admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-21T21:00:17.887493+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-21 21:00:21 +00:00
parent 07e384d07f
commit 62f95da7a5
64 changed files with 5711 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
CVE-2015/CVE-2015-40xx/CVE-2015-4036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-4036",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-08-31T20:59:01.653",
"lastModified": "2016-12-22T02:59:50.960",
"vulnStatus": "Modified",
"lastModified": "2023-11-21T19:15:17.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,8 +63,79 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.18.0",
"matchCriteriaId": "BDF86B9D-ABF3-4D78-B026-BA65BD2AB6CD"
"versionStartExcluding": "3.6",
"versionEndExcluding": "3.10.90",
"matchCriteriaId": "D3255027-0A48-43E5-9E50-89A18E256E98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.44",
"matchCriteriaId": "8D0C4C2A-444F-4959-BBA9-AEBD29C2CA7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.57",
"matchCriteriaId": "8A11EA50-ADF8-4F55-975C-C7DB23C9B455"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.35",
"matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.25",
"matchCriteriaId": "1CE06EBF-9588-4C87-A85F-8224C668D218"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.0",
"matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E7D72FF4-3906-4585-B39A-A9B194F53204"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B347F1-DB7C-4078-AED9-BF4906F0DEB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0FCBD80-8462-4642-B2F0-54896776CF07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42F72762-D825-4B81-93BB-5B7F54313F46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "41FDE042-F389-4580-BEBB-EBAB4F562477"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "329C7DD0-9CEA-4D15-B0FE-B3565EE53A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A6067C5D-29B3-4EE2-BDCA-3F204F25F1C0"
}
]
}
@ -74,46 +145,77 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/4",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/74664",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"URL Repurposed",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1033729",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2633-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2634-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189864",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/59c816c1f24df0204e01851431d3bab3eb76719c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

18
CVE-2018/CVE-2018-25xx/CVE-2018-2579.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2579",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:18.227",
"lastModified": "2022-05-13T14:57:21.947",
"lastModified": "2023-11-21T19:13:33.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102663",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-25xx/CVE-2018-2581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2581",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:18.320",
"lastModified": "2022-08-12T18:04:42.840",
"lastModified": "2023-11-21T19:13:17.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -94,8 +94,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -109,8 +109,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -284,14 +284,18 @@
"url": "http://www.securityfocus.com/bid/102636",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{

18
CVE-2018/CVE-2018-25xx/CVE-2018-2582.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2582",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:18.367",
"lastModified": "2022-05-13T14:57:21.977",
"lastModified": "2023-11-21T19:13:28.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -89,8 +89,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -249,6 +249,7 @@
"url": "http://www.securityfocus.com/bid/102597",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -257,6 +258,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-25xx/CVE-2018-2588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2588",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:18.600",
"lastModified": "2022-05-13T14:57:21.993",
"lastModified": "2023-11-21T19:13:22.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102661",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-25xx/CVE-2018-2599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2599",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:19.087",
"lastModified": "2022-05-13T14:57:22.020",
"lastModified": "2023-11-21T19:09:02.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102633",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

22
CVE-2018/CVE-2018-26xx/CVE-2018-2602.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2602",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:19.240",
"lastModified": "2022-05-13T14:57:22.050",
"lastModified": "2023-11-21T19:09:12.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -323,14 +323,16 @@
"url": "http://www.securityfocus.com/bid/102642",
"source": "secalert_us@oracle.com",
"tags": [
"VDB Entry",
"Third Party Advisory"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

22
CVE-2018/CVE-2018-26xx/CVE-2018-2603.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2603",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:19.287",
"lastModified": "2022-05-13T14:57:22.070",
"lastModified": "2023-11-21T19:08:46.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,14 +329,16 @@
"url": "http://www.securityfocus.com/bid/102625",
"source": "secalert_us@oracle.com",
"tags": [
"VDB Entry",
"Third Party Advisory"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2618.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2618",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:19.990",
"lastModified": "2022-05-13T14:57:22.087",
"lastModified": "2023-11-21T19:10:41.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102612",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2627.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2627",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.397",
"lastModified": "2022-08-12T18:04:36.307",
"lastModified": "2023-11-21T19:13:38.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,8 +89,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -264,14 +264,18 @@
"url": "http://www.securityfocus.com/bid/102584",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{

