de los dispositivos afectados no comprueba la longitud de los par\u00e1metros en determinadas condiciones. Esto permite que un administrador malintencionado bloquee el servidor enviando una solicitud manipulada al servidor. El servidor se reiniciar\u00e1 autom\u00e1ticamente."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*",
"matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-484xx/CVE-2023-48430.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48430",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:15.433",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:37:28.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones &lt; V1.0 SP2 Update 2). La API REST de los dispositivos afectados no comprueba la longitud de los par\u00e1metros en determinadas condiciones. Esto permite que un administrador malintencionado bloquee el servidor enviando una solicitud manipulada a la API. El servidor se reiniciar\u00e1 autom\u00e1ticamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*",
"matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-484xx/CVE-2023-48431.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-48431",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:15.777",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:37:00.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427)."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones &lt; V1.0 SP2 Update 2). El software afectado no valida correctamente la respuesta recibida por un servidor UMC. Un atacante puede utilizar esto para bloquear el software afectado proporcionando y configurando un servidor UMC malicioso o manipulando el tr\u00e1fico desde un servidor UMC leg\u00edtimo (es decir, aprovechando CVE-2023-48427)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,64 @@
"value": "CWE-754"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*",
"matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

327
CVE-2023/CVE-2023-491xx/CVE-2023-49140.json
View File

@ -2,23 +2,340 @@
"id": "CVE-2023-49140",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.320",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:50:01.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el servicio de enlace complejo de la serie HMI GC-A2. Si un atacante remoto no autenticado env\u00eda paquetes especialmente manipulados a puertos espec\u00edficos, puede producirse una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6BFC0-2629-40E6-9560-F4CCF247FF86"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E58817AE-FC2B-4196-A09D-7BF15368373F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F462AD0-21AD-4FBD-98F9-2BD920135243"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24w-c\\(w\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9C7A9-D352-4DC6-AD86-09C9D73D010F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3F78EB-466C-4E82-83CA-07BD6F04FFF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26w-c\\(w\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD63E1F9-5446-4EAD-9B1E-F13FF8777A90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6FAC57-BE6E-4278-9BD9-3752EACA1276"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3772C-2354-47F9-B240-13D83BE15918"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3DC5A5-FFA1-44E9-BE37-17BBFC521BBD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D13B24-686E-4276-9225-2D72216FB295"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA028275-6BCB-4E72-8C9D-EDE94ADAFC8C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "943F5C5F-FFE8-42FC-ACFD-ADA72E9998C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080F664B-552A-4E18-B0B5-E1D747DDACAA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F132BC-7E89-4350-A126-9E4DCECA056A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72440455-A361-4C9A-B8D3-62E0158ACD5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6513442-366F-4C44-BA69-A8FFC3A4DD5B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C474BB0-2ACC-4B2D-9F32-4106C71157D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2F9BBA-89AE-4B8D-9889-C4D4C05F6CB8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B478A37-3780-436D-893F-C0375EEA3EC4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1530E0C4-B18C-4C5D-AE8F-F76844F30273"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-491xx/CVE-2023-49151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49151",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.450",
"lastModified": "2023-12-14T18:15:44.450",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49152",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.683",
