admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-04T11:04:15.941324+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-04 11:04:19 +00:00
parent 4261dd3e15
commit 355256b90a
9 changed files with 444 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-442xx/CVE-2023-44291.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44291",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:35.623",
"lastModified": "2023-12-04T09:15:35.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 contains an OS command injection vulnerability in PPOE component. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44300.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44300",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:35.993",
"lastModified": "2023-12-04T09:15:35.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44301.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44301",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.213",
"lastModified": "2023-12-04T09:15:36.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44302",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.417",
"lastModified": "2023-12-04T09:15:36.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44304.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44304",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.633",
"lastModified": "2023-12-04T09:15:36.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 contains a privilege escalation vulnerability in PPOE Component. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44305.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44305",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.833",
"lastModified": "2023-12-04T09:15:36.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in PPOE. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input dat\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44306.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44306",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:37.043",
"lastModified": "2023-12-04T09:15:37.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 contains a path traversal vulnerability in PPOE Component. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite the files stored on the server filesystem.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

47
CVE-2023/CVE-2023-64xx/CVE-2023-6481.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-6481",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-12-04T09:15:37.250",
"lastModified": "2023-12-04T09:15:37.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,\u00a01.3.13 and\u00a01.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.3.12",
"source": "vulnerability@ncsc.ch"
},
{
"url": "https://logback.qos.ch/news.html#1.3.14",
"source": "vulnerability@ncsc.ch"
}
]
}

17
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-12-04T09:01:01.073781+00:00 2023-12-04T11:04:15.941324+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-12-04T07:15:07.120000+00:00 2023-12-04T09:15:37.250000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,14 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
232121 232129
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `1` Recently added CVEs: `8`
* [CVE-2023-5332](CVE-2023/CVE-2023-53xx/CVE-2023-5332.json) (`2023-12-04T07:15:07.120`) * [CVE-2023-44291](CVE-2023/CVE-2023-442xx/CVE-2023-44291.json) (`2023-12-04T09:15:35.623`)
* [CVE-2023-44300](CVE-2023/CVE-2023-443xx/CVE-2023-44300.json) (`2023-12-04T09:15:35.993`)
* [CVE-2023-44301](CVE-2023/CVE-2023-443xx/CVE-2023-44301.json) (`2023-12-04T09:15:36.213`)
* [CVE-2023-44302](CVE-2023/CVE-2023-443xx/CVE-2023-44302.json) (`2023-12-04T09:15:36.417`)
* [CVE-2023-44304](CVE-2023/CVE-2023-443xx/CVE-2023-44304.json) (`2023-12-04T09:15:36.633`)
* [CVE-2023-44305](CVE-2023/CVE-2023-443xx/CVE-2023-44305.json) (`2023-12-04T09:15:36.833`)
* [CVE-2023-44306](CVE-2023/CVE-2023-443xx/CVE-2023-44306.json) (`2023-12-04T09:15:37.043`)
* [CVE-2023-6481](CVE-2023/CVE-2023-64xx/CVE-2023-6481.json) (`2023-12-04T09:15:37.250`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit