admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T00:55:17.122633+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 00:55:20 +00:00
parent 308d9c270e
commit 3c8db8bc2b
16 changed files with 791 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-35xx/CVE-2023-3517.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3517",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-12T23:15:07.003",
"lastModified": "2023-12-12T23:15:07.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nHitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including \n8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/19668665099533",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

6
CVE-2023/CVE-2023-429xx/CVE-2023-42916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42916",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.223",
"lastModified": "2023-12-12T02:15:06.800",
"lastModified": "2023-12-13T00:15:07.083",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
@ -92,6 +92,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/3",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-429xx/CVE-2023-42917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42917",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.280",
"lastModified": "2023-12-12T02:15:06.913",
"lastModified": "2023-12-13T00:15:07.180",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
@ -92,6 +92,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/3",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-468xx/CVE-2023-46818.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46818",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T04:15:10.907",
"lastModified": "2023-12-08T17:15:07.433",
"lastModified": "2023-12-13T00:15:07.247",
"vulnStatus": "Modified",
"descriptions": [
{
@ -78,6 +78,10 @@
"url": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/2",
"source": "cve@mitre.org"
},
{
"url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/",
"source": "cve@mitre.org",

67
CVE-2023/CVE-2023-483xx/CVE-2023-48397.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48397",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:16.560",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:39:39.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En Init de protocolcalladapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n con privilegios de ejecuci\u00f3n de Syistem necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48401.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48401",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:16.720",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:24:39.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En GetSizeOfEenlRecords de protocoladapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48402.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48402",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:16.933",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:21:11.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En ppcfw_enable de ppcfw.c, existe un posible EoP debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48408.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48408",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:17.953",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:28:59.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En ProtocolNetSimFileInfoAdapter() de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48409.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48409",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.000",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:46:43.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En gpu_pixel_handle_buffer_liveness_update_ioctl de private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48410.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48410",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.050",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:48:00.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En cd_ParseMsg de cd_codec.c, hay una posible lectura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48411.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48411",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.097",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:53:08.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En SignalStrengthAdapter::FillGsmSignalStrength() de protocolmiscadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48412.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48412",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.150",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:56:00.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En private_handle_t de mali_gralloc_buffer.h, existe una posible fuga de informaci\u00f3n debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-484xx/CVE-2023-48413.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48413",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-12-08T16:15:18.200",
"lastModified": "2023-12-08T16:37:40.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T23:58:05.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En Init de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-12-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-502xx/CVE-2023-50263.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-50263",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T23:15:07.270",
"lastModified": "2023-12-12T23:15:07.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nautobot/nautobot/pull/4959",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nautobot/nautobot/pull/4964",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6753.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6753",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-13T00:15:07.330",
"lastModified": "2023-12-13T00:15:07.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4",
"source": "security@huntr.dev"
}
]
}

