admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-14T15:00:26.600999+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-14 15:00:31 +00:00
parent c95e7ad265
commit 3d0aae5dc9
92 changed files with 6832 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

287
CVE-2015/CVE-2015-31xx/CVE-2015-3183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-3183",
"sourceIdentifier": "secalert@redhat.com",
"published": "2015-07-20T23:59:02.877",
"lastModified": "2023-11-07T02:25:30.970",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:06:55.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -67,8 +67,16 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.13",
"matchCriteriaId": "C6A2E38C-9D0B-4973-A314-E5928B41D702"
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.31",
"matchCriteriaId": "FADCA439-D2D8-4329-AD6E-BDA215BF6EB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.16",
"matchCriteriaId": "42D9DB2C-AA6E-4633-AB01-7E551E36E912"
}
]
}
@ -85,211 +93,378 @@
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.debian.org/security/2015/dsa-3325",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/75963",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/91787",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1032967",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2686-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2659",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2660",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://puppet.com/security/cve/CVE-2015-3183",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/201610-02",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/HT205219",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://support.apple.com/kb/HT205031",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

42
CVE-2015/CVE-2015-89xx/CVE-2015-8963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-8963",
"sourceIdentifier": "security@android.com",
"published": "2016-11-16T05:59:02.890",
"lastModified": "2016-11-28T19:50:54.427",
"vulnStatus": "Modified",
"lastModified": "2023-12-14T14:06:01.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -89,8 +89,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.6",
"matchCriteriaId": "2B389602-4271-4CF2-BA64-4B0DAD8AB4A9"
"versionEndExcluding": "3.2.85",
"matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.16.40",
"matchCriteriaId": "6C5B0F97-B38C-412B-93E9-148AC6F6B58E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.54",
"matchCriteriaId": "56806170-9BCD-4160-A14A-558EFAB98EC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.4",
"matchCriteriaId": "2E5A3570-BCD5-4B21-89DF-F509EBA1A032"
}
]
}
@ -103,6 +124,7 @@
"source": "security@android.com",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
]
},
@ -115,7 +137,11 @@
},
{
"url": "http://www.securityfocus.com/bid/94207",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/torvalds/linux/commit/12ca6ad2e3a896256f086497a7c7406a547ee373",

4
CVE-2022/CVE-2022-438xx/CVE-2022-43843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43843",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-14T01:15:07.453",
"lastModified": "2023-12-14T01:15:07.453",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-07xx/CVE-2023-0757.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0757",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:42.083",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-051/",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2023/CVE-2023-19xx/CVE-2023-1904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1904",
"sourceIdentifier": "security@octopus.com",
"published": "2023-12-14T08:15:36.550",
"lastModified": "2023-12-14T08:15:36.550",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-217xx/CVE-2023-21751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21751",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-14T00:15:42.863",
"lastModified": "2023-12-14T00:15:42.863",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25642",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T08:15:37.717",
"lastModified": "2023-12-14T08:15:37.717",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25643",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T08:15:38.357",
"lastModified": "2023-12-14T08:15:38.357",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25644",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T08:15:38.997",
"lastModified": "2023-12-14T08:15:38.997",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25648",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:07.180",
"lastModified": "2023-12-14T07:15:07.180",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25650",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:07.783",
"lastModified": "2023-12-14T07:15:07.783",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-256xx/CVE-2023-25651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25651",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:08.270",
"lastModified": "2023-12-14T07:15:08.270",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-315xx/CVE-2023-31546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31546",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T01:15:07.850",
"lastModified": "2023-12-14T01:15:07.850",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

