admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-02T21:00:19.350421+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-02 21:00:23 +00:00
parent be9a0c3b0a
commit 3e0dc91c5d
51 changed files with 2843 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2022/CVE-2022-368xx/CVE-2022-36895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36895",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.503",
"lastModified": "2023-10-25T18:17:12.813",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:36.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36896.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36896",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.557",
"lastModified": "2023-10-25T18:17:12.870",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:32.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36897",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.613",
"lastModified": "2023-10-25T18:17:12.943",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:25.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

9
CVE-2022/CVE-2022-369xx/CVE-2022-36904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36904",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.973",
"lastModified": "2023-10-25T18:17:13.437",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:57:37.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -79,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-369xx/CVE-2022-36915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36915",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.810",
"lastModified": "2023-10-25T18:17:14.073",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:47.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-369xx/CVE-2022-36916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36916",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.053",
"lastModified": "2023-10-25T18:17:14.127",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:52.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-369xx/CVE-2022-36917.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36917",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.297",
"lastModified": "2023-10-25T18:17:14.187",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:51:56.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-369xx/CVE-2022-36918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36918",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.547",
"lastModified": "2023-10-25T18:17:14.247",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:00.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

21
CVE-2022/CVE-2022-369xx/CVE-2022-36919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36919",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.907",
"lastModified": "2023-10-25T18:17:14.307",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:10.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-369xx/CVE-2022-36920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36920",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.320",
"lastModified": "2023-10-25T18:17:14.373",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:17.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-369xx/CVE-2022-36921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36921",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.640",
"lastModified": "2023-10-25T18:17:14.427",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:20.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-369xx/CVE-2022-36922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36922",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.877",
"lastModified": "2023-10-25T18:17:14.483",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:24.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-386xx/CVE-2022-38663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38663",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.257",
"lastModified": "2023-10-25T18:17:14.640",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:29.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-386xx/CVE-2022-38664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38664",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.310",
"lastModified": "2023-10-25T18:17:14.717",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:52:32.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-386xx/CVE-2022-38665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38665",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.363",
"lastModified": "2023-10-25T18:17:14.773",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:53:03.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

31
CVE-2022/CVE-2022-386xx/CVE-2022-38666.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-38666",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.193",
"lastModified": "2023-10-25T18:17:14.833",
"vulnStatus": "Modified",
"lastModified": "2023-11-02T20:53:11.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features."
},
{
"lang": "es",
"value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 y versiones anteriores deshabilita incondicionalmente el certificado SSL/TLS y la validaci\u00f3n del nombre de host para varias funciones."
}
],
"metrics": {
@ -34,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
@ -55,11 +71,18 @@
