From 387ead511fb8f2bfa239d1fcb198685b91076173 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 30 Nov 2023 03:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-11-30T03:00:18.686243+00:00 --- CVE-2023/CVE-2023-290xx/CVE-2023-29073.json | 199 ++++++++++++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29074.json | 199 ++++++++++++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29075.json | 199 ++++++++++++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29076.json | 201 +++++++++++++++++++- CVE-2023/CVE-2023-291xx/CVE-2023-29165.json | 101 +++++++++- CVE-2023/CVE-2023-305xx/CVE-2023-30581.json | 65 ++++++- CVE-2023/CVE-2023-31xx/CVE-2023-3103.json | 62 +++++- CVE-2023/CVE-2023-31xx/CVE-2023-3104.json | 72 ++++++- CVE-2023/CVE-2023-351xx/CVE-2023-35137.json | 55 ++++++ CVE-2023/CVE-2023-351xx/CVE-2023-35138.json | 55 ++++++ CVE-2023/CVE-2023-379xx/CVE-2023-37927.json | 55 ++++++ CVE-2023/CVE-2023-379xx/CVE-2023-37928.json | 55 ++++++ CVE-2023/CVE-2023-37xx/CVE-2023-3741.json | 32 ++++ CVE-2023/CVE-2023-388xx/CVE-2023-38879.json | 77 +++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38880.json | 73 ++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4473.json | 55 ++++++ CVE-2023/CVE-2023-44xx/CVE-2023-4474.json | 55 ++++++ README.md | 33 +++- 18 files changed, 1592 insertions(+), 51 deletions(-) create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35137.json create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35138.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37927.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37928.json create mode 100644 CVE-2023/CVE-2023-37xx/CVE-2023-3741.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4473.json create mode 100644 CVE-2023/CVE-2023-44xx/CVE-2023-4474.json diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29073.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29073.json index 267d0fa56b8..928987f710f 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29073.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29073", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T03:15:41.303", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:20:48.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Un archivo MODEL creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@autodesk.com", "type": "Secondary", @@ -27,10 +60,168 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29074.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29074.json index 0927f115af3..35c60169946 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29074.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29074", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T04:15:07.260", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:20:40.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Un archivo CATPART creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@autodesk.com", "type": "Secondary", @@ -27,10 +60,168 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29075.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29075.json index c2a8696bdce..ebbcb9d7bf7 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29075.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29075.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29075", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T04:15:07.340", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:20:10.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@autodesk.com", "type": "Secondary", @@ -27,10 +60,168 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29076.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29076.json index d3dacdec276..c1da71be998 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29076.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29076", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-11-23T04:15:07.410", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:19:53.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,204 @@ "value": "Un archivo MODEL, SLDASM, SAT o CATPART creado con fines malintencionados cuando se analiza mediante Autodesk AutoCAD 2024 y 2023 podr\u00eda causar una vulnerabilidad de corrupci\u00f3n de memoria. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.0.0", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "2024.1", + "matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.1.4", + "matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2024.0.0", + "versionEndExcluding": "2024.1.1", + "matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018", - "source": "psirt@autodesk.com" + "source": "psirt@autodesk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29165.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29165.json index cd2b9e7bcea..7722010c975 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29165.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29165.json @@ -2,16 +2,40 @@ "id": "CVE-2023-29165", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:24.107", - "lastModified": "2023-11-14T19:30:27.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:19:41.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Elemento o ruta de b\u00fasqueda sin comillas en algunos controladores Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,71 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30581.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30581.json index 84f757453e0..976404c8b64 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30581.