3577
CVE-2023/CVE-2023-324xx/CVE-2023-32460.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2023/CVE-2023-406xx/CVE-2023-40627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40627",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.397",
"lastModified": "2023-12-14T09:15:41.397",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40628",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.480",
"lastModified": "2023-12-14T09:15:41.480",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40629",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.550",
"lastModified": "2023-12-14T09:15:41.550",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40630",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.630",
"lastModified": "2023-12-14T09:15:41.630",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40655",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.707",
"lastModified": "2023-12-14T09:15:41.707",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40656",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.780",
"lastModified": "2023-12-14T09:15:41.780",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40657",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.850",
"lastModified": "2023-12-14T09:15:41.850",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40658",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.920",
"lastModified": "2023-12-14T09:15:41.920",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-406xx/CVE-2023-40659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40659",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.993",
"lastModified": "2023-12-14T09:15:41.993",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-409xx/CVE-2023-40921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40921",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T00:15:43.443",
"lastModified": "2023-12-14T00:15:43.443",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T00:15:43.490",
"lastModified": "2023-12-14T00:15:43.490",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41621",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T23:15:07.217",
"lastModified": "2023-12-13T23:15:07.217",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-417xx/CVE-2023-41719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41719",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-14T02:15:12.460",
"lastModified": "2023-12-14T02:15:12.460",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-417xx/CVE-2023-41720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41720",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-14T02:15:12.670",
"lastModified": "2023-12-14T02:15:12.670",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

270
CVE-2023/CVE-2023-428xx/CVE-2023-42899.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42899",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.733",
"lastModified": "2023-12-13T03:15:47.640",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:07:42.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,63 +14,225 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3, macOS Monterey 12.7.2. El procesamiento de una imagen puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/12",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.7.2",
"matchCriteriaId": "DA448C81-63DE-42EB-ADCC-C3A829C6D956"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.3",
"matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2",
"matchCriteriaId": "BE118A00-4F9E-496A-9408-88E2CD12339F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/12",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-429xx/CVE-2023-42900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42900",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.787",
"lastModified": "2023-12-13T01:15:08.770",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:55:04.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.2. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

270
CVE-2023/CVE-2023-429xx/CVE-2023-42914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42914",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.413",
"lastModified": "2023-12-13T03:15:47.710",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:54:10.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,63 +14,225 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda salir de su zona de pruebas."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com"
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/12",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.7.2",
"matchCriteriaId": "DA448C81-63DE-42EB-ADCC-C3A829C6D956"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.3",
"matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2",
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/12",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214040",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

234
CVE-2023/CVE-2023-429xx/CVE-2023-42919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42919",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.473",
"lastModified": "2023-12-13T03:15:47.923",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:08:16.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,55 +14,197 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 y iPadOS 16.7.3, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.7.2",
"matchCriteriaId": "DA448C81-63DE-42EB-ADCC-C3A829C6D956"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.3",
"matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

210
CVE-2023/CVE-2023-429xx/CVE-2023-42922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42922",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:12.530",
"lastModified": "2023-12-13T01:15:09.910",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-14T14:05:30.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,47 +14,181 @@
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 y iPadOS 16.7.3, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.3",
"matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.7.2",
"matchCriteriaId": "DA448C81-63DE-42EB-ADCC-C3A829C6D956"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.3",
"matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/10",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/11",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214034",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-430xx/CVE-2023-43042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43042",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-14T01:15:07.897",
"lastModified": "2023-12-14T01:15:07.897",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43583",
"sourceIdentifier": "security@zoom.us",
"published": "2023-12-13T23:15:07.270",
"lastModified": "2023-12-13T23:15:07.270",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43585",
"sourceIdentifier": "security@zoom.us",
"published": "2023-12-13T23:15:07.463",
"lastModified": "2023-12-13T23:15:07.463",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43586",
"sourceIdentifier": "security@zoom.us",
"published": "2023-12-13T23:15:07.660",
"lastModified": "2023-12-13T23:15:07.660",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-447xx/CVE-2023-44709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44709",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T06:15:42.743",
"lastModified": "2023-12-14T06:15:42.743",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45166",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-13T23:15:07.850",
"lastModified": "2023-12-13T23:15:07.850",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45170",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-13T23:15:08.017",
"lastModified": "2023-12-13T23:15:08.017",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45174",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-13T23:15:08.180",
"lastModified": "2023-12-13T23:15:08.180",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-451xx/CVE-2023-45182.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45182",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-14T14:15:42.333",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7091942",
"source": "psirt@us.ibm.com"
}
]
}

