admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-12T11:00:48.745094+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-12 11:00:52 +00:00
parent 729bdf24e9
commit 2e7333aec1
32 changed files with 982 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-252xx/CVE-2020-25236.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-25236",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-03-15T17:15:19.877",
"lastModified": "2021-03-18T20:07:34.983",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T10:15:07.480",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device\nexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset."
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",

28
CVE-2022/CVE-2022-363xx/CVE-2022-36361.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-36361",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.037",
"lastModified": "2022-10-12T13:28:43.290",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T10:15:08.540",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code."
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

28
CVE-2022/CVE-2022-363xx/CVE-2022-36362.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-36362",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.103",
"lastModified": "2022-10-12T13:32:27.087",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T10:15:08.887",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

28
CVE-2022/CVE-2022-363xx/CVE-2022-36363.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-36363",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.163",
"lastModified": "2022-10-12T13:34:20.357",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T10:15:09.263",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},

55
CVE-2022/CVE-2022-427xx/CVE-2022-42784.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-42784",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T10:15:09.560",
"lastModified": "2023-12-12T10:15:09.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1319"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf",
"source": "productcert@siemens.com"
}
]
}

6
CVE-2023/CVE-2023-307xx/CVE-2023-30757.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-30757",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:17.323",
"lastModified": "2023-07-05T17:01:26.063",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T10:15:09.900",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
}
],
"metrics": {

10
CVE-2023/CVE-2023-390xx/CVE-2023-39075.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.477",
"lastModified": "2023-09-14T23:15:07.923",
"lastModified": "2023-12-12T09:15:07.337",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device."
},
{
"lang": "es",
"value": "Las versiones 283C35202R a 283C35519R del Renault Zoe EV 2021 (compilaciones del 11.10.2021 al 16.01.2023) permiten a los atacantes bloquear el sistema de infoentretenimiento enviando datos USB arbitrarios a trav\u00e9s de un dispositivo USB."
}
],
"metrics": {
@ -78,6 +82,10 @@
}
],
"references": [
{
"url": "https://blog.dhjeong.kr/posts/automotive/2023/12/how-to-fuzzing-realcars/",
"source": "cve@mitre.org"
},
{
"url": "https://blog.dhjeong.kr/posts/vuln/202307/renault-zoe/",
"source": "cve@mitre.org"

20
CVE-2023/CVE-2023-416xx/CVE-2023-41623.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41623",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T09:15:07.520",
"lastModified": "2023-12-12T09:15:07.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41623",
"source": "cve@mitre.org"
}
]
}

17
CVE-2023/CVE-2023-418xx/CVE-2023-41835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41835",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-05T09:15:07.093",
"lastModified": "2023-12-11T15:28:53.037",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T09:15:07.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -55,7 +55,7 @@
"description": [
{
"lang": "en",
"value": "CWE-913"
"value": "CWE-459"
}
]
}
@ -87,13 +87,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/09/1",
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft",
"source": "security@apache.org",
@ -101,6 +94,10 @@
"Mailing List",
"Release Notes"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/09/1",
"source": "security@apache.org"
}
]
}

24
CVE-2023/CVE-2023-419xx/CVE-2023-41963.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41963",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.253",
"lastModified": "2023-12-12T10:15:10.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
}
]
}

55
CVE-2023/CVE-2023-453xx/CVE-2023-45316.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45316",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:07.740",
"lastModified": "2023-12-12T09:15:07.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a\u00a0CSRF attack.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-458xx/CVE-2023-45847.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45847",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:07.983",
"lastModified": "2023-12-12T09:15:07.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-467xx/CVE-2023-46701.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46701",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:08.180",
"lastModified": "2023-12-12T09:15:08.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48677.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48677",
"sourceIdentifier": "security@acronis.com",
"published": "2023-12-12T09:15:08.383",
"lastModified": "2023-12-12T09:15:08.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5620",
"source": "security@acronis.com"
}
]
}

24
CVE-2023/CVE-2023-491xx/CVE-2023-49140.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49140",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.320",
"lastModified": "2023-12-12T10:15:10.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-491xx/CVE-2023-49143.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49143",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.373",
"lastModified": "2023-12-12T10:15:10.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
}
]
}

20
CVE-2023/CVE-2023-495xx/CVE-2023-49563.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T09:15:08.600",
"lastModified": "2023-12-12T09:15:08.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ph4nt0mbyt3/b237bfb06b2bff405ab47e4ea52c0bd2",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-495xx/CVE-2023-49583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49583",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-12T09:15:08.643",
"vulnStatus": "Received",
"descriptions": [
{
@ -41,12 +41,16 @@
"description": [
{
"lang": "en",
"value": "CWE-639"
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"

55
CVE-2023/CVE-2023-496xx/CVE-2023-49607.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49607",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:08.757",
"lastModified": "2023-12-12T09:15:08.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate the type of the \"reminder\" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

