admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-04T05:00:19.449376+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-04 05:00:23 +00:00
parent 475b438b69
commit 5006fe390b
23 changed files with 1445 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2022/CVE-2022-45xx/CVE-2022-4573.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4573",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T15:15:39.653",
"lastModified": "2023-10-30T15:28:31.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:24:24.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAn SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada del controlador SMI en ThinkPad X1 Fold Gen 1 podr\u00eda permitir que un atacante con acceso local y privilegios elevados ejecute c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78A313D-B3D2-42C5-B709-611FAB9EAE7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACABAE-B074-4EE6-B969-ECD16CBB4224"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21350.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21350",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.250",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:37.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Media Projection, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21351.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21351",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.303",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:15.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Activity Manager, existe un posible inicio de actividad en segundo plano debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21352.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21352",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.353",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:08.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En NFA, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21353.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21353",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.410",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:00.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En NFA, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21354.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21354",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.460",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:21:47.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Package Manager Service, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21355.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21355",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.510",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:21:12.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En libaudioclient, existe una posible escritura fuera de los l\u00edmites debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21356.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21356",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.557",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:21:06.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo (pr\u00f3ximo/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21357.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21357",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.607",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:20:55.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En NFC, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21358.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21358",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.653",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:20:47.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En UWB Google, existe una forma posible de que una aplicaci\u00f3n maliciosa se haga pasar por la aplicaci\u00f3n del sistema com.android.uwb.resources debido a un uso incorrecto de las criptomonedas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21359.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21359",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.697",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:20:39.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local en el servidor Bluetooth con los privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21360.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21360",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.753",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:20:32.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21361.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21361",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T17:15:51.800",
"lastModified": "2023-10-30T17:20:42.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:20:22.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Bluetooth existe la posibilidad de ejecuci\u00f3n de c\u00f3digo debido a un use after free. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado en el proceso de Bluetooth privilegiado sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21373.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21373",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:08.973",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:52.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Telephony, existe una forma posible para que un usuario invitado cambie la SIM preferida debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-213xx/CVE-2023-21374.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-21374",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.017",
"lastModified": "2023-10-30T18:21:38.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:22:45.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En System UI, existe una posible omisi\u00f3n de protecci\u00f3n de restablecimiento de f\u00e1brica debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-424xx/CVE-2023-42456.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42456",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T16:15:09.980",
"lastModified": "2023-11-02T21:15:09.803",
"lastModified": "2023-11-04T03:15:07.827",
"vulnStatus": "Modified",
"descriptions": [
{
@ -107,6 +107,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/02/1",
"source": "security-advisories@github.com"
},
{
"url": "https://ferrous-systems.com/blog/sudo-rs-audit/",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d",
"source": "security-advisories@github.com",

104
CVE-2023/CVE-2023-433xx/CVE-2023-43322.json
View File

@ -2,19 +2,115 @@
"id": "CVE-2023-43322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-28T01:15:51.657",
"lastModified": "2023-10-29T01:44:12.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:24:38.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/."
},
{
"lang": "es",
"value": "ZPE Systems, Inc Nodegrid OS v5.0.0 a v5.0.17, v5.2.0 a v5.2.19, v5.4.0 a v5.4.16, v5.6.0 a v5.6.13, v5.8.0 a v5.8.10 y v5.10.0 a v5.10.3 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del endpoint /v1/system/toolkit/files/."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.18",
"matchCriteriaId": "2DEBAF10-CDD9-4D8C-8FCF-02D94F8DADD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.20",
"matchCriteriaId": "CC4C1C62-4AB4-4480-9CDE-DDBB214E64F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.0",
"versionEndExcluding": "5.4.17",
"matchCriteriaId": "A9F1A206-128C-4DA5-B52B-0BC4FCB3E703"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.0",
"versionEndExcluding": "5.6.14",
"matchCriteriaId": "32E319BE-0252-4AD5-8704-9953F10FF0B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.0",
"versionEndExcluding": "5.8.11",
"matchCriteriaId": "612A53BC-0736-49AA-8C24-7E903133584D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zpesystems:nodegrid_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.0",
"versionEndExcluding": "5.10.4",
"matchCriteriaId": "A17C5873-0ABD-4433-8CF5-6B786E5427AF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://psirt.zpesystems.com/portal/en/kb/articles/security-advisory-zpe-ng-2023-001-12-10-2023",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-457xx/CVE-2023-45797.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45797",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-10-30T07:15:12.677",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:23:18.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\bA Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code."