"lastModified": "2023-12-14T18:15:44.683",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-491xx/CVE-2023-49157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49157",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T18:15:44.877",
"lastModified": "2023-12-14T18:15:44.877",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-492xx/CVE-2023-49294.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.730",
"lastModified": "2023-12-14T20:15:52.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"source": "security-advisories@github.com"
}
]
}

62
CVE-2023/CVE-2023-495xx/CVE-2023-49583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49583",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:36:00.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,22 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.0",
"matchCriteriaId": "25DBD412-2F7D-45F1-B7C4-8A4237BD602E"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.npmjs.com/package/@sap/xssec",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-497xx/CVE-2023-49786.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49786",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T20:15:52.927",
"lastModified": "2023-12-14T20:15:52.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"source": "security-advisories@github.com"
}
]
}

62
CVE-2023/CVE-2023-498xx/CVE-2023-49803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49803",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T23:15:07.620",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:03:24.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koajs:cross-origin_resource_sharing_for_koa:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.0.0",
"matchCriteriaId": "6F956DDB-4F42-4714-B81A-29394B3F5E3B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/koajs/cors/commit/f31dac99f5355c41e7d4dd3c4a80c5f154941a11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/koajs/cors/security/advisories/GHSA-qxrj-hx23-xp82",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-498xx/CVE-2023-49804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49804",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T23:15:07.840",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:59:50.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23.9",
"matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
}
]
}

71
CVE-2023/CVE-2023-498xx/CVE-2023-49805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T23:15:08.057",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:48:34.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23.9",
"matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49990.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49990",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.553",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:20:05.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espeak-ng 1.52-dev conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n SetUpPhonemeTable en synthdata.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*",
"matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espeak-ng/espeak-ng/issues/1824",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49991.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49991",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.600",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:19:27.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene un desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n CountVowelPosition en synthdata.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*",
"matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espeak-ng/espeak-ng/issues/1825",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49992.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49992",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.653",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:18:58.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene un desbordamiento del b\u00fafer mediante la funci\u00f3n RemoveEnding en diccionario.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*",
"matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espeak-ng/espeak-ng/issues/1827",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49993.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49993",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.700",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:18:23.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espeak-ng 1.52-dev conten\u00eda un desbordamiento del b\u00fafer mediante la funci\u00f3n ReadClause en readclause.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*",
"matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espeak-ng/espeak-ng/issues/1826",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49994.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49994",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.750",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:09:14.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene una excepci\u00f3n de punto flotante a trav\u00e9s de la funci\u00f3n PeaksToHarmspect en wavegen.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*",
"matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espeak-ng/espeak-ng/issues/1823",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-500xx/CVE-2023-50017.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50017",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T19:15:16.297",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-502xx/CVE-2023-50269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50269",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.070",
"lastModified": "2023-12-14T18:15:45.070",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

89
CVE-2023/CVE-2023-504xx/CVE-2023-50422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50422",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:04:59.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,38 +70,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.17.0",
"matchCriteriaId": "C15B0C1E-C64B-4F01-8465-24BD6DB6A0BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.3.0",
"matchCriteriaId": "9B846878-8BDA-4364-B1FC-928B6F92C869"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Product"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-504xx/CVE-2023-50471.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:53.130",
"lastModified": "2023-12-14T20:15:53.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DaveGamble/cJSON/issues/802",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-504xx/CVE-2023-50472.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50472",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T20:15:53.180",
"lastModified": "2023-12-14T20:15:53.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DaveGamble/cJSON/issues/803",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-504xx/CVE-2023-50495.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-50495",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.867",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:37:40.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NCurse v6.4-20230418 conten\u00eda un error de segmentaci\u00f3n a trav\u00e9s del componente _nc_wrap_entry()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:invisible-island:ncurse:6.4-20230418:*:*:*:*:*:*:*",
"matchCriteriaId": "4796E807-08B7-46FD-9BD1-EF727BE6BB58"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-507xx/CVE-2023-50710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50710",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.270",
"lastModified": "2023-12-14T18:15:45.270",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-507xx/CVE-2023-50713.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50713",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T19:15:16.340",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users.\n\nThis has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
]
}
],
"references": [
{
"url": "https://github.com/specklesystems/speckle-server/commit/3689e1cd58ec4f06abee836af34889d6ce474571",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/specklesystems/speckle-server/releases/tag/2.17.6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/specklesystems/speckle-server/security/advisories/GHSA-xpf3-5q5x-3qwh",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-61xx/CVE-2023-6193.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6193",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2023-12-12T14:15:07.797",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:19:39.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\nQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \nQuiche versions greater than 0.19.0 address this problem."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que quiche v. 0.15.0 a 0.19.0 era vulnerable a colas ilimitadas de mensajes de validaci\u00f3n de ruta, lo que podr\u00eda provocar un consumo excesivo de recursos. La validaci\u00f3n de ruta QUIC (RFC 9000 Secci\u00f3n 8.2) requiere que el destinatario de una trama PATH_CHALLENGE responda enviando una PATH_RESPONSE. Un atacante remoto no autenticado puede explotar la vulnerabilidad enviando tramas PATH_CHALLENGE y manipulando la conexi\u00f3n (por ejemplo, restringiendo el tama\u00f1o de la ventana de congesti\u00f3n del par) de modo que las tramas PATH_RESPONSE s\u00f3lo puedan enviarse a una velocidad m\u00e1s lenta de la que se reciben; lo que lleva al almacenamiento de datos de validaci\u00f3n de ruta en una cola ilimitada. Las versiones de Quiche superiores a 0.19.0 solucionan este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cna@cloudflare.com",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudflare:quiche:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.15.0",
