admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-16T17:00:18.483123+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-16 17:00:22 +00:00
parent 4a65fbaea9
commit 61a6abedd1
78 changed files with 4847 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2020/CVE-2020-174xx/CVE-2020-17477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-17477",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T13:15:09.293",
"lastModified": "2023-10-26T15:32:27.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T15:12:35.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Las ACL de LDAP incorrectas en ucs-school-ldap-acls-master en UCS@school antes de 4.4v5-errata permiten a los profesores, el personal y los administradores escolares remotos leer hashes de contrase\u00f1as LDAP (sambaNTPassword, krb5Key, sambaPasswordHistory y pwhistory) a trav\u00e9s de solicitudes de b\u00fasqueda LDAP. Por ejemplo, un profesor puede obtener acceso de administrador mediante un hash NTLM."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:univention:ucs\\@school:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.4",
"matchCriteriaId": "90065C97-0251-4934-AE91-0B972426FCF9"
}
]
}
]
}
],
"references": [
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=50669",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

96
CVE-2021/CVE-2021-257xx/CVE-2021-25736.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-25736",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-10-30T03:15:07.653",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:01:35.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"
},
{
"lang": "es",
"value": "Kube-proxy en Windows puede reenviar tr\u00e1fico involuntariamente a procesos locales que escuchan en el mismo puerto (\u201cspec.ports[*].port\u201d) que LoadBalancer Service cuando el controlador LoadBalancer no configura \u201cstatus.loadBalancer.ingress[].ip\u201d. Los cl\u00fasteres donde el controlador LoadBalancer establece el campo \"status.loadBalancer.ingress[].ip\" no se ven afectados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -34,14 +58,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndExcluding": "1.18.18",
"matchCriteriaId": "8E811D79-831A-493A-A0C8-D06442D01ADD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.19.0",
"versionEndExcluding": "1.19.10",
"matchCriteriaId": "54F99BEF-703E-43C0-846C-AB9EECE134A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.20.0",
"versionEndExcluding": "1.20.6",
"matchCriteriaId": "E26E82C1-754C-4E81-B7BC-FB4DACE33945"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/pull/99958",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-468xx/CVE-2022-46821.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-46821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-07T17:15:09.270",
"lastModified": "2023-11-07T19:07:44.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:26:58.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en Jackmail & Sarbacane Emails & Newsletters with Jackmail. Este problema afecta a Emails & Newsletters with Jackmail: desde n/a hasta 1.2.22."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jackmail:jackmail:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.22",
"matchCriteriaId": "516B2FFD-1E69-4551-8183-40ED193507DF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jackmail-newsletters/wordpress-emails-newsletters-with-jackmail-plugin-1-2-22-csv-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2022/CVE-2022-485xx/CVE-2022-48554.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48554",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.757",
"lastModified": "2023-09-05T05:15:07.883",
"lastModified": "2023-11-16T16:15:29.060",
"vulnStatus": "Modified",
"descriptions": [
{
@ -73,6 +73,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0002/",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5489",
"source": "cve@mitre.org"

66
CVE-2023/CVE-2023-03xx/CVE-2023-0392.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-0392",
"sourceIdentifier": "psirt@okta.com",
"published": "2023-11-08T21:15:08.353",
"lastModified": "2023-11-09T13:46:24.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:15:03.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution."
},
{
"lang": "es",
"value": "El servicio LDAP Agent Update con versiones anteriores a la 5.18 utilizaba una ruta sin comillas, lo que pod\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
},
{
"source": "psirt@okta.com",
"type": "Secondary",
@ -23,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:okta:ldap_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"matchCriteriaId": "46817F73-3816-44BE-9F93-37236FF534B6"
}
]
}
]
}
],
"references": [
{
"url": "https://trust.okta.com/security-advisories/okta-ldap-agent-cve-2023-0392",
"source": "psirt@okta.com"
"source": "psirt@okta.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-209xx/CVE-2023-20902.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20902",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-09T01:15:07.660",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:43:24.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,\u00a0 Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to \ncreate jobs/stop job tasks and retrieve job task information.\n\n\n"
},
{
"lang": "es",
"value": "Una condici\u00f3n de sincronizaci\u00f3n en Harbor 2.6.x y anteriores, Harbor 2.7.2 y anteriores, Harbor 2.8.2 y anteriores y Harbor 1.10.17 y anteriores permite a un atacante con acceso a la red crear trabajos/detener tareas de trabajo y recuperar informaci\u00f3n de tareas de trabajo. ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.17",
"matchCriteriaId": "225BD7C9-8163-410E-80C3-25FA2DB3E17F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndIncluding": "2.6.4",
"matchCriteriaId": "752DA342-ED60-4E9E-BB1B-B73CE61A95FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.3",
"matchCriteriaId": "9AB5FC66-7E27-4199-9E68-698F222039F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.3",
"matchCriteriaId": "A2D7140D-E5FB-4A2E-85D2-48BF5AB512C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26368.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26368",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:29.547",
"lastModified": "2023-11-16T16:15:29.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html",
"source": "psirt@adobe.com"
}
]
}

