admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-30T03:00:18.686243+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-30 03:00:22 +00:00
parent a8276f2214
commit 387ead511f
18 changed files with 1592 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
CVE-2023/CVE-2023-290xx/CVE-2023-29073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29073",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T03:15:41.303",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:20:48.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un archivo MODEL creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -27,10 +60,168 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

203
CVE-2023/CVE-2023-290xx/CVE-2023-29074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29074",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.260",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:20:40.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un archivo CATPART creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -27,10 +60,168 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

203
CVE-2023/CVE-2023-290xx/CVE-2023-29075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29075",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.340",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:20:10.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -27,10 +60,168 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

205
CVE-2023/CVE-2023-290xx/CVE-2023-29076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29076",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.410",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:19:53.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,204 @@
"value": "Un archivo MODEL, SLDASM, SAT o CATPART creado con fines malintencionados cuando se analiza mediante Autodesk AutoCAD 2024 y 2023 podr\u00eda causar una vulnerabilidad de corrupci\u00f3n de memoria. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "A383FEED-E3E3-405E-B68F-BFD7CCA9E6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "C53280C1-2A72-455E-965C-06613E469420"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "417B7F6E-18F2-4020-84B4-55191714504F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3C1B51F8-FACC-422B-AB62-571C8534279C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5D5A59C7-068D-4F8D-95ED-B7A5F2AA55F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "3524F041-03B7-46A6-AB92-4AA59DD79903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "4036CA65-3E98-43B5-95D4-7AC1E5345664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "A0DE2E5C-0C3B-4E25-B380-ABFBFC34B9D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "982AD391-3D1B-4923-97A5-B2AA41BE2CAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "80BDD7F9-1D15-4D35-9726-C931BCEE5F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "77484E5B-F84E-472E-B151-53FF2667C783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "96B75F1C-FFBB-4B13-8F05-4D7B26F4C58C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "2024.1",
"matchCriteriaId": "D5B21F42-E57A-4501-A2BE-6F99122BCBFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2225348E-5552-492C-A2DB-C5693516019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "5B450512-9CB3-4CAF-B90C-1EE0194CA665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "2A778F8B-9BB9-4B7A-81B1-DCEDCB493408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "049B25B6-08E3-4D3D-8E7B-3724B53063F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "7A8BF172-C18C-40D3-8917-6C33D0144D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "BC4656EC-02E1-41DF-8FEA-668DE950FA79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "67E135A2-2C3E-4550-B239-3013C7FA586A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "AFDAEB3D-CDF1-4E2F-B1D5-6D4140E8A65C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.0.0",
"versionEndExcluding": "2024.1.1",
"matchCriteriaId": "5CB26133-E6B9-4D0C-9A58-F564FFB11EF3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018",
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-291xx/CVE-2023-29165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29165",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:24.107",
"lastModified": "2023-11-14T19:30:27.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:19:41.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Elemento o ruta de b\u00fasqueda sin comillas en algunos controladores Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "823ADDFE-919F-4097-8F7B-C9A35AFBEE51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "7607C5DB-509D-4A20-83AA-391DEF78EDC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-305xx/CVE-2023-30581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30581",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-23T00:15:07.980",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T01:52:32.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El uso de __proto__ en process.mainModule.__proto__.require() puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n de policy.json. Esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de lanzamiento activas: v16, v18 y v20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica era una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndIncluding": "20.6.1",
"matchCriteriaId": "02DFC7B9-207F-456E-8E25-99C175D6BF91"
}
]
}
]
}
],
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com",
"tags": [
"Release Notes"
]
}
]
}

66
CVE-2023/CVE-2023-31xx/CVE-2023-3103.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3103",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-22T12:15:22.160",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T01:52:09.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition."
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, cuya explotaci\u00f3n podr\u00eda permitir a un atacante local realizar un ataque Man-in-the-Middle (MITM) en la transmisi\u00f3n de video de la c\u00e1mara del robot. Adem\u00e1s, si se lleva a cabo un ataque MITM, es posible consumir los recursos del robot, lo que podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DOS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,42 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unitree:a1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "169037C6-0F9E-4050-9D6E-7A03C3DCDF33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unitree:a1:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "28EEE70C-BB9A-4B32-90ED-F4E26EB86AE6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1",
"source": "cve-coordination@incibe.es",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-31xx/CVE-2023-3104.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3104",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-22T12:15:22.400",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T01:50:57.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication."
},
{
"lang": "es",
"value": "Falta de vulnerabilidad de autenticaci\u00f3n. Un usuario local no autenticado puede ver a trav\u00e9s de las c\u00e1maras utilizando el servidor web debido a la falta de cualquier forma de autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,42 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unitree:a1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "169037C6-0F9E-4050-9D6E-7A03C3DCDF33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unitree:a1:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "28EEE70C-BB9A-4B32-90ED-F4E26EB86AE6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1",
"source": "cve-coordination@incibe.es",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35137.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35137",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.460",
"lastModified": "2023-11-30T02:15:42.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35138.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35138",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.737",
"lastModified": "2023-11-30T02:15:42.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the \u201cshow_zysync_server_contents\u201d function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37927.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37927",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:42.940",
"lastModified": "2023-11-30T02:15:42.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37928.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37928",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.137",
"lastModified": "2023-11-30T02:15:43.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