4
CVE-2023/CVE-2023-451xx/CVE-2023-45184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45184",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-14T02:15:12.960",
"lastModified": "2023-12-14T02:15:12.960",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-451xx/CVE-2023-45185.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45185",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-14T14:15:42.553",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7091942",
"source": "psirt@us.ibm.com"
}
]
}

451
CVE-2023/CVE-2023-458xx/CVE-2023-45866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T06:15:45.690",
"lastModified": "2023-12-13T01:15:11.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:47:57.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,47 +14,422 @@
"value": "Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con funci\u00f3n perif\u00e9rica no autenticada inicie y establezca una conexi\u00f3n cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyecci\u00f3n de mensajes HID cuando no se ha producido ninguna interacci\u00f3n del usuario en la funci\u00f3n central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigaci\u00f3n CVE-2020-0556 ya habr\u00eda solucionado este problema de hosts HID Bluetooth."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "cve@mitre.org"
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "cve@mitre.org"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://bluetooth.com",
"source": "cve@mitre.org"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/",
"source": "cve@mitre.org"
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "cve@mitre.org"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "cve@mitre.org"
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2",
"matchCriteriaId": "ED754E44-EDCF-4B0F-B662-E4C2687B4920"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/7",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/9",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://bluetooth.com",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/",
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/",
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-461xx/CVE-2023-46141.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46141",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:42.767",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-055/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-461xx/CVE-2023-46142.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46142",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:42.983",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-461xx/CVE-2023-46143.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46143",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:43.207",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-057/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-461xx/CVE-2023-46144.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46144",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:43.447",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
}
],
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2023/CVE-2023-463xx/CVE-2023-46348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46348",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T09:15:42.060",
"lastModified": "2023-12-14T09:15:42.060",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46750",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-14T09:15:42.107",
"lastModified": "2023-12-14T09:15:42.107",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-476xx/CVE-2023-47620.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47620",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.197",
"lastModified": "2023-12-13T22:15:43.197",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available."
},
{
"lang": "es",
"value": "Scrypted es una plataforma de automatizaci\u00f3n e integraci\u00f3n de v\u00eddeos dom\u00e9sticos. En las versiones 0.55.0 y anteriores, existe una vulnerabilidad de Cross-Site Scripting Reflejado en el archivo plugin-http.ts a trav\u00e9s de los par\u00e1metros `owner' y `pkg`. Un atacante puede ejecutar c\u00f3digo JavaScript arbitrario. Al momento de la publicaci\u00f3n, no hay parches conocidos disponibles."
}
],
"metrics": {

8
CVE-2023/CVE-2023-476xx/CVE-2023-47623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.417",
"lastModified": "2023-12-13T22:15:43.417",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available."
},
{
"lang": "es",
"value": "Scrypted es una plataforma de automatizaci\u00f3n e integraci\u00f3n de v\u00eddeos dom\u00e9sticos. En las versiones 0.55.0 y anteriores, existe una vulnerabilidad de Cross-Site Scripting Reflejado en la p\u00e1gina de inicio de sesi\u00f3n a trav\u00e9s del par\u00e1metro `redirect_uri`. Al especificar una URL con el esquema javascript (`javascript:`), un atacante puede ejecutar c\u00f3digo JavaScript arbitrario despu\u00e9s de iniciar sesi\u00f3n. Al momento de la publicaci\u00f3n, no hay parches conocidos disponibles."
}
],
"metrics": {

4
CVE-2023/CVE-2023-480xx/CVE-2023-48084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T07:15:08.890",
"lastModified": "2023-12-14T07:15:08.890",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-480xx/CVE-2023-48085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48085",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T07:15:09.033",
"lastModified": "2023-12-14T07:15:09.033",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-486xx/CVE-2023-48631.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48631",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-14T13:15:54.250",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48676.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48676",
"sourceIdentifier": "security@acronis.com",
"published": "2023-12-14T14:15:43.673",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5905",
"source": "security@acronis.com"
}
]
}