10
CVE-2023/CVE-2023-26xx/CVE-2023-2680.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2680",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:09.697",
"lastModified": "2023-11-07T04:13:07.677",
"lastModified": "2023-11-16T16:15:30.260",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 6.0
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -127,6 +127,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2023/CVE-2023-309xx/CVE-2023-30987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30987",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.627",
"lastModified": "2023-10-19T14:05:29.397",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:30.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -220,6 +220,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0006/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047560",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-309xx/CVE-2023-30991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30991",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T23:15:10.147",
"lastModified": "2023-10-19T14:34:33.447",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T15:15:07.930",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -165,6 +165,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0005/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047499",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-314xx/CVE-2023-31419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31419",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-10-26T18:15:08.647",
"lastModified": "2023-11-06T19:23:04.963",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:30.490",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -114,6 +114,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0010/",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co",

73
CVE-2023/CVE-2023-32xx/CVE-2023-3282.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3282",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-11-08T18:15:07.827",
"lastModified": "2023-11-09T13:46:24.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:26:39.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con privilegios elevados si el atacante tiene acceso de shell al motor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.0",
"matchCriteriaId": "E73EE9AD-BA9E-4AE6-A5C5-841F5DA8F58F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3282",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-340xx/CVE-2023-34060.json
View File

@ -2,16 +2,32 @@
"id": "CVE-2023-34060",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-14T21:15:09.253",
"lastModified": "2023-11-14T21:38:02.453",
"lastModified": "2023-11-16T16:15:30.597",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present."
"value": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\u00a0VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5)."
},
{
"lang": "es",
"value": "VMware Cloud Director Appliance contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en caso de que VMware Cloud Director Appliance se haya actualizado a 10.5 desde una versi\u00f3n anterior. En una versi\u00f3n actualizada de VMware Cloud Director Appliance 10.5, un actor malicioso con acceso de red al dispositivo puede eludir las restricciones de inicio de sesi\u00f3n al autenticarse en el puerto 22 (ssh) o el puerto 5480 (consola de administraci\u00f3n del dispositivo). Esta omisi\u00f3n no est\u00e1 presente en el puerto 443 (proveedor de VCD e inicio de sesi\u00f3n del inquilino). En una nueva instalaci\u00f3n de VMware Cloud Director Appliance 10.5, la omisi\u00f3n no est\u00e1 presente."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687",
"source": "security@vmware.com"
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512",
"source": "security@vmware.com"
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143",
"source": "security@vmware.com"
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html",
"source": "security@vmware.com"

8
CVE-2023/CVE-2023-364xx/CVE-2023-36478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36478",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-10T17:15:11.737",
"lastModified": "2023-10-31T07:15:09.947",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T16:15:30.653",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -189,6 +189,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
"source": "security-advisories@github.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0011/",
"source": "security-advisories@github.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5540",
"source": "security-advisories@github.com"

62
CVE-2023/CVE-2023-375xx/CVE-2023-37533.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37533",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-11-09T00:15:07.870",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:44:55.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks.\n"
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a Cross-Site Scripting (XSS) reflejado donde un atacante puede aprovechar estos problemas para ejecutar c\u00f3digo de script arbitrario en el navegador de un usuario desprevenido despu\u00e9s de visitar la URL vulnerable que contiene el c\u00f3digo de script malicioso. Esto puede permitir que el atacante robe credenciales de autenticaci\u00f3n basadas en cookies, comprenda la cuenta de un usuario y luego lance otros ataques."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108434",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-377xx/CVE-2023-37790.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-37790",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T00:15:08.037",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:44:00.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Jaspersoft Clarity PPM versi\u00f3n 14.3.0.298 conten\u00eda una vulnerabilidad de carga de archivos arbitraria a trav\u00e9s de la funci\u00f3n de Carga de Im\u00e1genes de Perfil."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:clarity:14.3.0.298:*:*:*:*:*:*:*",
"matchCriteriaId": "0800B88C-6B6D-40E1-B17E-FF2F250398CA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/173508/Clarity-PPM-14.3.0.298-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2023/CVE-2023-385xx/CVE-2023-38552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38552",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.200",
"lastModified": "2023-11-03T22:15:09.843",
"lastModified": "2023-11-16T16:15:30.800",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -107,6 +107,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
"source": "support@hackerone.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0013/",
"source": "support@hackerone.com"
}
]
}

8
CVE-2023/CVE-2023-387xx/CVE-2023-38719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38719",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T00:15:10.797",
"lastModified": "2023-10-19T14:33:59.800",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:30.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -128,6 +128,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0008/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047558",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-387xx/CVE-2023-38720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38720",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.720",
"lastModified": "2023-10-19T14:05:54.967",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -165,6 +165,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0005/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-387xx/CVE-2023-38728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38728",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:11.957",
"lastModified": "2023-10-19T14:34:59.273",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.207",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -225,6 +225,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0006/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047478",
"source": "nvd@nist.gov",

8
CVE-2023/CVE-2023-387xx/CVE-2023-38740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38740",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:12.057",
"lastModified": "2023-10-19T14:34:48.020",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.320",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -130,6 +130,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
"source": "psirt@us.ibm.com",