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30581", "sourceIdentifier": "support@hackerone.com", "published": "2023-11-23T00:15:07.980", - "lastModified": "2023-11-24T15:24:57.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T01:52:32.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El uso de __proto__ en process.mainModule.__proto__.require() puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n de policy.json. Esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de lanzamiento activas: v16, v18 y v20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica era una caracter\u00edstica experimental de Node.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndIncluding": "20.6.1", + "matchCriteriaId": "02DFC7B9-207F-456E-8E25-99C175D6BF91" + } + ] + } + ] + } + ], "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3103.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3103.json index 540d53a84ed..6222df675cd 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3103.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3103.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3103", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-22T12:15:22.160", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T01:52:09.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, cuya explotaci\u00f3n podr\u00eda permitir a un atacante local realizar un ataque Man-in-the-Middle (MITM) en la transmisi\u00f3n de video de la c\u00e1mara del robot. Adem\u00e1s, si se lleva a cabo un ataque MITM, es posible consumir los recursos del robot, lo que podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DOS)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:unitree:a1_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "169037C6-0F9E-4050-9D6E-7A03C3DCDF33" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unitree:a1:1.16:*:*:*:*:*:*:*", + "matchCriteriaId": "28EEE70C-BB9A-4B32-90ED-F4E26EB86AE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3104.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3104.json index 3357320813b..c3c0066ae72 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3104.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3104.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3104", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-11-22T12:15:22.400", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T01:50:57.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication." + }, + { + "lang": "es", + "value": "Falta de vulnerabilidad de autenticaci\u00f3n. Un usuario local no autenticado puede ver a trav\u00e9s de las c\u00e1maras utilizando el servidor web debido a la falta de cualquier forma de autenticaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:unitree:a1_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "169037C6-0F9E-4050-9D6E-7A03C3DCDF33" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unitree:a1:1.16:*:*:*:*:*:*:*", + "matchCriteriaId": "28EEE70C-BB9A-4B32-90ED-F4E26EB86AE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35137.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35137.json new file mode 100644 index 00000000000..3521c63f9b0 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35137.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35137", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:42.460", + "lastModified": "2023-11-30T02:15:42.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35138.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35138.json new file mode 100644 index 00000000000..b0582a31e0b --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35138.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35138", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:42.737", + "lastModified": "2023-11-30T02:15:42.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability in the \u201cshow_zysync_server_contents\u201d function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37927.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37927.json new file mode 100644 index 00000000000..08d5e7a2229 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37927.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37927", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:42.940", + "lastModified": "2023-11-30T02:15:42.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37928.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37928.json new file mode 100644 index 00000000000..0aee13f2e2e --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37928.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37928", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:43.137", + "lastModified": "2023-11-30T02:15:43.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json new file mode 100644 index 00000000000..777dcb20f45 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-3741", + "sourceIdentifier": "psirt-info@cyber.jp.nec.com", + "published": "2023-11-30T01:15:07.187", + "lastModified": "2023-11-30T01:15:07.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt-info@cyber.jp.nec.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://https://jpn.nec.com/security-info/secinfo/nv23-011_en.html", + "source": "psirt-info@cyber.jp.nec.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38879.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38879.json index 9dd0d9d480a..3e4387836b4 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38879.