90
CVE-2023/CVE-2023-487xx/CVE-2023-48715.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48715",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T19:15:08.860",
"lastModified": "2023-12-12T13:43:48.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:51:04.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,66 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/Enalean/tuleap/commit/ea71ec7ee062aae8d1fa7a7325aaa759205c17d8",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "15.1-8",
"matchCriteriaId": "EBC945C2-F92B-4763-81DE-D233176CA6D3"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-3m7g-7787-wc68",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
"versionEndExcluding": "15.2.99.103",
"matchCriteriaId": "72217C7D-C8D3-4647-8B76-72BD84D3962A"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ea71ec7ee062aae8d1fa7a7325aaa759205c17d8",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=35143",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.2",
"versionEndExcluding": "15.2-4",
"matchCriteriaId": "AE4D1FFC-AD00-4040-BD6A-3F32BBE7B72B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/ea71ec7ee062aae8d1fa7a7325aaa759205c17d8",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-3m7g-7787-wc68",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ea71ec7ee062aae8d1fa7a7325aaa759205c17d8",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=35143",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-489xx/CVE-2023-48925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48925",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T09:15:42.193",
"lastModified": "2023-12-14T09:15:42.193",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

83
CVE-2023/CVE-2023-493xx/CVE-2023-49355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T07:15:07.003",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:47:05.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "decToString en decNumber/decNumber.c en jq 88f01a7 tiene una escritura fuera de los l\u00edmites de un byte a trav\u00e9s de la entrada \"[]-1.2e-1111111111\"."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/jqlang/jq/blob/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa/src/decNumber/decNumber.c#L3764",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
{
"url": "https://github.com/jqlang/jq/tree/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa",
"source": "cve@mitre.org"
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jqlang:jq:1.7-37-g88f01a7:*:*:*:*:*:*:*",
"matchCriteriaId": "13A0413C-DFC6-4B0A-95E2-466AB209E6D8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jqlang/jq/blob/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa/src/decNumber/decNumber.c#L3764",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/jqlang/jq/tree/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-496xx/CVE-2023-49646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49646",
"sourceIdentifier": "security@zoom.us",
"published": "2023-12-13T23:15:08.357",
"lastModified": "2023-12-13T23:15:08.357",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49707",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:42.240",
"lastModified": "2023-12-14T09:15:42.240",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49708",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:42.310",
"lastModified": "2023-12-14T09:15:42.310",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-498xx/CVE-2023-49836.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49836",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:43.903",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookie-bar/wordpress-cookie-bar-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49846.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.113",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/author-avatars/wordpress-author-avatars-list-block-plugin-2-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49847.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.320",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/anual-archive/wordpress-annual-archive-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-499xx/CVE-2023-49933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49933",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:08.810",
"lastModified": "2023-12-14T05:15:08.810",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.023",
"lastModified": "2023-12-14T05:15:10.023",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49935",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.490",
"lastModified": "2023-12-14T05:15:10.490",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49936",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.980",
"lastModified": "2023-12-14T05:15:10.980",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49937",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:11.493",
"lastModified": "2023-12-14T05:15:11.493",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49938",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:11.890",
"lastModified": "2023-12-14T05:15:11.890",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-499xx/CVE-2023-49964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-11T08:15:06.603",
"lastModified": "2023-12-11T12:20:45.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:36:17.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 un problema en Hyland Alfresco Community Edition hasta 7.2.0. Al insertar contenido malicioso en el archivo folder.get.html.ftl, un atacante puede realizar ataques SSTI (inyecci\u00f3n de plantilla del lado del servidor), que pueden aprovechar los objetos expuestos de FreeMarker para evitar las restricciones y lograr RCE (ejecuci\u00f3n remota de c\u00f3digo). NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2020-12873."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/mbadanoiu/CVE-2023-49964",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://www.alfresco.com/products/community/download",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*",
"versionEndIncluding": "7.2.0",
"matchCriteriaId": "D2B41FBE-7025-4B99-A7BD-746F95F022DA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mbadanoiu/CVE-2023-49964",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.alfresco.com/products/community/download",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-503xx/CVE-2023-50368.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50368",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.530",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-shortcodes-and-extra-features-for-phlox-theme-plugin-2-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-503xx/CVE-2023-50369.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50369",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:44.793",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma \u2013 Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma \u2013 Pay in installments or later for WooCommerce: from n/a through 5.1.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/alma-gateway-for-woocommerce/wordpress-alma-plugin-5-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-503xx/CVE-2023-50370.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50370",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T14:15:45.027",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-livemesh-addons-for-wpbakery-page-builder-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-503xx/CVE-2023-50371.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50371",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T13:15:54.790",
"lastModified": "2023-12-14T14:15:45.243",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-page-visit-counter/wordpress-advanced-page-visit-counter-plugin-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