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-213xx/CVE-2023-21364.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2023-21364",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.883",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:40:26.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ContactsProvider, existe un posible bucle de bloqueo debido al agotamiento de los recursos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local persistente en la aplicaci\u00f3n Tel\u00e9fono con privilegios de ejecuci\u00f3n del Usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21365.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21365",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.927",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:40:11.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Contacts, existe un posible bucle de bloqueo debido al agotamiento de los recursos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local en la aplicaci\u00f3n Tel\u00e9fono con privilegios de ejecuci\u00f3n del Usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-213xx/CVE-2023-21366.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2023-21366",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.973",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:39:50.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Scudo, existe una forma posible para que un atacante prediga patrones de asignaci\u00f3n de mont\u00f3n debido a una implementaci\u00f3n/dise\u00f1o inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21367.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21367",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:52.023",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:39:14.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Scudo, existe una manera posible de explotar ciertos problemas de lectura/escritura del mont\u00f3n OOB debido a una implementaci\u00f3n/dise\u00f1o inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21368.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21368",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:52.070",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:39:30.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Audio, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21369.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21369",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:52.117",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:38:51.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En Usage Access, existe una forma posible de mostrar una pantalla de alternancia de restricci\u00f3n de acceso de uso de Configuraci\u00f3n debido a una omisi\u00f3n de permisos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21370.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21370",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:52.157",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:38:36.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En la API Security Element, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21371.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21371",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:52.203",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:38:18.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Secure Element, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21394.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21394",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.813",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:38:00.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Telecomm, existe una posible omisi\u00f3n de un l\u00edmite de seguridad multiusuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-213xx/CVE-2023-21395.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-21395",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.857",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:37:40.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth existe una posible lectura fuera de los l\u00edmites debido a un use after free. Esto podr\u00eda dar lugar a la divulgaci\u00f3n remota de informaci\u00f3n a trav\u00e9s de Bluetooth sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31016.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31016",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:40.947",
"lastModified": "2023-11-02T19:15:40.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31017.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31017",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.033",
"lastModified": "2023-11-02T19:15:41.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31018.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31018",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.103",
"lastModified": "2023-11-02T19:15:41.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31019.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31019",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.180",
"lastModified": "2023-11-02T19:15:41.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31020.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31020",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.247",
"lastModified": "2023-11-02T19:15:41.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31021.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31021",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.313",