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38879.json @@ -2,27 +2,92 @@ "id": "CVE-2023-38879", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T19:15:08.560", - "lastModified": "2023-11-20T19:18:51.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-30T02:21:45.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'." + }, + { + "lang": "es", + "value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una vulnerabilidad de directory traversal en el par\u00e1metro 'nombre de archivo' de 'DownloadWindow.php'." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*", + "matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/OS4ED/openSIS-Classic", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.os4ed.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38880.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38880.json index 5a6f2b038d8..072d213e884 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38880.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38880.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38880", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-20T19:15:08.600", - "lastModified": "2023-11-29T23:15:20.310", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-30T02:21:35.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED tiene una vulnerabilidad de control de acceso rota en la funcionalidad de copia de seguridad de la base de datos. Siempre que un administrador genera una copia de seguridad de la base de datos, la copia de seguridad se almacena en la ra\u00edz web mientras el nombre del archivo tiene el formato \"opensisBackup.sq|\" (p. ej., \"opensisBackup07-20-2023.sql\"), es decir, se puede adivinar f\u00e1cilmente. Cualquier actor no autenticado puede acceder a este archivo y contiene un volcado de toda la base de datos, incluidos los hashes de contrase\u00f1as." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*", + "matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OS4ED/openSIS-Classic", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.os4ed.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4473.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4473.json new file mode 100644 index 00000000000..c724ab51ddd --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4473.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4473", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:43.347", + "lastModified": "2023-11-30T02:15:43.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4474.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4474.json new file mode 100644 index 00000000000..0827d23ec56 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4474.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4474", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-11-30T02:15:43.553", + "lastModified": "2023-11-30T02:15:43.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3b4421cd66c..29c64fa18f3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-30T00:55:17.816434+00:00 +2023-11-30T03:00:18.686243+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-29T23:15:20.750000+00:00 +2023-11-30T02:21:45.183000+00:00 ``` ### Last Data Feed Release @@ -23,29 +23,42 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-11-29T01:00:13.561418+00:00 +2023-11-30T01:00:13.561769+00:00 ``` ### Total Number of included CVEs ```plain -231716 +231723 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `7` -* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-11-29T23:15:20.367`) -* [CVE-2023-49693](CVE-2023/CVE-2023-496xx/CVE-2023-49693.json) (`2023-11-29T23:15:20.567`) -* [CVE-2023-49694](CVE-2023/CVE-2023-496xx/CVE-2023-49694.json) (`2023-11-29T23:15:20.750`) +* [CVE-2023-3741](CVE-2023/CVE-2023-37xx/CVE-2023-3741.json) (`2023-11-30T01:15:07.187`) +* [CVE-2023-35137](CVE-2023/CVE-2023-351xx/CVE-2023-35137.json) (`2023-11-30T02:15:42.460`) +* [CVE-2023-35138](CVE-2023/CVE-2023-351xx/CVE-2023-35138.json) (`2023-11-30T02:15:42.737`) +* [CVE-2023-37927](CVE-2023/CVE-2023-379xx/CVE-2023-37927.json) (`2023-11-30T02:15:42.940`) +* [CVE-2023-37928](CVE-2023/CVE-2023-379xx/CVE-2023-37928.json) (`2023-11-30T02:15:43.137`) +* [CVE-2023-4473](CVE-2023/CVE-2023-44xx/CVE-2023-4473.json) (`2023-11-30T02:15:43.347`) +* [CVE-2023-4474](CVE-2023/CVE-2023-44xx/CVE-2023-4474.json) (`2023-11-30T02:15:43.553`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `10` -* [CVE-2023-38880](CVE-2023/CVE-2023-388xx/CVE-2023-38880.json) (`2023-11-29T23:15:20.310`) +* [CVE-2023-3104](CVE-2023/CVE-2023-31xx/CVE-2023-3104.json) (`2023-11-30T01:50:57.007`) +* [CVE-2023-3103](CVE-2023/CVE-2023-31xx/CVE-2023-3103.json) (`2023-11-30T01:52:09.553`) +* [CVE-2023-30581](CVE-2023/CVE-2023-305xx/CVE-2023-30581.json) (`2023-11-30T01:52:32.100`) +* [CVE-2023-29165](CVE-2023/CVE-2023-291xx/CVE-2023-29165.json) (`2023-11-30T02:19:41.003`) +* [CVE-2023-29076](CVE-2023/CVE-2023-290xx/CVE-2023-29076.json) (`2023-11-30T02:19:53.027`) +* [CVE-2023-29075](CVE-2023/CVE-2023-290xx/CVE-2023-29075.json) (`2023-11-30T02:20:10.977`) +* [CVE-2023-29074](CVE-2023/CVE-2023-290xx/CVE-2023-29074.json) (`2023-11-30T02:20:40.343`) +* [CVE-2023-29073](CVE-2023/CVE-2023-290xx/CVE-2023-29073.json) (`2023-11-30T02:20:48.793`) +* [CVE-2023-38880](CVE-2023/CVE-2023-388xx/CVE-2023-38880.json) (`2023-11-30T02:21:35.757`) +* [CVE-2023-38879](CVE-2023/CVE-2023-388xx/CVE-2023-38879.json) (`2023-11-30T02:21:45.183`) ## Download and Usage