73
CVE-2023/CVE-2023-504xx/CVE-2023-50429.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-50429",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-09T22:15:07.177",
"lastModified": "2023-12-10T11:50:56.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:33:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection."
},
{
"lang": "es",
"value": "Los casiers IzyBat Orange anteriores a 20230803_1 permiten la inyecci\u00f3n SQL en conjunto getEnsemble.php."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-mc3w-rv8p-f9xf",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:izybat:orange_casiers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230803_1",
"matchCriteriaId": "5D80BCAB-E7AD-4841-870D-0E475D563112"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-mc3w-rv8p-f9xf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-507xx/CVE-2023-50709.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50709",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.620",
"lastModified": "2023-12-13T22:15:43.620",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:16.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption.\nThere are currently no workaround for older versions, and the recommendation is to upgrade."
},
{
"lang": "es",
"value": "Cube es una capa sem\u00e1ntica para crear aplicaciones de datos. Antes de la versi\u00f3n 0.34.34, era posible hacer que toda la API de Cube no estuviera disponible enviando una solicitud especialmente manipulada a un endpoint de la API de Cube. El problema se solucion\u00f3 en `v0.34.34` y se recomienda que todos los usuarios que expongan las API de Cube a la Internet p\u00fablica actualicen a la \u00faltima versi\u00f3n para evitar interrupciones en el servicio. Actualmente no existe ninguna workaround para versiones anteriores y la recomendaci\u00f3n es actualizarlas."
}
],
"metrics": {

55
CVE-2023/CVE-2023-55xx/CVE-2023-5592.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5592",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:45.427",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-054/",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2023/CVE-2023-56xx/CVE-2023-5629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5629",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-12-14T05:15:12.463",
"lastModified": "2023-12-14T05:15:12.463",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-56xx/CVE-2023-5630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5630",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-12-14T05:15:13.663",
"lastModified": "2023-12-14T05:15:13.663",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

127
CVE-2023/CVE-2023-61xx/CVE-2023-6185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6185",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.037",
"lastModified": "2023-12-13T03:15:48.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T13:51:13.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@documentfoundation.org",
"type": "Secondary",
@ -38,18 +58,101 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/",
"source": "security@documentfoundation.org"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185",
"source": "security@documentfoundation.org"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.5.0",
"versionEndExcluding": "7.5.9",
"matchCriteriaId": "A3620339-BFEE-459E-937D-7F785CEE9C9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.6.0",
"versionEndExcluding": "7.6.3",
"matchCriteriaId": "65A10E4B-F7DE-4FA8-8ACB-D1A54CCD408E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/",
"source": "security@documentfoundation.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185",
"source": "security@documentfoundation.org",
"tags": [
"Vendor Advisory"
]
}
]
}