"value": "A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en DreamSecurity MagicLine4NX versiones 1.0.0.1 a 1.0.0.26 permite a un atacante ejecutar c\u00f3digo de forma remota."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamsecurity:magicline_4.0:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0.1",
"versionEndIncluding": "1.0.0.26",
"matchCriteriaId": "6C2A0BC8-7E2A-42C9-93E6-EAE37103B0E5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-468xx/CVE-2023-46866.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-46866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T03:15:07.783",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:23:43.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes."
},
{
"lang": "es",
"value": "En International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d en IccProfLib/IccTagLut.cpp en libSampleICC.a intenta acceder a elementos de matriz en \u00edndices fuera de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:color:demoiccmax:2022-06-21:*:*:*:*:*:*:*",
"matchCriteriaId": "10975878-B3F5-48A0-80B1-2AC1EBD0298D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-468xx/CVE-2023-46867.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-46867",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T03:15:07.830",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:23:36.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference."
},
{
"lang": "es",
"value": "En International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve en IccCmm.cpp en libSampleICC.a tiene una desreferencia de puntero NULL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:color:demoiccmax:2022-06-21:*:*:*:*:*:*:*",
"matchCriteriaId": "10975878-B3F5-48A0-80B1-2AC1EBD0298D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-57xx/CVE-2023-5717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5717",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-25T18:17:43.913",
"lastModified": "2023-10-25T20:31:55.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:24:15.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4",
"versionEndExcluding": "6.6",
"matchCriteriaId": "D8D8B90C-7358-42DF-8965-F1D7AD355A57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
}
]
}

77
CVE-2023/CVE-2023-58xx/CVE-2023-5810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5810",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-27T01:15:32.317",
"lastModified": "2023-10-27T12:41:08.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-04T03:23:57.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -64,6 +86,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +107,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flusity:flusity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-10-24",
"matchCriteriaId": "9989CEDF-D8FF-40B5-8E62-E4ABECFDBADC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/flusity/flusity-CMS/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.243641",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.243641",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-04T03:00:21.767020+00:00
2023-11-04T05:00:19.449376+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-04T02:56:51.387000+00:00
2023-11-04T03:24:38.690000+00:00
```
### Last Data Feed Release
@ -40,33 +40,30 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `46`
Recently modified CVEs: `22`
* [CVE-2022-4933](CVE-2022/CVE-2022-49xx/CVE-2022-4933.json) (`2023-11-04T02:32:44.100`)
* [CVE-2022-46945](CVE-2022/CVE-2022-469xx/CVE-2022-46945.json) (`2023-11-04T02:40:41.110`)
* [CVE-2023-5784](CVE-2023/CVE-2023-57xx/CVE-2023-5784.json) (`2023-11-04T01:41:52.020`)
* [CVE-2023-5785](CVE-2023/CVE-2023-57xx/CVE-2023-5785.json) (`2023-11-04T01:43:44.800`)
* [CVE-2023-43208](CVE-2023/CVE-2023-432xx/CVE-2023-43208.json) (`2023-11-04T01:50:43.173`)