"lastModified": "2023-11-02T19:15:41.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31022.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31022",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.380",
"lastModified": "2023-11-02T19:15:41.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31023.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31023",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.453",
"lastModified": "2023-11-02T19:15:41.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31026.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31026",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.527",
"lastModified": "2023-11-02T19:15:41.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31027.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31027",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-11-02T19:15:41.597",
"lastModified": "2023-11-02T19:15:41.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491",
"source": "psirt@nvidia.com"
}
]
}

78
CVE-2023/CVE-2023-404xx/CVE-2023-40401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40401",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:09.110",
"lastModified": "2023-10-26T00:15:10.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-02T19:43:45.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,85 @@
"value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Ventura 13.6.1. Un atacante puede acceder a las claves de acceso sin autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.1",
"matchCriteriaId": "85B6F336-AA76-4706-AD68-BCDFFB48358B"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/26",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213985",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-56xx/CVE-2023-5633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5633",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-23T22:15:09.430",
"lastModified": "2023-10-24T12:45:02.747",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:48:33.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,14 +58,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5633",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

135
CVE-2023/CVE-2023-57xx/CVE-2023-5724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5724",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-10-25T18:17:44.113",
"lastModified": "2023-10-29T11:15:07.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:17:36.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,152 @@
"value": "Los controladores no siempre son resistentes a las llamadas de \"dibujo\" extremadamente grandes y, en algunos casos, este escenario podr\u00eda haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0",
"matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4",
"matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4.1",
"matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836705",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5535",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5538",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-57xx/CVE-2023-5725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5725",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-10-25T18:17:44.160",
"lastModified": "2023-10-29T11:15:07.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:28:43.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,152 @@
"value": "Una WebExtension maliciosa instalada podr\u00eda abrir URL arbitrarias, que en las circunstancias adecuadas podr\u00edan aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0",
"matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4",
"matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4.1",
"matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1845739",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5535",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5538",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

104
CVE-2023/CVE-2023-57xx/CVE-2023-5726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5726",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-10-25T18:17:44.213",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-02T19:57:30.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,113 @@
"value": "Un sitio web podr\u00eda haber oscurecido la notificaci\u00f3n de pantalla completa utilizando el cuadro de di\u00e1logo de apertura de archivo. Esto podr\u00eda haber generado confusi\u00f3n en los usuarios y posibles ataques de suplantaci\u00f3n de identidad. *Nota: Este problema solo afect\u00f3 a los sistemas operativos macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0",
"matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4",
"matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4.1",
"matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-57xx/CVE-2023-5727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5727",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-10-25T18:17:44.263",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-02T20:09:22.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La advertencia de archivo ejecutable no se present\u00f3 al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de un usuario. *Nota: Este problema solo afect\u00f3 a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0",
"matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4",
"matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4.1",
"matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1847180",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-57xx/CVE-2023-5728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5728",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-10-25T18:17:44.310",
"lastModified": "2023-10-29T11:15:07.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T20:12:56.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,152 @@
"value": "Durante la recolecci\u00f3n de la \"basura\" se realizaron operaciones adicionales en un objeto que no deber\u00eda realizarse. Esto podr\u00eda haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0",
"matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4",
"matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.4.1",
"matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1852729",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5535",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5538",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-57xx/CVE-2023-5746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5746",
"sourceIdentifier": "security@synology.com",
"published": "2023-10-25T18:17:44.770",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-02T19:01:11.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@synology.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@synology.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,83 @@
"value": "CWE-134"
}
]
},
{
"source": "security@synology.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.5-0185",
"matchCriteriaId": "606E80D6-82AA-42EB-AD3F-DFB34847F7E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.5-0185",
"matchCriteriaId": "18086F22-1F7B-4B3D-BF18-DFA3B0DD6783"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_11",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5923.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5923",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T19:15:41.673",
"lastModified": "2023-11-02T19:15:41.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244323",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244323",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5924.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5924",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T19:15:41.747",
"lastModified": "2023-11-02T19:15:41.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%202.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244324",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244324",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5925.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5925",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T20:15:10.103",
"lastModified": "2023-11-02T20:15:10.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%203.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244325",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244325",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5926.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5926",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T20:15:10.183",
"lastModified": "2023-11-02T20:15:10.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%204.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244326",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244326",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5927.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T20:15:10.257",
"lastModified": "2023-11-02T20:15:10.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244327",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244327",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-59xx/CVE-2023-5928.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5928",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-02T20:15:10.337",
"lastModified": "2023-11-02T20:15:10.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%206.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.244328",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.244328",
"source": "cna@vuldb.com"
}
]
}

80
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-02T19:00:19.346614+00:00
2023-11-02T21:00:19.350421+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-02T18:32:10.630000+00:00
2023-11-02T20:57:37.993000+00:00
```
### Last Data Feed Release
@ -29,48 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229639
229655
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `16`
* [CVE-2023-46925](CVE-2023/CVE-2023-469xx/CVE-2023-46925.json) (`2023-11-02T17:15:11.567`)
* [CVE-2023-4217](CVE-2023/CVE-2023-42xx/CVE-2023-4217.json) (`2023-11-02T17:15:11.610`)
* [CVE-2023-5035](CVE-2023/CVE-2023-50xx/CVE-2023-5035.json) (`2023-11-02T17:15:11.677`)
* [CVE-2023-5846](CVE-2023/CVE-2023-58xx/CVE-2023-5846.json) (`2023-11-02T17:15:11.747`)
* [CVE-2023-31016](CVE-2023/CVE-2023-310xx/CVE-2023-31016.json) (`2023-11-02T19:15:40.947`)
* [CVE-2023-31017](CVE-2023/CVE-2023-310xx/CVE-2023-31017.json) (`2023-11-02T19:15:41.033`)
* [CVE-2023-31018](CVE-2023/CVE-2023-310xx/CVE-2023-31018.json) (`2023-11-02T19:15:41.103`)
* [CVE-2023-31019](CVE-2023/CVE-2023-310xx/CVE-2023-31019.json) (`2023-11-02T19:15:41.180`)
* [CVE-2023-31020](CVE-2023/CVE-2023-310xx/CVE-2023-31020.json) (`2023-11-02T19:15:41.247`)
* [CVE-2023-31021](CVE-2023/CVE-2023-310xx/CVE-2023-31021.json) (`2023-11-02T19:15:41.313`)
* [CVE-2023-31022](CVE-2023/CVE-2023-310xx/CVE-2023-31022.json) (`2023-11-02T19:15:41.380`)
* [CVE-2023-31023](CVE-2023/CVE-2023-310xx/CVE-2023-31023.json) (`2023-11-02T19:15:41.453`)