6
CVE-2023/CVE-2023-393xx/CVE-2023-39331.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39331",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.257",
"lastModified": "2023-11-08T01:15:07.700",
"lastModified": "2023-11-16T16:15:31.433",
"vulnStatus": "Modified",
"descriptions": [
{
@ -97,6 +97,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/",
"source": "support@hackerone.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39332.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39332",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.330",
"lastModified": "2023-11-03T22:15:10.240",
"lastModified": "2023-11-16T16:15:31.510",
"vulnStatus": "Modified",
"descriptions": [
{
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "Varias funciones `node:fs` permiten especificar rutas como cadenas u objetos `Uint8Array`. En entornos Node.js, la clase `Buffer` extiende la clase `Uint8Array`. Node.js evita el path traversal a trav\u00e9s de cadenas (ver CVE-2023-30584) y objetos `Buffer` (ver CVE-2023-32004), pero no a trav\u00e9s de objetos `Uint8Array` que no son `Buffer`. Esto es distinto de CVE-2023-32004 ([reporte 2038134](https://hackerone.com/reports/2038134)), que solo hac\u00eda referencia a objetos \"Buffer\". Sin embargo, la vulnerabilidad sigue el mismo patr\u00f3n al usar \"Uint8Array\" en lugar de \"Buffer\". Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
"value": "Varias funciones `node:fs` permiten especificar rutas como cadenas u objetos `Uint8Array`. En entornos Node.js, la clase `Buffer` extiende la clase `Uint8Array`. Node.js evita el path traversal a trav\u00e9s de cadenas (ver CVE-2023-30584) y objetos `Buffer` (ver CVE-2023-32004), pero no a trav\u00e9s de objetos `Uint8Array` que no son `Buffer`. Esto es distinto de CVE-2023-32004, que solo se refer\u00eda a objetos \"Buffer\". Sin embargo, la vulnerabilidad sigue el mismo patr\u00f3n al usar \"Uint8Array\" en lugar de \"Buffer\". Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {
@ -79,6 +79,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
"source": "support@hackerone.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0009/",
"source": "support@hackerone.com"
}
]
}

71
CVE-2023/CVE-2023-399xx/CVE-2023-39913.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-39913",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-08T08:15:08.883",
"lastModified": "2023-11-08T15:15:08.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T15:55:57.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0.\n\nUsers are recommended to upgrade to version 3.5.0, which fixes the issue.\n\nThere are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular:\n * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class;\n * the CAS Editor Eclipse plugin which uses the\u00a0the CasIOUtils class to load data;\n * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections;\n * the CasAnnotationViewerApplet and the CasTreeViewerApplet;\n * the checkpointing feature of the CPE module.\n\nNote that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object.\n\nWhen using Vinci or using CasIOUtils in own services/applications,\u00a0the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.\n\nAs a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290 \u00a0and\u00a0 https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. \n\nNote that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.\n\nTo mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the \"jdk.serialFilter\" system property using a semicolon as a separator:\n\nTo allow deserializing Java-serialized binary CASes, add the classes:\n * org.apache.uima.cas.impl.CASCompleteSerializer\n * org.apache.uima.cas.impl.CASMgrSerializer\n * org.apache.uima.cas.impl.CASSerializer\n * java.lang.String\n\nTo allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints):\n * org.apache.uima.collection.impl.cpm.CheckpointData\n * org.apache.uima.util.ProcessTrace\n * org.apache.uima.util.impl.ProcessTrace_impl\n * org.apache.uima.collection.base_cpm.SynchPoint\n\nMake sure to use \"!*\" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.\n\nApache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.\n\n"
},
{
"lang": "es",
"value": "Deserializaci\u00f3n de datos que no son de confianza, vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache UIMA Java SDK. Este problema afecta a Apache UIMA Java SDK: anterior a 3.5.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.5.0, que soluciona el problema. Hay varias ubicaciones en el c\u00f3digo donde los objetos Java serializados se deserializan sin verificar los datos. Esto afecta en particular: * a la deserializaci\u00f3n de un CAS serializado en Java, pero tambi\u00e9n a otros formatos binarios de CAS que incluyen informaci\u00f3n TSI utilizando la clase CasIOUtils; * el complemento CAS Editor Eclipse que utiliza la clase CasIOUtils para cargar datos; * la deserializaci\u00f3n de un CAS serializado en Java del servicio Vinci Analysis Engine que puede recibir objetos CAS serializados en Java a trav\u00e9s de conexiones de red; * el CasAnnotationViewerApplet y el CasTreeViewerApplet; * la funci\u00f3n de puntos de control del m\u00f3dulo CPE. Tenga en cuenta que el framework UIMA de forma predeterminada no inicia ning\u00fan servicio accesible de forma remota (es decir, Vinci) que ser\u00eda vulnerable a este problema. Un usuario o desarrollador tendr\u00eda que tomar una decisi\u00f3n activa para iniciar dicho servicio. Sin embargo, los usuarios o desarrolladores pueden utilizar CasIOUtils en sus propias aplicaciones y servicios para analizar datos CAS serializados. Se ven afectados por este problema a menos que se aseguren de que los datos pasados a CasIOUtils no sean un objeto Java serializado. Cuando se utiliza Vinci o CasIOUtils en servicios/aplicaciones propios, la deserializaci\u00f3n sin restricciones de archivos CAS serializados en Java puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario (remoto). Como soluci\u00f3n, es posible configurar un ObjectInputFilter global o espec\u00edfico del contexto (cf. https://openjdk.org/jeps/290 y https://openjdk.org/jeps/415) si se ejecuta UIMA en un sistema Java versi\u00f3n que lo soporta. Tenga en cuenta que Java 1.8 no es compatible con ObjectInputFilter, por lo que no hay soluci\u00f3n cuando se ejecuta en esta plataforma que no es compatible. Se recomienda encarecidamente actualizar a una versi\u00f3n reciente de Java si necesita proteger una versi\u00f3n de UIMA afectada por este problema. Para mitigar el problema en una plataforma Java 9+, puede configurar un patr\u00f3n de filtro a trav\u00e9s de la propiedad del sistema \"jdk.serialFilter\" usando un punto y coma, como separador: Para permitir deserializar CAS binarios serializados en Java, agregue las clases: * org.apache .uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String Para permitir la deserializaci\u00f3n de datos de CPE Checkpoint, agregue las siguientes clases ( y cualquier clase personalizada que su aplicaci\u00f3n utilice para almacenar sus puntos de control): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Aseg\u00farese de utilizar \"!*\" como componente final del patr\u00f3n de filtro para no permitir la deserializaci\u00f3n de cualquier clase que no figure en el patr\u00f3n. Apache UIMA 3.5.0 utiliza ObjectInputFilters de alcance estricto al leer datos serializados en Java, seg\u00fan el tipo de datos que se espera. No es necesario configurar un filtro global con esta versi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -27,14 +64,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:uimaj:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "C0660629-7E58-403B-BB1E-AC1F7ACD65E9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/lw30f4qlq3mhkhpljj16qw4fot3rg7v4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