32
CVE-2023/CVE-2023-37xx/CVE-2023-3741.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3741",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-30T01:15:07.187",
"lastModified": "2023-11-30T01:15:07.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-011_en.html",
"source": "psirt-info@cyber.jp.nec.com"
}
]
}

87
CVE-2023/CVE-2023-388xx/CVE-2023-38879.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-38879",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.560",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-30T02:21:45.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'."
},
{
"lang": "es",
"value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una vulnerabilidad de directory traversal en el par\u00e1metro 'nombre de archivo' de 'DownloadWindow.php'."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879",
"source": "cve@mitre.org"
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-388xx/CVE-2023-38880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38880",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T19:15:08.600",
"lastModified": "2023-11-29T23:15:20.310",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-30T02:21:35.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED tiene una vulnerabilidad de control de acceso rota en la funcionalidad de copia de seguridad de la base de datos. Siempre que un administrador genera una copia de seguridad de la base de datos, la copia de seguridad se almacena en la ra\u00edz web mientras el nombre del archivo tiene el formato \"opensisBackup.sq|\" (p. ej., \"opensisBackup07-20-2023.sql\"), es decir, se puede adivinar f\u00e1cilmente. Cualquier actor no autenticado puede acceder a este archivo y contiene un volcado de toda la base de datos, incluidos los hashes de contrase\u00f1as."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880",
"source": "cve@mitre.org"
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*",
"matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OS4ED/openSIS-Classic",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.os4ed.com/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-44xx/CVE-2023-4473.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4473",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.347",
"lastModified": "2023-11-30T02:15:43.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-44xx/CVE-2023-4474.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4474",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.553",
"lastModified": "2023-11-30T02:15:43.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-30T00:55:17.816434+00:00
2023-11-30T03:00:18.686243+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-29T23:15:20.750000+00:00
2023-11-30T02:21:45.183000+00:00
```
### Last Data Feed Release
@ -23,29 +23,42 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-11-29T01:00:13.561418+00:00
2023-11-30T01:00:13.561769+00:00
```
### Total Number of included CVEs
```plain
231716
231723
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `7`
* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-11-29T23:15:20.367`)
* [CVE-2023-49693](CVE-2023/CVE-2023-496xx/CVE-2023-49693.json) (`2023-11-29T23:15:20.567`)
* [CVE-2023-49694](CVE-2023/CVE-2023-496xx/CVE-2023-49694.json) (`2023-11-29T23:15:20.750`)
* [CVE-2023-3741](CVE-2023/CVE-2023-37xx/CVE-2023-3741.json) (`2023-11-30T01:15:07.187`)
* [CVE-2023-35137](CVE-2023/CVE-2023-351xx/CVE-2023-35137.json) (`2023-11-30T02:15:42.460`)
* [CVE-2023-35138](CVE-2023/CVE-2023-351xx/CVE-2023-35138.json) (`2023-11-30T02:15:42.737`)
* [CVE-2023-37927](CVE-2023/CVE-2023-379xx/CVE-2023-37927.json) (`2023-11-30T02:15:42.940`)
* [CVE-2023-37928](CVE-2023/CVE-2023-379xx/CVE-2023-37928.json) (`2023-11-30T02:15:43.137`)
* [CVE-2023-4473](CVE-2023/CVE-2023-44xx/CVE-2023-4473.json) (`2023-11-30T02:15:43.347`)
* [CVE-2023-4474](CVE-2023/CVE-2023-44xx/CVE-2023-4474.json) (`2023-11-30T02:15:43.553`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `10`
* [CVE-2023-38880](CVE-2023/CVE-2023-388xx/CVE-2023-38880.json) (`2023-11-29T23:15:20.310`)
* [CVE-2023-3104](CVE-2023/CVE-2023-31xx/CVE-2023-3104.json) (`2023-11-30T01:50:57.007`)
* [CVE-2023-3103](CVE-2023/CVE-2023-31xx/CVE-2023-3103.json) (`2023-11-30T01:52:09.553`)
* [CVE-2023-30581](CVE-2023/CVE-2023-305xx/CVE-2023-30581.json) (`2023-11-30T01:52:32.100`)
* [CVE-2023-29165](CVE-2023/CVE-2023-291xx/CVE-2023-29165.json) (`2023-11-30T02:19:41.003`)
* [CVE-2023-29076](CVE-2023/CVE-2023-290xx/CVE-2023-29076.json) (`2023-11-30T02:19:53.027`)
* [CVE-2023-29075](CVE-2023/CVE-2023-290xx/CVE-2023-29075.json) (`2023-11-30T02:20:10.977`)
* [CVE-2023-29074](CVE-2023/CVE-2023-290xx/CVE-2023-29074.json) (`2023-11-30T02:20:40.343`)
* [CVE-2023-29073](CVE-2023/CVE-2023-290xx/CVE-2023-29073.json) (`2023-11-30T02:20:48.793`)
* [CVE-2023-38880](CVE-2023/CVE-2023-388xx/CVE-2023-38880.json) (`2023-11-30T02:21:35.757`)
* [CVE-2023-38879](CVE-2023/CVE-2023-388xx/CVE-2023-38879.json) (`2023-11-30T02:21:45.183`)
## Download and Usage