24
CVE-2023/CVE-2023-496xx/CVE-2023-49695.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49695",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T09:15:08.950",
"lastModified": "2023-12-12T09:15:08.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97499577/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.elecom.co.jp/news/security/20231212-01/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-497xx/CVE-2023-49713.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49713",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-12T10:15:10.433",
"lastModified": "2023-12-12T10:15:10.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34145838/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/",
"source": "vultures@jpcert.or.jp"
}
]
}

10
CVE-2023/CVE-2023-497xx/CVE-2023-49735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49735",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-30T22:15:09.123",
"lastModified": "2023-12-11T17:34:30.350",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T09:15:09.003",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -50,12 +50,12 @@
]
},
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-22"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49809.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49809",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.110",
"lastModified": "2023-12-12T09:15:09.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49874.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49874",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.310",
"lastModified": "2023-12-12T09:15:09.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a\u00a0guest to update the tasks of a private playbook run if they know the run ID.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

63
CVE-2023/CVE-2023-49xx/CVE-2023-4932.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4932",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-12-12T10:15:10.483",
"lastModified": "2023-12-12T10:15:10.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions\u00a09.4_M7 and\u00a09.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-4932/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2023/12/CVE-2023-4932/",
"source": "cvd@cert.pl"
},
{
"url": "https://support.sas.com/kb/70/265.html",
"source": "cvd@cert.pl"
}
]
}

63
CVE-2023/CVE-2023-49xx/CVE-2023-4958.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4958",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T10:15:10.853",
"lastModified": "2023-12-12T10:15:10.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5206",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4958",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363",
"source": "secalert@redhat.com"
}
]
}

12
CVE-2023/CVE-2023-504xx/CVE-2023-50422.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50422",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-12T09:15:09.513",
"vulnStatus": "Received",
"descriptions": [
{
@ -41,16 +41,24 @@
"description": [
{
"lang": "en",
"value": "CWE-639"
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"

16
CVE-2023/CVE-2023-504xx/CVE-2023-50423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50423",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.797",
"lastModified": "2023-12-12T02:15:08.797",
"lastModified": "2023-12-12T09:15:09.637",
"vulnStatus": "Received",
"descriptions": [
{
@ -41,12 +41,24 @@
"description": [
{
"lang": "en",
"value": "CWE-639"
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-pysec/",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"

12
CVE-2023/CVE-2023-504xx/CVE-2023-50424.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50424",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T03:15:07.100",
"lastModified": "2023-12-12T03:15:07.100",
"lastModified": "2023-12-12T09:15:09.740",
"vulnStatus": "Received",
"descriptions": [
{
@ -41,16 +41,24 @@
"description": [
{
"lang": "en",
"value": "CWE-639"
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-security-client-go",
"source": "cna@sap.com"
},
{
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3411067",
"source": "cna@sap.com"