127
CVE-2023/CVE-2023-61xx/CVE-2023-6186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6186",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-12-11T12:15:07.713",
"lastModified": "2023-12-13T03:15:48.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T14:41:30.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@documentfoundation.org",
"type": "Secondary",
@ -38,18 +58,101 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/",
"source": "security@documentfoundation.org"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186",
"source": "security@documentfoundation.org"
"lang": "en",
"value": "CWE-281"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.5.0",
"versionEndExcluding": "7.5.9",
"matchCriteriaId": "A3620339-BFEE-459E-937D-7F785CEE9C9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.6.0",
"versionEndExcluding": "7.6.4",
"matchCriteriaId": "5C255150-B48F-4F2A-8E7E-0C9D6CA3504D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/",
"source": "security@documentfoundation.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5574",
"source": "security@documentfoundation.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186",
"source": "security@documentfoundation.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-62xx/CVE-2023-6275.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6275",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-24T15:15:07.783",
"lastModified": "2023-12-12T18:15:23.363",
"lastModified": "2023-12-14T14:15:45.640",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-64xx/CVE-2023-6407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6407",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-12-14T05:15:14.407",
"lastModified": "2023-12-14T05:15:14.407",
"vulnStatus": "Received",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-65xx/CVE-2023-6545.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6545",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:45.753",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-067/",
"source": "info@cert.vde.com"
},
{
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2023-001.pdf",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6569.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6569",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T13:15:55.020",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "External Control of File Name or Path in h2oai/h2o-3"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6570",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T13:15:55.230",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in kubeflow/kubeflow"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/82d6e853-013b-4029-a23f-8b50ec56602a",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6571.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6571",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T13:15:55.423",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/f02781e7-2a53-4c66-aa32-babb16434632",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-65xx/CVE-2023-6572.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6572",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T14:15:46.013",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c",
"source": "security@huntr.dev"
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-14T11:00:18.298653+00:00
2023-12-14T15:00:26.600999+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-14T10:15:08.727000+00:00