8
CVE-2023/CVE-2023-403xx/CVE-2023-40372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40372",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T00:15:10.887",
"lastModified": "2023-10-19T17:54:25.380",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.580",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -130,6 +130,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047561",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-403xx/CVE-2023-40373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40373",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T00:15:10.970",
"lastModified": "2023-10-19T17:53:38.650",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.730",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -225,6 +225,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0006/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047563",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-403xx/CVE-2023-40374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40374",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T23:15:10.243",
"lastModified": "2023-10-19T14:34:13.630",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.900",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -130,6 +130,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047261",
"source": "psirt@us.ibm.com",

128
CVE-2023/CVE-2023-40xx/CVE-2023-4061.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4061",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-08T01:15:08.693",
"lastModified": "2023-11-08T14:00:58.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:03:43.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en wildfly-core. Un usuario de administraci\u00f3n podr\u00eda usar la expresi\u00f3n de resoluci\u00f3n en la interfaz HAL para leer posible informaci\u00f3n confidencial del sistema Wildfly. Este problema podr\u00eda permitir que un usuario malintencionado acceda al sistema y obtenga posible informaci\u00f3n confidencial del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,30 +80,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0.30",
"matchCriteriaId": "9010FA7B-9055-4B63-A7DE-837C8D4F22FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5484",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5485",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5486",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5488",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4061",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

81
CVE-2023/CVE-2023-438xx/CVE-2023-43885.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-43885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-07T08:15:24.090",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:12:08.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device."
},
{
"lang": "es",
"value": "La falta de manejo de errores en el componente del servidor HTTP del Tenda RX9 Pro Firmware V22.03.02.20 permite a atacantes autenticados bloquear arbitrariamente el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBD7EC2-DB8E-4E6F-A7CE-3479109A1902"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F07D2963-577B-49E1-BFE3-88D7862D566D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-438xx/CVE-2023-43886.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-43886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-07T08:15:24.140",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:05:52.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en el componente del servidor HTTP de Tenda RX9 Pro v22.03.02.20 podr\u00eda permitir que un atacante autenticado sobrescriba la memoria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBD7EC2-DB8E-4E6F-A7CE-3479109A1902"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F07D2963-577B-49E1-BFE3-88D7862D566D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44327.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44327",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.100",
"lastModified": "2023-11-16T15:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44328.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44328",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.300",
"lastModified": "2023-11-16T15:15:08.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44329.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44329",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.490",
"lastModified": "2023-11-16T15:15:08.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44330.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44330",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.683",
"lastModified": "2023-11-16T15:15:08.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44331.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44331",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:08.863",
"lastModified": "2023-11-16T15:15:08.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44332.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44332",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.043",
"lastModified": "2023-11-16T15:15:09.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44333.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44333",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.237",
"lastModified": "2023-11-16T15:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44334.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44334",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.450",
"lastModified": "2023-11-16T15:15:09.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44335.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44335",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:09.630",
"lastModified": "2023-11-16T15:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-444xx/CVE-2023-44466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44466",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T06:15:11.007",
"lastModified": "2023-10-02T20:01:00.753",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T16:15:31.993",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -92,6 +92,10 @@
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0003/",
"source": "cve@mitre.org"
},
{
"url": "https://www.spinics.net/lists/ceph-devel/msg57909.html",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-451xx/CVE-2023-45145.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45145",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-18T21:15:09.560",
"lastModified": "2023-11-03T22:15:11.573",
"lastModified": "2023-11-16T15:15:09.813",
"vulnStatus": "Modified",
"descriptions": [
{
@ -195,6 +195,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0014/",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-458xx/CVE-2023-45862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-14T21:15:45.180",
"lastModified": "2023-10-19T11:07:20.757",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-16T15:15:09.930",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Mailing List",
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0004/",
"source": "cve@mitre.org"
}
]
}

10
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-11-07T04:22:41.393",
"lastModified": "2023-11-16T16:15:34.163",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 4.2
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -318,6 +318,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0012/",
"source": "secalert@redhat.com"
}
]
}