* [CVE-2023-4490](CVE-2023/CVE-2023-44xx/CVE-2023-4490.json) (`2023-11-04T01:52:01.003`)
* [CVE-2023-4178](CVE-2023/CVE-2023-41xx/CVE-2023-4178.json) (`2023-11-04T01:52:20.423`)
* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-11-04T01:56:59.300`)
* [CVE-2023-42439](CVE-2023/CVE-2023-424xx/CVE-2023-42439.json) (`2023-11-04T02:00:21.290`)
* [CVE-2023-39320](CVE-2023/CVE-2023-393xx/CVE-2023-39320.json) (`2023-11-04T02:05:28.337`)
* [CVE-2023-39321](CVE-2023/CVE-2023-393xx/CVE-2023-39321.json) (`2023-11-04T02:07:17.913`)
* [CVE-2023-39322](CVE-2023/CVE-2023-393xx/CVE-2023-39322.json) (`2023-11-04T02:08:08.063`)
* [CVE-2023-3255](CVE-2023/CVE-2023-32xx/CVE-2023-3255.json) (`2023-11-04T02:13:59.980`)
* [CVE-2023-3301](CVE-2023/CVE-2023-33xx/CVE-2023-3301.json) (`2023-11-04T02:19:16.943`)
* [CVE-2023-0673](CVE-2023/CVE-2023-06xx/CVE-2023-0673.json) (`2023-11-04T02:33:39.607`)
* [CVE-2023-1112](CVE-2023/CVE-2023-11xx/CVE-2023-1112.json) (`2023-11-04T02:35:37.830`)
* [CVE-2023-1003](CVE-2023/CVE-2023-10xx/CVE-2023-1003.json) (`2023-11-04T02:36:27.860`)
* [CVE-2023-1004](CVE-2023/CVE-2023-10xx/CVE-2023-1004.json) (`2023-11-04T02:37:19.860`)
* [CVE-2023-4157](CVE-2023/CVE-2023-41xx/CVE-2023-4157.json) (`2023-11-04T02:39:05.593`)
* [CVE-2023-4569](CVE-2023/CVE-2023-45xx/CVE-2023-4569.json) (`2023-11-04T02:39:33.400`)
* [CVE-2023-2995](CVE-2023/CVE-2023-29xx/CVE-2023-2995.json) (`2023-11-04T02:44:32.017`)
* [CVE-2023-27530](CVE-2023/CVE-2023-275xx/CVE-2023-27530.json) (`2023-11-04T02:46:04.243`)
* [CVE-2023-1495](CVE-2023/CVE-2023-14xx/CVE-2023-1495.json) (`2023-11-04T02:46:36.823`)
* [CVE-2023-2246](CVE-2023/CVE-2023-22xx/CVE-2023-2246.json) (`2023-11-04T02:48:45.587`)
* [CVE-2023-22812](CVE-2023/CVE-2023-228xx/CVE-2023-22812.json) (`2023-11-04T02:51:17.437`)
* [CVE-2022-4573](CVE-2022/CVE-2022-45xx/CVE-2022-4573.json) (`2023-11-04T03:24:24.197`)
* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-11-04T03:15:07.827`)
* [CVE-2023-21361](CVE-2023/CVE-2023-213xx/CVE-2023-21361.json) (`2023-11-04T03:20:22.903`)
* [CVE-2023-21360](CVE-2023/CVE-2023-213xx/CVE-2023-21360.json) (`2023-11-04T03:20:32.843`)
* [CVE-2023-21359](CVE-2023/CVE-2023-213xx/CVE-2023-21359.json) (`2023-11-04T03:20:39.810`)
* [CVE-2023-21358](CVE-2023/CVE-2023-213xx/CVE-2023-21358.json) (`2023-11-04T03:20:47.623`)
* [CVE-2023-21357](CVE-2023/CVE-2023-213xx/CVE-2023-21357.json) (`2023-11-04T03:20:55.207`)
* [CVE-2023-21356](CVE-2023/CVE-2023-213xx/CVE-2023-21356.json) (`2023-11-04T03:21:06.440`)
* [CVE-2023-21355](CVE-2023/CVE-2023-213xx/CVE-2023-21355.json) (`2023-11-04T03:21:12.813`)
* [CVE-2023-21354](CVE-2023/CVE-2023-213xx/CVE-2023-21354.json) (`2023-11-04T03:21:47.663`)
* [CVE-2023-21353](CVE-2023/CVE-2023-213xx/CVE-2023-21353.json) (`2023-11-04T03:22:00.393`)
* [CVE-2023-21352](CVE-2023/CVE-2023-213xx/CVE-2023-21352.json) (`2023-11-04T03:22:08.317`)
* [CVE-2023-21351](CVE-2023/CVE-2023-213xx/CVE-2023-21351.json) (`2023-11-04T03:22:15.930`)
* [CVE-2023-21350](CVE-2023/CVE-2023-213xx/CVE-2023-21350.json) (`2023-11-04T03:22:37.570`)
* [CVE-2023-21374](CVE-2023/CVE-2023-213xx/CVE-2023-21374.json) (`2023-11-04T03:22:45.327`)
* [CVE-2023-21373](CVE-2023/CVE-2023-213xx/CVE-2023-21373.json) (`2023-11-04T03:22:52.047`)
* [CVE-2023-45797](CVE-2023/CVE-2023-457xx/CVE-2023-45797.json) (`2023-11-04T03:23:18.037`)
* [CVE-2023-46867](CVE-2023/CVE-2023-468xx/CVE-2023-46867.json) (`2023-11-04T03:23:36.290`)
* [CVE-2023-46866](CVE-2023/CVE-2023-468xx/CVE-2023-46866.json) (`2023-11-04T03:23:43.990`)
* [CVE-2023-5810](CVE-2023/CVE-2023-58xx/CVE-2023-5810.json) (`2023-11-04T03:23:57.180`)
* [CVE-2023-5717](CVE-2023/CVE-2023-57xx/CVE-2023-5717.json) (`2023-11-04T03:24:15.637`)
* [CVE-2023-43322](CVE-2023/CVE-2023-433xx/CVE-2023-43322.json) (`2023-11-04T03:24:38.690`)
## Download and Usage