* [CVE-2023-31026](CVE-2023/CVE-2023-310xx/CVE-2023-31026.json) (`2023-11-02T19:15:41.527`)
* [CVE-2023-31027](CVE-2023/CVE-2023-310xx/CVE-2023-31027.json) (`2023-11-02T19:15:41.597`)
* [CVE-2023-5923](CVE-2023/CVE-2023-59xx/CVE-2023-5923.json) (`2023-11-02T19:15:41.673`)
* [CVE-2023-5924](CVE-2023/CVE-2023-59xx/CVE-2023-5924.json) (`2023-11-02T19:15:41.747`)
* [CVE-2023-5925](CVE-2023/CVE-2023-59xx/CVE-2023-5925.json) (`2023-11-02T20:15:10.103`)
* [CVE-2023-5926](CVE-2023/CVE-2023-59xx/CVE-2023-5926.json) (`2023-11-02T20:15:10.183`)
* [CVE-2023-5927](CVE-2023/CVE-2023-59xx/CVE-2023-5927.json) (`2023-11-02T20:15:10.257`)
* [CVE-2023-5928](CVE-2023/CVE-2023-59xx/CVE-2023-5928.json) (`2023-11-02T20:15:10.337`)
### CVEs modified in the last Commit
Recently modified CVEs: `49`
Recently modified CVEs: `34`
* [CVE-2023-42845](CVE-2023/CVE-2023-428xx/CVE-2023-42845.json) (`2023-11-02T18:08:38.750`)
* [CVE-2023-42438](CVE-2023/CVE-2023-424xx/CVE-2023-42438.json) (`2023-11-02T18:10:51.867`)
* [CVE-2023-42846](CVE-2023/CVE-2023-428xx/CVE-2023-42846.json) (`2023-11-02T18:13:54.607`)
* [CVE-2023-42847](CVE-2023/CVE-2023-428xx/CVE-2023-42847.json) (`2023-11-02T18:14:06.320`)
* [CVE-2023-1177](CVE-2023/CVE-2023-11xx/CVE-2023-1177.json) (`2023-11-02T18:15:08.913`)
* [CVE-2023-43800](CVE-2023/CVE-2023-438xx/CVE-2023-43800.json) (`2023-11-02T18:15:09.043`)
* [CVE-2023-43801](CVE-2023/CVE-2023-438xx/CVE-2023-43801.json) (`2023-11-02T18:15:09.133`)
* [CVE-2023-43802](CVE-2023/CVE-2023-438xx/CVE-2023-43802.json) (`2023-11-02T18:15:09.217`)
* [CVE-2023-43803](CVE-2023/CVE-2023-438xx/CVE-2023-43803.json) (`2023-11-02T18:15:09.303`)
* [CVE-2023-5126](CVE-2023/CVE-2023-51xx/CVE-2023-5126.json) (`2023-11-02T18:15:22.590`)
* [CVE-2023-42849](CVE-2023/CVE-2023-428xx/CVE-2023-42849.json) (`2023-11-02T18:16:45.047`)
* [CVE-2023-38469](CVE-2023/CVE-2023-384xx/CVE-2023-38469.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-38470](CVE-2023/CVE-2023-384xx/CVE-2023-38470.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-38471](CVE-2023/CVE-2023-384xx/CVE-2023-38471.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-38472](CVE-2023/CVE-2023-384xx/CVE-2023-38472.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-45338](CVE-2023/CVE-2023-453xx/CVE-2023-45338.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-45345](CVE-2023/CVE-2023-453xx/CVE-2023-45345.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-45346](CVE-2023/CVE-2023-453xx/CVE-2023-45346.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-45347](CVE-2023/CVE-2023-453xx/CVE-2023-45347.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-46725](CVE-2023/CVE-2023-467xx/CVE-2023-46725.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-38473](CVE-2023/CVE-2023-384xx/CVE-2023-38473.json) (`2023-11-02T18:21:28.383`)
* [CVE-2023-42850](CVE-2023/CVE-2023-428xx/CVE-2023-42850.json) (`2023-11-02T18:25:04.260`)
* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2023-11-02T18:25:16.560`)
* [CVE-2023-5740](CVE-2023/CVE-2023-57xx/CVE-2023-5740.json) (`2023-11-02T18:26:46.600`)
* [CVE-2023-5744](CVE-2023/CVE-2023-57xx/CVE-2023-5744.json) (`2023-11-02T18:32:10.630`)
* [CVE-2022-36921](CVE-2022/CVE-2022-369xx/CVE-2022-36921.json) (`2023-11-02T20:52:20.690`)
* [CVE-2022-36922](CVE-2022/CVE-2022-369xx/CVE-2022-36922.json) (`2023-11-02T20:52:24.460`)
* [CVE-2022-38663](CVE-2022/CVE-2022-386xx/CVE-2022-38663.json) (`2023-11-02T20:52:29.600`)
* [CVE-2022-38664](CVE-2022/CVE-2022-386xx/CVE-2022-38664.json) (`2023-11-02T20:52:32.417`)
* [CVE-2022-38665](CVE-2022/CVE-2022-386xx/CVE-2022-38665.json) (`2023-11-02T20:53:03.907`)
* [CVE-2022-38666](CVE-2022/CVE-2022-386xx/CVE-2022-38666.json) (`2023-11-02T20:53:11.360`)
* [CVE-2022-36904](CVE-2022/CVE-2022-369xx/CVE-2022-36904.json) (`2023-11-02T20:57:37.993`)
* [CVE-2023-5746](CVE-2023/CVE-2023-57xx/CVE-2023-5746.json) (`2023-11-02T19:01:11.237`)
* [CVE-2023-40401](CVE-2023/CVE-2023-404xx/CVE-2023-40401.json) (`2023-11-02T19:43:45.520`)
* [CVE-2023-5726](CVE-2023/CVE-2023-57xx/CVE-2023-5726.json) (`2023-11-02T19:57:30.190`)
* [CVE-2023-5727](CVE-2023/CVE-2023-57xx/CVE-2023-5727.json) (`2023-11-02T20:09:22.683`)
* [CVE-2023-5728](CVE-2023/CVE-2023-57xx/CVE-2023-5728.json) (`2023-11-02T20:12:56.233`)
* [CVE-2023-5724](CVE-2023/CVE-2023-57xx/CVE-2023-5724.json) (`2023-11-02T20:17:36.167`)
* [CVE-2023-5725](CVE-2023/CVE-2023-57xx/CVE-2023-5725.json) (`2023-11-02T20:28:43.127`)
* [CVE-2023-21395](CVE-2023/CVE-2023-213xx/CVE-2023-21395.json) (`2023-11-02T20:37:40.020`)
* [CVE-2023-21394](CVE-2023/CVE-2023-213xx/CVE-2023-21394.json) (`2023-11-02T20:38:00.393`)
* [CVE-2023-21371](CVE-2023/CVE-2023-213xx/CVE-2023-21371.json) (`2023-11-02T20:38:18.707`)
* [CVE-2023-21370](CVE-2023/CVE-2023-213xx/CVE-2023-21370.json) (`2023-11-02T20:38:36.647`)
* [CVE-2023-21369](CVE-2023/CVE-2023-213xx/CVE-2023-21369.json) (`2023-11-02T20:38:51.333`)
* [CVE-2023-21367](CVE-2023/CVE-2023-213xx/CVE-2023-21367.json) (`2023-11-02T20:39:14.803`)
* [CVE-2023-21368](CVE-2023/CVE-2023-213xx/CVE-2023-21368.json) (`2023-11-02T20:39:30.460`)
* [CVE-2023-21366](CVE-2023/CVE-2023-213xx/CVE-2023-21366.json) (`2023-11-02T20:39:50.183`)
* [CVE-2023-21365](CVE-2023/CVE-2023-213xx/CVE-2023-21365.json) (`2023-11-02T20:40:11.590`)
* [CVE-2023-21364](CVE-2023/CVE-2023-213xx/CVE-2023-21364.json) (`2023-11-02T20:40:26.690`)
* [CVE-2023-5633](CVE-2023/CVE-2023-56xx/CVE-2023-5633.json) (`2023-11-02T20:48:33.403`)
## Download and Usage