74
CVE-2023/CVE-2023-460xx/CVE-2023-46001.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-46001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-07T22:15:11.473",
"lastModified": "2023-11-08T14:03:25.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:17:08.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en gpac MP4Box v.2.3-DEV-rev573-g201320819-master permite a un atacante local provocar una Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de la funci\u00f3n gpac/src/isomedia/isom_read.c:2807:51 en gf_isom_get_user_data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev573-g201320819-master:*:*:*:*:*:*:*",
"matchCriteriaId": "63154633-0211-47E2-861B-3FB9BE27BA70"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2629",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

135
CVE-2023/CVE-2023-463xx/CVE-2023-46380.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:07.910",
"lastModified": "2023-11-14T03:15:09.310",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-16T15:59:48.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,140 @@
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 env\u00edan solicitudes de cambio de contrase\u00f1a a trav\u00e9s de HTTP de texto plano."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338AF9A1-BD5E-4955-B9F2-BF38F1D33660"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31C7C60-0476-43F9-9471-1976F569B9DE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2AE346-27B5-45B0-9DF9-AE4DF99377D8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798F75E0-8B29-4F1B-BBB8-82B97CBC7138"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-463xx/CVE-2023-46381.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:07.957",
"lastModified": "2023-11-14T03:15:09.367",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-16T16:13:18.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,140 @@
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 carecen de autenticaci\u00f3n para la versi\u00f3n preinstalada de LWEB-802 a trav\u00e9s de un URI lweb802_pre/. Un atacante no autenticado puede editar cualquier proyecto (o crear un proyecto nuevo) y controlar su GUI."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338AF9A1-BD5E-4955-B9F2-BF38F1D33660"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31C7C60-0476-43F9-9471-1976F569B9DE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2AE346-27B5-45B0-9DF9-AE4DF99377D8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798F75E0-8B29-4F1B-BBB8-82B97CBC7138"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-463xx/CVE-2023-46382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-04T23:15:08.003",
"lastModified": "2023-11-14T03:15:09.420",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-16T16:15:45.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,140 @@
"value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 utilizan HTTP de texto plano para iniciar sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338AF9A1-BD5E-4955-B9F2-BF38F1D33660"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31C7C60-0476-43F9-9471-1976F569B9DE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2AE346-27B5-45B0-9DF9-AE4DF99377D8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798F75E0-8B29-4F1B-BBB8-82B97CBC7138"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-46595",
"sourceIdentifier": "security.vulnerabilities@algosec.com",
"published": "2023-11-02T08:15:08.040",
"lastModified": "2023-11-14T22:15:30.480",
"lastModified": "2023-11-16T15:15:10.007",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Net-NTLM leak in Fireflow A32.20 allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in version A32.20 (b570 and above)"
"value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above)"
},
{
"lang": "es",

55
CVE-2023/CVE-2023-470xx/CVE-2023-47040.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47040",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.120",
"lastModified": "2023-11-16T15:15:10.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47041.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47041",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.390",
"lastModified": "2023-11-16T15:15:10.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47042.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47042",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.650",
"lastModified": "2023-11-16T15:15:10.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47043.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47043",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:10.830",
"lastModified": "2023-11-16T15:15:10.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47044.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47044",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T15:15:11.007",
"lastModified": "2023-11-16T15:15:11.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47046.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47046",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.080",
"lastModified": "2023-11-16T16:15:32.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47047.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47047",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.367",
"lastModified": "2023-11-16T16:15:32.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47048.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47048",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.783",
"lastModified": "2023-11-16T16:15:32.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47049.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47049",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:32.973",
"lastModified": "2023-11-16T16:15:32.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47050.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47050",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.167",
"lastModified": "2023-11-16T16:15:33.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47051.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47051",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.370",
"lastModified": "2023-11-16T16:15:33.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47052.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47052",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.587",
"lastModified": "2023-11-16T16:15:33.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47053.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47053",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.770",
"lastModified": "2023-11-16T16:15:33.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47054.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47054",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T16:15:33.957",
"lastModified": "2023-11-16T16:15:33.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html",
"source": "psirt@adobe.com"
}
]
}

67
CVE-2023/CVE-2023-474xx/CVE-2023-47488.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-47488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T06:15:24.290",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:42:19.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en Combodo iTop v.3.1.0-2-11973 permite a un atacante local obtener informaci\u00f3n sensible a trav\u00e9s de un script manipulado para el par\u00e1metro attrib_manager_id en la p\u00e1gina de informaci\u00f3n general y el par\u00e1metro id en la p\u00e1gina de contacto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:combodo:itop:3.1.0-2-11973:*:*:*:*:*:*:*",
"matchCriteriaId": "D543AAF8-B033-4AC5-9FC9-7871D4CF7952"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugplorer.github.io/cve-xss-itop/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