6
CVE-2023/CVE-2023-55xx/CVE-2023-5557.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5557",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-13T02:15:11.077",
"lastModified": "2023-12-11T16:15:42.630",
"lastModified": "2023-12-12T10:15:11.207",
"vulnStatus": "Modified",
"descriptions": [
{
@ -148,6 +148,10 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7713",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7730",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5557",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-65xx/CVE-2023-6547.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6547",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-12-12T09:15:09.857",
"lastModified": "2023-12-12T09:15:09.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-12T09:02:09.002881+00:00
2023-12-12T11:00:48.745094+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-12T08:15:07.980000+00:00
2023-12-12T10:15:11.207000+00:00
```
### Last Data Feed Release
@ -29,31 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232805
232823
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `18`
* [CVE-2022-48615](CVE-2022/CVE-2022-486xx/CVE-2022-48615.json) (`2023-12-12T08:15:06.937`)
* [CVE-2022-48616](CVE-2022/CVE-2022-486xx/CVE-2022-48616.json) (`2023-12-12T08:15:07.377`)
* [CVE-2023-41113](CVE-2023/CVE-2023-411xx/CVE-2023-41113.json) (`2023-12-12T07:15:42.150`)
* [CVE-2023-41114](CVE-2023/CVE-2023-411xx/CVE-2023-41114.json) (`2023-12-12T07:15:43.307`)
* [CVE-2023-41115](CVE-2023/CVE-2023-411xx/CVE-2023-41115.json) (`2023-12-12T07:15:43.780`)
* [CVE-2023-41116](CVE-2023/CVE-2023-411xx/CVE-2023-41116.json) (`2023-12-12T07:15:44.267`)
* [CVE-2023-41117](CVE-2023/CVE-2023-411xx/CVE-2023-41117.json) (`2023-12-12T07:15:44.727`)
* [CVE-2023-41118](CVE-2023/CVE-2023-411xx/CVE-2023-41118.json) (`2023-12-12T07:15:45.220`)
* [CVE-2023-41119](CVE-2023/CVE-2023-411xx/CVE-2023-41119.json) (`2023-12-12T07:15:45.387`)
* [CVE-2023-41120](CVE-2023/CVE-2023-411xx/CVE-2023-41120.json) (`2023-12-12T07:15:45.860`)
* [CVE-2023-48641](CVE-2023/CVE-2023-486xx/CVE-2023-48641.json) (`2023-12-12T08:15:07.693`)
* [CVE-2023-48642](CVE-2023/CVE-2023-486xx/CVE-2023-48642.json) (`2023-12-12T08:15:07.980`)
* [CVE-2022-42784](CVE-2022/CVE-2022-427xx/CVE-2022-42784.json) (`2023-12-12T10:15:09.560`)
* [CVE-2023-41623](CVE-2023/CVE-2023-416xx/CVE-2023-41623.json) (`2023-12-12T09:15:07.520`)
* [CVE-2023-45316](CVE-2023/CVE-2023-453xx/CVE-2023-45316.json) (`2023-12-12T09:15:07.740`)
* [CVE-2023-45847](CVE-2023/CVE-2023-458xx/CVE-2023-45847.json) (`2023-12-12T09:15:07.983`)
* [CVE-2023-46701](CVE-2023/CVE-2023-467xx/CVE-2023-46701.json) (`2023-12-12T09:15:08.180`)
* [CVE-2023-48677](CVE-2023/CVE-2023-486xx/CVE-2023-48677.json) (`2023-12-12T09:15:08.383`)
* [CVE-2023-49563](CVE-2023/CVE-2023-495xx/CVE-2023-49563.json) (`2023-12-12T09:15:08.600`)
* [CVE-2023-49607](CVE-2023/CVE-2023-496xx/CVE-2023-49607.json) (`2023-12-12T09:15:08.757`)
* [CVE-2023-49695](CVE-2023/CVE-2023-496xx/CVE-2023-49695.json) (`2023-12-12T09:15:08.950`)
* [CVE-2023-49809](CVE-2023/CVE-2023-498xx/CVE-2023-49809.json) (`2023-12-12T09:15:09.110`)
* [CVE-2023-49874](CVE-2023/CVE-2023-498xx/CVE-2023-49874.json) (`2023-12-12T09:15:09.310`)
* [CVE-2023-6547](CVE-2023/CVE-2023-65xx/CVE-2023-6547.json) (`2023-12-12T09:15:09.857`)
* [CVE-2023-41963](CVE-2023/CVE-2023-419xx/CVE-2023-41963.json) (`2023-12-12T10:15:10.253`)
* [CVE-2023-49140](CVE-2023/CVE-2023-491xx/CVE-2023-49140.json) (`2023-12-12T10:15:10.320`)
* [CVE-2023-49143](CVE-2023/CVE-2023-491xx/CVE-2023-49143.json) (`2023-12-12T10:15:10.373`)
* [CVE-2023-49713](CVE-2023/CVE-2023-497xx/CVE-2023-49713.json) (`2023-12-12T10:15:10.433`)
* [CVE-2023-4932](CVE-2023/CVE-2023-49xx/CVE-2023-4932.json) (`2023-12-12T10:15:10.483`)
* [CVE-2023-4958](CVE-2023/CVE-2023-49xx/CVE-2023-4958.json) (`2023-12-12T10:15:10.853`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `13`
* [CVE-2020-25236](CVE-2020/CVE-2020-252xx/CVE-2020-25236.json) (`2023-12-12T10:15:07.480`)
* [CVE-2022-36361](CVE-2022/CVE-2022-363xx/CVE-2022-36361.json) (`2023-12-12T10:15:08.540`)
* [CVE-2022-36362](CVE-2022/CVE-2022-363xx/CVE-2022-36362.json) (`2023-12-12T10:15:08.887`)
* [CVE-2022-36363](CVE-2022/CVE-2022-363xx/CVE-2022-36363.json) (`2023-12-12T10:15:09.263`)
* [CVE-2023-39075](CVE-2023/CVE-2023-390xx/CVE-2023-39075.json) (`2023-12-12T09:15:07.337`)
* [CVE-2023-41835](CVE-2023/CVE-2023-418xx/CVE-2023-41835.json) (`2023-12-12T09:15:07.590`)
* [CVE-2023-49583](CVE-2023/CVE-2023-495xx/CVE-2023-49583.json) (`2023-12-12T09:15:08.643`)
* [CVE-2023-49735](CVE-2023/CVE-2023-497xx/CVE-2023-49735.json) (`2023-12-12T09:15:09.003`)
* [CVE-2023-50422](CVE-2023/CVE-2023-504xx/CVE-2023-50422.json) (`2023-12-12T09:15:09.513`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-12T09:15:09.637`)
* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-12T09:15:09.740`)
* [CVE-2023-30757](CVE-2023/CVE-2023-307xx/CVE-2023-30757.json) (`2023-12-12T10:15:09.900`)
* [CVE-2023-5557](CVE-2023/CVE-2023-55xx/CVE-2023-5557.json) (`2023-12-12T10:15:11.207`)
## Download and Usage