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-12T23:00:18.803294+00:00
2023-12-13T00:55:17.122633+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-12T22:36:13.917000+00:00
2023-12-13T00:15:07.330000+00:00
```
### Last Data Feed Release
@ -29,50 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232923
232926
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `3`
* [CVE-2023-48225](CVE-2023/CVE-2023-482xx/CVE-2023-48225.json) (`2023-12-12T21:15:08.237`)
* [CVE-2023-50251](CVE-2023/CVE-2023-502xx/CVE-2023-50251.json) (`2023-12-12T21:15:08.453`)
* [CVE-2023-50252](CVE-2023/CVE-2023-502xx/CVE-2023-50252.json) (`2023-12-12T21:15:08.670`)
* [CVE-2023-5379](CVE-2023/CVE-2023-53xx/CVE-2023-5379.json) (`2023-12-12T22:15:22.410`)
* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-12T22:15:22.747`)
* [CVE-2023-6710](CVE-2023/CVE-2023-67xx/CVE-2023-6710.json) (`2023-12-12T22:15:22.950`)
* [CVE-2023-3517](CVE-2023/CVE-2023-35xx/CVE-2023-3517.json) (`2023-12-12T23:15:07.003`)
* [CVE-2023-50263](CVE-2023/CVE-2023-502xx/CVE-2023-50263.json) (`2023-12-12T23:15:07.270`)
* [CVE-2023-6753](CVE-2023/CVE-2023-67xx/CVE-2023-6753.json) (`2023-12-13T00:15:07.330`)
### CVEs modified in the last Commit
Recently modified CVEs: `45`
Recently modified CVEs: `12`
* [CVE-2023-46496](CVE-2023/CVE-2023-464xx/CVE-2023-46496.json) (`2023-12-12T22:18:54.150`)
* [CVE-2023-46497](CVE-2023/CVE-2023-464xx/CVE-2023-46497.json) (`2023-12-12T22:21:32.197`)
* [CVE-2023-46498](CVE-2023/CVE-2023-464xx/CVE-2023-46498.json) (`2023-12-12T22:22:27.287`)
* [CVE-2023-46499](CVE-2023/CVE-2023-464xx/CVE-2023-46499.json) (`2023-12-12T22:22:42.330`)
* [CVE-2023-6560](CVE-2023/CVE-2023-65xx/CVE-2023-6560.json) (`2023-12-12T22:22:57.643`)
* [CVE-2023-49797](CVE-2023/CVE-2023-497xx/CVE-2023-49797.json) (`2023-12-12T22:23:20.533`)
* [CVE-2023-5058](CVE-2023/CVE-2023-50xx/CVE-2023-5058.json) (`2023-12-12T22:23:57.073`)
* [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-12T22:24:14.313`)
* [CVE-2023-26158](CVE-2023/CVE-2023-261xx/CVE-2023-26158.json) (`2023-12-12T22:26:30.457`)
* [CVE-2023-6612](CVE-2023/CVE-2023-66xx/CVE-2023-6612.json) (`2023-12-12T22:26:54.027`)
* [CVE-2023-6622](CVE-2023/CVE-2023-66xx/CVE-2023-6622.json) (`2023-12-12T22:27:05.137`)
* [CVE-2023-42894](CVE-2023/CVE-2023-428xx/CVE-2023-42894.json) (`2023-12-12T22:28:03.870`)
* [CVE-2023-28873](CVE-2023/CVE-2023-288xx/CVE-2023-28873.json) (`2023-12-12T22:29:55.940`)
* [CVE-2023-28874](CVE-2023/CVE-2023-288xx/CVE-2023-28874.json) (`2023-12-12T22:30:05.117`)
* [CVE-2023-46932](CVE-2023/CVE-2023-469xx/CVE-2023-46932.json) (`2023-12-12T22:32:26.197`)
* [CVE-2023-5756](CVE-2023/CVE-2023-57xx/CVE-2023-5756.json) (`2023-12-12T22:33:17.393`)
* [CVE-2023-6120](CVE-2023/CVE-2023-61xx/CVE-2023-6120.json) (`2023-12-12T22:33:35.077`)
* [CVE-2023-47254](CVE-2023/CVE-2023-472xx/CVE-2023-47254.json) (`2023-12-12T22:33:48.820`)
* [CVE-2023-50431](CVE-2023/CVE-2023-504xx/CVE-2023-50431.json) (`2023-12-12T22:34:10.203`)
* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-12T22:35:02.730`)
* [CVE-2023-47465](CVE-2023/CVE-2023-474xx/CVE-2023-47465.json) (`2023-12-12T22:35:12.383`)
* [CVE-2023-28868](CVE-2023/CVE-2023-288xx/CVE-2023-28868.json) (`2023-12-12T22:35:26.717`)
* [CVE-2023-28869](CVE-2023/CVE-2023-288xx/CVE-2023-28869.json) (`2023-12-12T22:35:41.287`)
* [CVE-2023-28870](CVE-2023/CVE-2023-288xx/CVE-2023-28870.json) (`2023-12-12T22:35:57.683`)
* [CVE-2023-28871](CVE-2023/CVE-2023-288xx/CVE-2023-28871.json) (`2023-12-12T22:36:13.917`)
* [CVE-2023-48402](CVE-2023/CVE-2023-484xx/CVE-2023-48402.json) (`2023-12-12T23:21:11.557`)
* [CVE-2023-48401](CVE-2023/CVE-2023-484xx/CVE-2023-48401.json) (`2023-12-12T23:24:39.517`)
* [CVE-2023-48408](CVE-2023/CVE-2023-484xx/CVE-2023-48408.json) (`2023-12-12T23:28:59.970`)
* [CVE-2023-48397](CVE-2023/CVE-2023-483xx/CVE-2023-48397.json) (`2023-12-12T23:39:39.640`)
* [CVE-2023-48409](CVE-2023/CVE-2023-484xx/CVE-2023-48409.json) (`2023-12-12T23:46:43.867`)
* [CVE-2023-48410](CVE-2023/CVE-2023-484xx/CVE-2023-48410.json) (`2023-12-12T23:48:00.343`)
* [CVE-2023-48411](CVE-2023/CVE-2023-484xx/CVE-2023-48411.json) (`2023-12-12T23:53:08.647`)
* [CVE-2023-48412](CVE-2023/CVE-2023-484xx/CVE-2023-48412.json) (`2023-12-12T23:56:00.697`)
* [CVE-2023-48413](CVE-2023/CVE-2023-484xx/CVE-2023-48413.json) (`2023-12-12T23:58:05.553`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-13T00:15:07.083`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-13T00:15:07.180`)
* [CVE-2023-46818](CVE-2023/CVE-2023-468xx/CVE-2023-46818.json) (`2023-12-13T00:15:07.247`)
## Download and Usage