67
CVE-2023/CVE-2023-474xx/CVE-2023-47489.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-47489",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T06:15:24.347",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:39:53.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components."
},
{
"lang": "es",
"value": "Un problema en Combodo iTop v.3.1.0-2-11973 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en los componentes export-v2.php y ajax.render.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:combodo:itop:3.1.0-2-11973:*:*:*:*:*:*:*",
"matchCriteriaId": "D543AAF8-B033-4AC5-9FC9-7871D4CF7952"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugplorer.github.io/cve-csv-itop/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47612.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47612",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T12:15:07.520",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:39:34.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-552: Archivos o Directorios Accesibles a Partes Externas en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir que un atacante con acceso f\u00edsico al sistema de destino para obtener acceso de lectura/escritura a cualquier archivo y directorio en el sistema de destino, incluidos archivos y directorios ocultos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47613.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47613",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T07:15:07.310",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:39:43.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-23: Relative Path Traversal en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir a un atacante local con pocos privilegios escape de directorios virtuales y obtenga acceso de lectura/escritura a archivos protegidos en el sistema de destino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47615.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47615",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T13:15:07.500",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:38:38.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-526: Exposici\u00f3n de informaci\u00f3n confidencial a trav\u00e9s de variables ambientales en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir una vulnerabilidad local, un atacante con pocos privilegios para obtener acceso a datos confidenciales en el sistema objetivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

315
CVE-2023/CVE-2023-476xx/CVE-2023-47616.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47616",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T13:15:07.677",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:33:29.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-200: Exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir que un atacante con acceso f\u00edsico al sistema de destino para obtener acceso a datos confidenciales en el sistema de destino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
@ -46,10 +80,285 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF"
}
]
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/",
"source": "vulnerability@kaspersky.com"
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-57xx/CVE-2023-5760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5760",
"sourceIdentifier": "security@nortonlifelock.com",
"published": "2023-11-08T17:15:07.993",
"lastModified": "2023-11-15T13:15:07.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:48:28.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "security@nortonlifelock.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
},
{
"source": "security@nortonlifelock.com",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avast:avg_antivirus:23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8124009-1327-4987-8496-13DE18CF777A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html",
"source": "security@nortonlifelock.com"
"source": "security@nortonlifelock.com",
"tags": [
"Third Party Advisory"
]
}
]
}

147
CVE-2023/CVE-2023-59xx/CVE-2023-5941.json
View File

@ -2,16 +2,57 @@
"id": "CVE-2023-5941",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-11-08T09:15:07.847",
"lastModified": "2023-11-08T14:00:53.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T15:37:21.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. \u00a0Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program."
},
{
"lang": "es",
"value": "En las versiones 12.4-RELEASE anteriores a 12.4-RELEASE-p7 y 13.2-RELEASE anteriores a 13.2-RELEASE-p5 de FreeBSD, la funci\u00f3n stdio __sflush() en libc no actualiza correctamente los miembros del espacio de escritura de los objetos FILE para secuencias con b\u00fafer de escritura cuando la llamada al sistema write(2) devuelve un error. Dependiendo de la naturaleza de una aplicaci\u00f3n que llama a las funciones stdio de libc y la presencia de errores devueltos por la llamada al sistema write(2) (o una rutina de escritura stdio anulada), puede ocurrir un desbordamiento del buffer del heap. Dichos desbordamientos pueden provocar da\u00f1os en los datos o la ejecuci\u00f3n de c\u00f3digo arbitrario en el nivel de privilegio del programa que realiza la llamada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secteam@freebsd.org",
"type": "Secondary",
@ -27,10 +68,108 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.2",
"matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
"matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAD22-5712-472D-ADAF-13DE0826F888"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*",
"matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*",
"matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-59xx/CVE-2023-5978.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-5978",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-11-08T09:15:07.933",
"lastModified": "2023-11-08T14:00:53.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T15:17:16.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted."
},
{
"lang": "es",
"value": "En las versiones 13-RELEASE anteriores a 13-RELEASE-p5 de FreeBSD, bajo ciertas circunstancias el servicio cap_net libcasper(3) valida incorrectamente que las restricciones actualizadas son estrictamente subconjuntos de las restricciones activas. Cuando solo se especificaba una lista de nombres de dominio resolubles sin establecer otras limitaciones, una aplicaci\u00f3n pod\u00eda enviar una nueva lista de dominios que incluyeran entradas que no figuraban anteriormente. Esto podr\u00eda permitir que la aplicaci\u00f3n resuelva nombres de dominio que anteriormente estaban restringidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secteam@freebsd.org",
"type": "Secondary",
@ -23,10 +60,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.2",
"matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-60xx/CVE-2023-6001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6001",
"sourceIdentifier": "security@yugabyte.com",
"published": "2023-11-08T00:15:07.620",
"lastModified": "2023-11-09T20:15:11.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T16:15:23.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@yugabyte.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@yugabyte.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.18.4.0",
"matchCriteriaId": "F9290232-CB29-4B65-8B66-9E5ADBCD379B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.yugabyte.com/",
"source": "security@yugabyte.com"
"source": "security@yugabyte.com",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6015.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6015",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:34.370",
"lastModified": "2023-11-16T16:15:34.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MLflow allowed arbitrary files to be PUT onto the server."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6016.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6016",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:34.680",
"lastModified": "2023-11-16T16:15:34.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/83dd17ec-053e-453c-befb-7d6736bf1836",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6018.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6018",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:34.880",
"lastModified": "2023-11-16T16:15:34.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker can overwrite any file on the server hosting MLflow without any authentication."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6023.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6023",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T16:15:35.057",
"lastModified": "2023-11-16T16:15:35.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6121.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6121",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-16T15:15:11.197",
"lastModified": "2023-11-16T15:15:11.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6121",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043",
"source": "secalert@redhat.com"
}
]
}