2023-12-14T14:55:04.343000+00:00
```
### Last Data Feed Release
@ -29,44 +29,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233119
233141
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `22`
* [CVE-2023-40627](CVE-2023/CVE-2023-406xx/CVE-2023-40627.json) (`2023-12-14T09:15:41.397`)
* [CVE-2023-40628](CVE-2023/CVE-2023-406xx/CVE-2023-40628.json) (`2023-12-14T09:15:41.480`)
* [CVE-2023-40629](CVE-2023/CVE-2023-406xx/CVE-2023-40629.json) (`2023-12-14T09:15:41.550`)
* [CVE-2023-40630](CVE-2023/CVE-2023-406xx/CVE-2023-40630.json) (`2023-12-14T09:15:41.630`)
* [CVE-2023-40655](CVE-2023/CVE-2023-406xx/CVE-2023-40655.json) (`2023-12-14T09:15:41.707`)
* [CVE-2023-40656](CVE-2023/CVE-2023-406xx/CVE-2023-40656.json) (`2023-12-14T09:15:41.780`)
* [CVE-2023-40657](CVE-2023/CVE-2023-406xx/CVE-2023-40657.json) (`2023-12-14T09:15:41.850`)
* [CVE-2023-40658](CVE-2023/CVE-2023-406xx/CVE-2023-40658.json) (`2023-12-14T09:15:41.920`)
* [CVE-2023-40659](CVE-2023/CVE-2023-406xx/CVE-2023-40659.json) (`2023-12-14T09:15:41.993`)
* [CVE-2023-46348](CVE-2023/CVE-2023-463xx/CVE-2023-46348.json) (`2023-12-14T09:15:42.060`)
* [CVE-2023-46750](CVE-2023/CVE-2023-467xx/CVE-2023-46750.json) (`2023-12-14T09:15:42.107`)
* [CVE-2023-48925](CVE-2023/CVE-2023-489xx/CVE-2023-48925.json) (`2023-12-14T09:15:42.193`)
* [CVE-2023-49707](CVE-2023/CVE-2023-497xx/CVE-2023-49707.json) (`2023-12-14T09:15:42.240`)
* [CVE-2023-49708](CVE-2023/CVE-2023-497xx/CVE-2023-49708.json) (`2023-12-14T09:15:42.310`)
* [CVE-2023-48631](CVE-2023/CVE-2023-486xx/CVE-2023-48631.json) (`2023-12-14T13:15:54.250`)
* [CVE-2023-6569](CVE-2023/CVE-2023-65xx/CVE-2023-6569.json) (`2023-12-14T13:15:55.020`)
* [CVE-2023-6570](CVE-2023/CVE-2023-65xx/CVE-2023-6570.json) (`2023-12-14T13:15:55.230`)
* [CVE-2023-6571](CVE-2023/CVE-2023-65xx/CVE-2023-6571.json) (`2023-12-14T13:15:55.423`)
* [CVE-2023-50371](CVE-2023/CVE-2023-503xx/CVE-2023-50371.json) (`2023-12-14T13:15:54.790`)
* [CVE-2023-0757](CVE-2023/CVE-2023-07xx/CVE-2023-0757.json) (`2023-12-14T14:15:42.083`)
* [CVE-2023-45182](CVE-2023/CVE-2023-451xx/CVE-2023-45182.json) (`2023-12-14T14:15:42.333`)
* [CVE-2023-45185](CVE-2023/CVE-2023-451xx/CVE-2023-45185.json) (`2023-12-14T14:15:42.553`)
* [CVE-2023-46141](CVE-2023/CVE-2023-461xx/CVE-2023-46141.json) (`2023-12-14T14:15:42.767`)
* [CVE-2023-46142](CVE-2023/CVE-2023-461xx/CVE-2023-46142.json) (`2023-12-14T14:15:42.983`)
* [CVE-2023-46143](CVE-2023/CVE-2023-461xx/CVE-2023-46143.json) (`2023-12-14T14:15:43.207`)
* [CVE-2023-46144](CVE-2023/CVE-2023-461xx/CVE-2023-46144.json) (`2023-12-14T14:15:43.447`)
* [CVE-2023-48676](CVE-2023/CVE-2023-486xx/CVE-2023-48676.json) (`2023-12-14T14:15:43.673`)
* [CVE-2023-49836](CVE-2023/CVE-2023-498xx/CVE-2023-49836.json) (`2023-12-14T14:15:43.903`)
* [CVE-2023-49846](CVE-2023/CVE-2023-498xx/CVE-2023-49846.json) (`2023-12-14T14:15:44.113`)
* [CVE-2023-49847](CVE-2023/CVE-2023-498xx/CVE-2023-49847.json) (`2023-12-14T14:15:44.320`)
* [CVE-2023-50368](CVE-2023/CVE-2023-503xx/CVE-2023-50368.json) (`2023-12-14T14:15:44.530`)
* [CVE-2023-50369](CVE-2023/CVE-2023-503xx/CVE-2023-50369.json) (`2023-12-14T14:15:44.793`)
* [CVE-2023-50370](CVE-2023/CVE-2023-503xx/CVE-2023-50370.json) (`2023-12-14T14:15:45.027`)
* [CVE-2023-5592](CVE-2023/CVE-2023-55xx/CVE-2023-5592.json) (`2023-12-14T14:15:45.427`)
* [CVE-2023-6545](CVE-2023/CVE-2023-65xx/CVE-2023-6545.json) (`2023-12-14T14:15:45.753`)