"versionEndIncluding": "0.19.0",
"matchCriteriaId": "754F9BC1-68D8-4071-A987-42FFCD3AE06D"
}
]
}
]
}
],
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2",
"source": "cna@cloudflare.com"
"source": "cna@cloudflare.com",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm",
"source": "cna@cloudflare.com"
"source": "cna@cloudflare.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-65xx/CVE-2023-6547.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6547",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.857",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T19:31:10.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.\u00a0\n\n"
},
{
"lang": "es",
"value": "Mattermost no valida la membres\u00eda del equipo cuando un usuario intenta acceder a un playbook, lo que permite que un usuario con permisos para un playbook pero sin permisos para el equipo en el que se encuentra el playbook acceda y modifique el playbook. Esto puede suceder si el usuario alguna vez fue miembro del equipo, obtuvo permisos para el playbook y luego fue eliminado del equipo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.5",
"matchCriteriaId": "6FA74D02-6508-49A3-960F-22B84B6E5B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.1",
"matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6563",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-14T18:15:45.540",
"lastModified": "2023-12-14T18:15:45.540",
"vulnStatus": "Received",
"lastModified": "2023-12-14T19:26:01.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

91
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-14T19:00:25.136410+00:00
2023-12-14T21:00:24.921161+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-14T18:58:08.837000+00:00
2023-12-14T20:55:34.777000+00:00
```
### Last Data Feed Release
@ -29,65 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233211
233221
```
### CVEs added in the last Commit
Recently added CVEs: `21`
Recently added CVEs: `10`
* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-14T17:15:07.257`)
* [CVE-2023-42800](CVE-2023/CVE-2023-428xx/CVE-2023-42800.json) (`2023-12-14T17:15:07.463`)
* [CVE-2023-42801](CVE-2023/CVE-2023-428xx/CVE-2023-42801.json) (`2023-12-14T17:15:07.657`)
* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-14T17:15:07.933`)
* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-14T17:15:07.987`)
* [CVE-2023-48756](CVE-2023/CVE-2023-487xx/CVE-2023-48756.json) (`2023-12-14T17:15:08.187`)
* [CVE-2023-48767](CVE-2023/CVE-2023-487xx/CVE-2023-48767.json) (`2023-12-14T17:15:08.380`)
* [CVE-2023-48770](CVE-2023/CVE-2023-487xx/CVE-2023-48770.json) (`2023-12-14T17:15:08.570`)
* [CVE-2023-48771](CVE-2023/CVE-2023-487xx/CVE-2023-48771.json) (`2023-12-14T17:15:08.763`)
* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-14T17:15:08.953`)
* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-14T17:15:09.143`)
* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-14T17:15:09.337`)
* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-14T17:15:09.533`)
* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-14T17:15:09.727`)
* [CVE-2023-5769](CVE-2023/CVE-2023-57xx/CVE-2023-5769.json) (`2023-12-14T17:15:09.920`)
* [CVE-2023-49151](CVE-2023/CVE-2023-491xx/CVE-2023-49151.json) (`2023-12-14T18:15:44.450`)
* [CVE-2023-49152](CVE-2023/CVE-2023-491xx/CVE-2023-49152.json) (`2023-12-14T18:15:44.683`)
* [CVE-2023-49157](CVE-2023/CVE-2023-491xx/CVE-2023-49157.json) (`2023-12-14T18:15:44.877`)
* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-14T18:15:45.070`)
* [CVE-2023-50710](CVE-2023/CVE-2023-507xx/CVE-2023-50710.json) (`2023-12-14T18:15:45.270`)
* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T18:15:45.540`)
* [CVE-2023-41151](CVE-2023/CVE-2023-411xx/CVE-2023-41151.json) (`2023-12-14T19:15:16.193`)
* [CVE-2023-4694](CVE-2023/CVE-2023-46xx/CVE-2023-4694.json) (`2023-12-14T19:15:16.243`)
* [CVE-2023-50017](CVE-2023/CVE-2023-500xx/CVE-2023-50017.json) (`2023-12-14T19:15:16.297`)
* [CVE-2023-50713](CVE-2023/CVE-2023-507xx/CVE-2023-50713.json) (`2023-12-14T19:15:16.340`)
* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-14T20:15:52.260`)
* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-14T20:15:52.687`)
* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-14T20:15:52.730`)
* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-14T20:15:52.927`)
* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-14T20:15:53.130`)
* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-14T20:15:53.180`)
### CVEs modified in the last Commit
Recently modified CVEs: `53`
Recently modified CVEs: `57`
* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T17:17:54.510`)
* [CVE-2023-44278](CVE-2023/CVE-2023-442xx/CVE-2023-44278.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44279](CVE-2023/CVE-2023-442xx/CVE-2023-44279.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44284](CVE-2023/CVE-2023-442xx/CVE-2023-44284.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44285](CVE-2023/CVE-2023-442xx/CVE-2023-44285.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-44286](CVE-2023/CVE-2023-442xx/CVE-2023-44286.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48660](CVE-2023/CVE-2023-486xx/CVE-2023-48660.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48661](CVE-2023/CVE-2023-486xx/CVE-2023-48661.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-48662](CVE-2023/CVE-2023-486xx/CVE-2023-48662.json) (`2023-12-14T17:17:58.157`)
* [CVE-2023-6647](CVE-2023/CVE-2023-66xx/CVE-2023-6647.json) (`2023-12-14T17:22:19.353`)
* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-14T17:44:34.810`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-14T17:48:27.037`)
* [CVE-2023-41118](CVE-2023/CVE-2023-411xx/CVE-2023-41118.json) (`2023-12-14T17:54:25.937`)
* [CVE-2023-50245](CVE-2023/CVE-2023-502xx/CVE-2023-50245.json) (`2023-12-14T17:57:33.607`)
* [CVE-2023-41623](CVE-2023/CVE-2023-416xx/CVE-2023-41623.json) (`2023-12-14T18:01:27.260`)
* [CVE-2023-46701](CVE-2023/CVE-2023-467xx/CVE-2023-46701.json) (`2023-12-14T18:07:27.107`)
* [CVE-2023-45847](CVE-2023/CVE-2023-458xx/CVE-2023-45847.json) (`2023-12-14T18:20:40.697`)
* [CVE-2023-49607](CVE-2023/CVE-2023-496xx/CVE-2023-49607.json) (`2023-12-14T18:29:44.217`)
* [CVE-2023-49563](CVE-2023/CVE-2023-495xx/CVE-2023-49563.json) (`2023-12-14T18:30:37.733`)
* [CVE-2023-48677](CVE-2023/CVE-2023-486xx/CVE-2023-48677.json) (`2023-12-14T18:32:23.603`)
* [CVE-2023-48642](CVE-2023/CVE-2023-486xx/CVE-2023-48642.json) (`2023-12-14T18:38:31.893`)
* [CVE-2023-49809](CVE-2023/CVE-2023-498xx/CVE-2023-49809.json) (`2023-12-14T18:45:03.083`)
* [CVE-2023-49874](CVE-2023/CVE-2023-498xx/CVE-2023-49874.json) (`2023-12-14T18:51:59.960`)
* [CVE-2023-49058](CVE-2023/CVE-2023-490xx/CVE-2023-49058.json) (`2023-12-14T18:56:27.277`)
* [CVE-2023-45316](CVE-2023/CVE-2023-453xx/CVE-2023-45316.json) (`2023-12-14T18:58:08.837`)
* [CVE-2023-49805](CVE-2023/CVE-2023-498xx/CVE-2023-49805.json) (`2023-12-14T19:48:34.987`)
* [CVE-2023-41119](CVE-2023/CVE-2023-411xx/CVE-2023-41119.json) (`2023-12-14T19:48:44.997`)
* [CVE-2023-41120](CVE-2023/CVE-2023-411xx/CVE-2023-41120.json) (`2023-12-14T19:54:24.970`)
* [CVE-2023-49804](CVE-2023/CVE-2023-498xx/CVE-2023-49804.json) (`2023-12-14T19:59:50.187`)
* [CVE-2023-49803](CVE-2023/CVE-2023-498xx/CVE-2023-49803.json) (`2023-12-14T20:03:24.677`)
* [CVE-2023-48427](CVE-2023/CVE-2023-484xx/CVE-2023-48427.json) (`2023-12-14T20:07:17.240`)
* [CVE-2023-6193](CVE-2023/CVE-2023-61xx/CVE-2023-6193.json) (`2023-12-14T20:19:39.233`)
* [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2023-12-14T20:22:25.383`)
* [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2023-12-14T20:28:47.477`)
* [CVE-2023-50495](CVE-2023/CVE-2023-504xx/CVE-2023-50495.json) (`2023-12-14T20:37:40.283`)
* [CVE-2023-35619](CVE-2023/CVE-2023-356xx/CVE-2023-35619.json) (`2023-12-14T20:39:57.213`)
* [CVE-2023-26920](CVE-2023/CVE-2023-269xx/CVE-2023-26920.json) (`2023-12-14T20:41:19.917`)
* [CVE-2023-41963](CVE-2023/CVE-2023-419xx/CVE-2023-41963.json) (`2023-12-14T20:41:34.697`)
* [CVE-2023-35636](CVE-2023/CVE-2023-356xx/CVE-2023-35636.json) (`2023-12-14T20:42:06.433`)
* [CVE-2023-35635](CVE-2023/CVE-2023-356xx/CVE-2023-35635.json) (`2023-12-14T20:42:38.230`)
* [CVE-2023-35634](CVE-2023/CVE-2023-356xx/CVE-2023-35634.json) (`2023-12-14T20:44:58.467`)
* [CVE-2023-35633](CVE-2023/CVE-2023-356xx/CVE-2023-35633.json) (`2023-12-14T20:45:09.917`)
* [CVE-2023-35632](CVE-2023/CVE-2023-356xx/CVE-2023-35632.json) (`2023-12-14T20:46:02.290`)
* [CVE-2023-35631](CVE-2023/CVE-2023-356xx/CVE-2023-35631.json) (`2023-12-14T20:46:22.417`)
* [CVE-2023-35630](CVE-2023/CVE-2023-356xx/CVE-2023-35630.json) (`2023-12-14T20:46:37.387`)
* [CVE-2023-36696](CVE-2023/CVE-2023-366xx/CVE-2023-36696.json) (`2023-12-14T20:47:25.777`)
* [CVE-2023-35629](CVE-2023/CVE-2023-356xx/CVE-2023-35629.json) (`2023-12-14T20:47:46.863`)
* [CVE-2023-35628](CVE-2023/CVE-2023-356xx/CVE-2023-35628.json) (`2023-12-14T20:48:31.847`)
* [CVE-2023-49140](CVE-2023/CVE-2023-491xx/CVE-2023-49140.json) (`2023-12-14T20:50:01.000`)
* [CVE-2023-48313](CVE-2023/CVE-2023-483xx/CVE-2023-48313.json) (`2023-12-14T20:55:34.777`)
## Download and Usage