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-16T15:00:18.903049+00:00
2023-11-16T17:00:18.483123+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-16T14:46:51.917000+00:00
2023-11-16T16:48:28.453000+00:00
```
### Last Data Feed Release
@ -29,45 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230920
230949
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `29`
* [CVE-2023-4771](CVE-2023/CVE-2023-47xx/CVE-2023-4771.json) (`2023-11-16T14:15:28.913`)
* [CVE-2023-44331](CVE-2023/CVE-2023-443xx/CVE-2023-44331.json) (`2023-11-16T15:15:08.863`)
* [CVE-2023-44332](CVE-2023/CVE-2023-443xx/CVE-2023-44332.json) (`2023-11-16T15:15:09.043`)
* [CVE-2023-44333](CVE-2023/CVE-2023-443xx/CVE-2023-44333.json) (`2023-11-16T15:15:09.237`)
* [CVE-2023-44334](CVE-2023/CVE-2023-443xx/CVE-2023-44334.json) (`2023-11-16T15:15:09.450`)
* [CVE-2023-44335](CVE-2023/CVE-2023-443xx/CVE-2023-44335.json) (`2023-11-16T15:15:09.630`)
* [CVE-2023-47040](CVE-2023/CVE-2023-470xx/CVE-2023-47040.json) (`2023-11-16T15:15:10.120`)
* [CVE-2023-47041](CVE-2023/CVE-2023-470xx/CVE-2023-47041.json) (`2023-11-16T15:15:10.390`)
* [CVE-2023-47042](CVE-2023/CVE-2023-470xx/CVE-2023-47042.json) (`2023-11-16T15:15:10.650`)
* [CVE-2023-47043](CVE-2023/CVE-2023-470xx/CVE-2023-47043.json) (`2023-11-16T15:15:10.830`)
* [CVE-2023-47044](CVE-2023/CVE-2023-470xx/CVE-2023-47044.json) (`2023-11-16T15:15:11.007`)
* [CVE-2023-6121](CVE-2023/CVE-2023-61xx/CVE-2023-6121.json) (`2023-11-16T15:15:11.197`)
* [CVE-2023-26368](CVE-2023/CVE-2023-263xx/CVE-2023-26368.json) (`2023-11-16T16:15:29.547`)
* [CVE-2023-47046](CVE-2023/CVE-2023-470xx/CVE-2023-47046.json) (`2023-11-16T16:15:32.080`)
* [CVE-2023-47047](CVE-2023/CVE-2023-470xx/CVE-2023-47047.json) (`2023-11-16T16:15:32.367`)
* [CVE-2023-47048](CVE-2023/CVE-2023-470xx/CVE-2023-47048.json) (`2023-11-16T16:15:32.783`)
* [CVE-2023-47049](CVE-2023/CVE-2023-470xx/CVE-2023-47049.json) (`2023-11-16T16:15:32.973`)
* [CVE-2023-47050](CVE-2023/CVE-2023-470xx/CVE-2023-47050.json) (`2023-11-16T16:15:33.167`)
* [CVE-2023-47051](CVE-2023/CVE-2023-470xx/CVE-2023-47051.json) (`2023-11-16T16:15:33.370`)
* [CVE-2023-47052](CVE-2023/CVE-2023-470xx/CVE-2023-47052.json) (`2023-11-16T16:15:33.587`)
* [CVE-2023-47053](CVE-2023/CVE-2023-470xx/CVE-2023-47053.json) (`2023-11-16T16:15:33.770`)
* [CVE-2023-47054](CVE-2023/CVE-2023-470xx/CVE-2023-47054.json) (`2023-11-16T16:15:33.957`)
* [CVE-2023-6015](CVE-2023/CVE-2023-60xx/CVE-2023-6015.json) (`2023-11-16T16:15:34.370`)
* [CVE-2023-6016](CVE-2023/CVE-2023-60xx/CVE-2023-6016.json) (`2023-11-16T16:15:34.680`)
* [CVE-2023-6018](CVE-2023/CVE-2023-60xx/CVE-2023-6018.json) (`2023-11-16T16:15:34.880`)
* [CVE-2023-6023](CVE-2023/CVE-2023-60xx/CVE-2023-6023.json) (`2023-11-16T16:15:35.057`)
### CVEs modified in the last Commit
Recently modified CVEs: `51`
Recently modified CVEs: `48`
* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2023-11-16T13:51:11.743`)
* [CVE-2023-47263](CVE-2023/CVE-2023-472xx/CVE-2023-47263.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47264](CVE-2023/CVE-2023-472xx/CVE-2023-47264.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47470](CVE-2023/CVE-2023-474xx/CVE-2023-47470.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47471](CVE-2023/CVE-2023-474xx/CVE-2023-47471.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43275](CVE-2023/CVE-2023-432xx/CVE-2023-43275.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47003](CVE-2023/CVE-2023-470xx/CVE-2023-47003.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47335](CVE-2023/CVE-2023-473xx/CVE-2023-47335.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43752](CVE-2023/CVE-2023-437xx/CVE-2023-43752.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43757](CVE-2023/CVE-2023-437xx/CVE-2023-43757.