* [CVE-2023-6572](CVE-2023/CVE-2023-65xx/CVE-2023-6572.json) (`2023-12-14T14:15:46.013`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `69`
* [CVE-2023-34053](CVE-2023/CVE-2023-340xx/CVE-2023-34053.json) (`2023-12-14T10:15:07.520`)
* [CVE-2023-41164](CVE-2023/CVE-2023-411xx/CVE-2023-41164.json) (`2023-12-14T10:15:07.630`)
* [CVE-2023-41268](CVE-2023/CVE-2023-412xx/CVE-2023-41268.json) (`2023-12-14T10:15:07.723`)
* [CVE-2023-45283](CVE-2023/CVE-2023-452xx/CVE-2023-45283.json) (`2023-12-14T10:15:07.947`)
* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-12-14T10:15:08.053`)
* [CVE-2023-46695](CVE-2023/CVE-2023-466xx/CVE-2023-46695.json) (`2023-12-14T10:15:08.170`)
* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-12-14T10:15:08.277`)
* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-12-14T10:15:08.390`)
* [CVE-2023-50164](CVE-2023/CVE-2023-501xx/CVE-2023-50164.json) (`2023-12-14T10:15:08.530`)
* [CVE-2023-5941](CVE-2023/CVE-2023-59xx/CVE-2023-5941.json) (`2023-12-14T10:15:08.630`)
* [CVE-2023-5978](CVE-2023/CVE-2023-59xx/CVE-2023-5978.json) (`2023-12-14T10:15:08.727`)
* [CVE-2023-43585](CVE-2023/CVE-2023-435xx/CVE-2023-43585.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-43586](CVE-2023/CVE-2023-435xx/CVE-2023-43586.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-45166](CVE-2023/CVE-2023-451xx/CVE-2023-45166.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-45170](CVE-2023/CVE-2023-451xx/CVE-2023-45170.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-45174](CVE-2023/CVE-2023-451xx/CVE-2023-45174.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-49646](CVE-2023/CVE-2023-496xx/CVE-2023-49646.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-21751](CVE-2023/CVE-2023-217xx/CVE-2023-21751.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-40921](CVE-2023/CVE-2023-409xx/CVE-2023-40921.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-31546](CVE-2023/CVE-2023-315xx/CVE-2023-31546.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-43042](CVE-2023/CVE-2023-430xx/CVE-2023-43042.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-41719](CVE-2023/CVE-2023-417xx/CVE-2023-41719.json) (`2023-12-14T13:52:16.903`)
* [CVE-2023-42922](CVE-2023/CVE-2023-429xx/CVE-2023-42922.json) (`2023-12-14T14:05:30.140`)
* [CVE-2023-42899](CVE-2023/CVE-2023-428xx/CVE-2023-42899.json) (`2023-12-14T14:07:42.957`)
* [CVE-2023-42919](CVE-2023/CVE-2023-429xx/CVE-2023-42919.json) (`2023-12-14T14:08:16.317`)
* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-14T14:15:45.640`)
* [CVE-2023-50429](CVE-2023/CVE-2023-504xx/CVE-2023-50429.json) (`2023-12-14T14:33:52.857`)
* [CVE-2023-49964](CVE-2023/CVE-2023-499xx/CVE-2023-49964.json) (`2023-12-14T14:36:17.293`)
* [CVE-2023-6186](CVE-2023/CVE-2023-61xx/CVE-2023-6186.json) (`2023-12-14T14:41:30.390`)
* [CVE-2023-49355](CVE-2023/CVE-2023-493xx/CVE-2023-49355.json) (`2023-12-14T14:47:05.647`)
* [CVE-2023-45866](CVE-2023/CVE-2023-458xx/CVE-2023-45866.json) (`2023-12-14T14:47:57.930`)
* [CVE-2023-32460](CVE-2023/CVE-2023-324xx/CVE-2023-32460.json) (`2023-12-14T14:48:51.007`)
* [CVE-2023-48715](CVE-2023/CVE-2023-487xx/CVE-2023-48715.json) (`2023-12-14T14:51:04.473`)
* [CVE-2023-42914](CVE-2023/CVE-2023-429xx/CVE-2023-42914.json) (`2023-12-14T14:54:10.347`)
* [CVE-2023-42900](CVE-2023/CVE-2023-429xx/CVE-2023-42900.json) (`2023-12-14T14:55:04.343`)
## Download and Usage