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-44296](CVE-2023/CVE-2023-442xx/CVE-2023-44296.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47213](CVE-2023/CVE-2023-472xx/CVE-2023-47213.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47674](CVE-2023/CVE-2023-476xx/CVE-2023-47674.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-26031](CVE-2023/CVE-2023-260xx/CVE-2023-26031.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-32469](CVE-2023/CVE-2023-324xx/CVE-2023-32469.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-39246](CVE-2023/CVE-2023-392xx/CVE-2023-39246.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-39259](CVE-2023/CVE-2023-392xx/CVE-2023-39259.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-44282](CVE-2023/CVE-2023-442xx/CVE-2023-44282.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43569](CVE-2023/CVE-2023-435xx/CVE-2023-43569.json) (`2023-11-16T14:17:19.957`)
* [CVE-2023-43570](CVE-2023/CVE-2023-435xx/CVE-2023-43570.json) (`2023-11-16T14:20:36.770`)
* [CVE-2023-43568](CVE-2023/CVE-2023-435xx/CVE-2023-43568.json) (`2023-11-16T14:24:24.567`)
* [CVE-2023-43567](CVE-2023/CVE-2023-435xx/CVE-2023-43567.json) (`2023-11-16T14:27:01.117`)
* [CVE-2023-47107](CVE-2023/CVE-2023-471xx/CVE-2023-47107.json) (`2023-11-16T14:27:03.320`)
* [CVE-2023-6012](CVE-2023/CVE-2023-60xx/CVE-2023-6012.json) (`2023-11-16T14:31:29.520`)
* [CVE-2023-46772](CVE-2023/CVE-2023-467xx/CVE-2023-46772.json) (`2023-11-16T14:46:51.917`)
* [CVE-2023-38552](CVE-2023/CVE-2023-385xx/CVE-2023-38552.json) (`2023-11-16T16:15:30.800`)
* [CVE-2023-38719](CVE-2023/CVE-2023-387xx/CVE-2023-38719.json) (`2023-11-16T16:15:30.990`)
* [CVE-2023-38720](CVE-2023/CVE-2023-387xx/CVE-2023-38720.json) (`2023-11-16T16:15:31.103`)
* [CVE-2023-38728](CVE-2023/CVE-2023-387xx/CVE-2023-38728.json) (`2023-11-16T16:15:31.207`)
* [CVE-2023-38740](CVE-2023/CVE-2023-387xx/CVE-2023-38740.json) (`2023-11-16T16:15:31.320`)
* [CVE-2023-39331](CVE-2023/CVE-2023-393xx/CVE-2023-39331.json) (`2023-11-16T16:15:31.433`)
* [CVE-2023-39332](CVE-2023/CVE-2023-393xx/CVE-2023-39332.json) (`2023-11-16T16:15:31.510`)
* [CVE-2023-40372](CVE-2023/CVE-2023-403xx/CVE-2023-40372.json) (`2023-11-16T16:15:31.580`)
* [CVE-2023-40373](CVE-2023/CVE-2023-403xx/CVE-2023-40373.json) (`2023-11-16T16:15:31.730`)
* [CVE-2023-40374](CVE-2023/CVE-2023-403xx/CVE-2023-40374.json) (`2023-11-16T16:15:31.900`)
* [CVE-2023-44466](CVE-2023/CVE-2023-444xx/CVE-2023-44466.json) (`2023-11-16T16:15:31.993`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-11-16T16:15:34.163`)
* [CVE-2023-46382](CVE-2023/CVE-2023-463xx/CVE-2023-46382.json) (`2023-11-16T16:15:45.477`)
* [CVE-2023-46001](CVE-2023/CVE-2023-460xx/CVE-2023-46001.json) (`2023-11-16T16:17:08.710`)
* [CVE-2023-3282](CVE-2023/CVE-2023-32xx/CVE-2023-3282.json) (`2023-11-16T16:26:39.977`)
* [CVE-2023-47616](CVE-2023/CVE-2023-476xx/CVE-2023-47616.json) (`2023-11-16T16:33:29.880`)
* [CVE-2023-47615](CVE-2023/CVE-2023-476xx/CVE-2023-47615.json) (`2023-11-16T16:38:38.310`)
* [CVE-2023-47612](CVE-2023/CVE-2023-476xx/CVE-2023-47612.json) (`2023-11-16T16:39:34.940`)
* [CVE-2023-47613](CVE-2023/CVE-2023-476xx/CVE-2023-47613.json) (`2023-11-16T16:39:43.860`)
* [CVE-2023-47489](CVE-2023/CVE-2023-474xx/CVE-2023-47489.json) (`2023-11-16T16:39:53.067`)
* [CVE-2023-47488](CVE-2023/CVE-2023-474xx/CVE-2023-47488.json) (`2023-11-16T16:42:19.467`)
* [CVE-2023-20902](CVE-2023/CVE-2023-209xx/CVE-2023-20902.json) (`2023-11-16T16:43:24.420`)
* [CVE-2023-37790](CVE-2023/CVE-2023-377xx/CVE-2023-37790.json) (`2023-11-16T16:44:00.420`)
* [CVE-2023-37533](CVE-2023/CVE-2023-375xx/CVE-2023-37533.json) (`2023-11-16T16:44:55.610`)
* [CVE-2023-5760](CVE-2023/CVE-2023-57xx/CVE-2023-5760.json) (`2023-11-16T16:48:28.453`)
## Download and Usage