18
CVE-2018/CVE-2018-26xx/CVE-2018-2629.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2629",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.447",
"lastModified": "2022-05-13T14:57:22.113",
"lastModified": "2023-11-21T19:10:47.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102615",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2633.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2633",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.633",
"lastModified": "2022-05-13T14:57:22.137",
"lastModified": "2023-11-21T19:13:48.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -99,8 +99,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -119,8 +119,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
},
{
"vulnerable": true,
@ -329,6 +329,7 @@
"url": "http://www.securityfocus.com/bid/102557",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -337,6 +338,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

18
CVE-2018/CVE-2018-26xx/CVE-2018-2634.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-2634",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2018-01-18T02:29:20.680",
"lastModified": "2022-05-13T14:57:22.160",
"lastModified": "2023-11-21T19:13:43.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -94,8 +94,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063"
"criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F"
},
{
"vulnerable": true,
@ -109,8 +109,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678"
"criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978"
}
]
}
@ -314,6 +314,7 @@
"url": "http://www.securityfocus.com/bid/102592",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -322,6 +323,7 @@
"url": "http://www.securitytracker.com/id/1040203",
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

4
CVE-2021/CVE-2021-275xx/CVE-2021-27502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-27502",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T18:15:07.510",
"lastModified": "2023-11-21T18:15:07.510",
"vulnStatus": "Received",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-275xx/CVE-2021-27504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-27504",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T18:15:07.713",
"lastModified": "2023-11-21T18:15:07.713",
"vulnStatus": "Received",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2021/CVE-2021-318xx/CVE-2021-31852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31852",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-11-23T20:15:10.727",
"lastModified": "2023-11-07T03:35:08.797",
"vulnStatus": "Modified",
"lastModified": "2023-11-21T20:36:25.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10372",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

59
CVE-2021/CVE-2021-384xx/CVE-2021-38405.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-38405",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-21T19:15:07.647",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u00a0while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u00a0in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07",
"source": "ics-cert@hq.dhs.gov"
}
]
}

122
CVE-2022/CVE-2022-428xx/CVE-2022-42879.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-42879",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:13.530",
"lastModified": "2023-11-14T19:30:41.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:28:19.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La desreferencia del puntero NULL en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,88 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:graphics_driver:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "31.0.101.4255",
"matchCriteriaId": "769A78AA-5380-4FA8-9B1B-6BC93F54952B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D00BE1-565F-4E36-ABCB-7D6216D3C422"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DA34B3-3114-432A-9B81-B1E469BFBA35"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a530m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B10E0AF-31C4-4587-ABA0-E7F27A431D84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a550m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2A6623-160D-4712-91B4-7125C6F14587"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a570m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A65944-2A11-46D8-ABF0-1A62955D3FC2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ABFDBB-F30C-4AE2-98B1-90542F427085"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a730m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "926E5E32-39B2-4CAD-AB41-9652518B3D8A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92E63D9-B5E9-49F7-B96F-9C4BE6B8F41C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE38F333-3BA1-4C84-A311-5DFC90A0BEAA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a770m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7538E01D-C5F4-4D0E-92A6-7D8F1FB95907"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-00xx/CVE-2023-0001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0001",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-02-08T18:15:11.523",
"lastModified": "2023-11-10T15:15:07.930",
"vulnStatus": "Modified",
"lastModified": "2023-11-21T19:15:08.073",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -108,26 +108,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/10",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/2",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/3",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/5",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/10/1",
"source": "psirt@paloaltonetworks.com"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001",
"source": "psirt@paloaltonetworks.com",

43
CVE-2023/CVE-2023-202xx/CVE-2023-20208.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20208",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-21T19:15:08.567",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20265.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20265",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-21T19:15:08.747",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20272.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20272",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-21T19:15:08.920",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20274.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20274",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-21T19:15:09.087",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5",
"source": "ykramarz@cisco.com"
}
]
}

112
CVE-2023/CVE-2023-205xx/CVE-2023-20519.json
View File

@ -2,19 +2,119 @@
"id": "CVE-2023-20519",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-11-14T19:15:15.533",
"lastModified": "2023-11-14T19:30:36.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:27:42.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad Use-After-Free en la administraci\u00f3n de una p\u00e1gina contextual de invitado SNP puede permitir que un hipervisor malicioso se haga pasar por el agente de migraci\u00f3n del invitado, lo que resulta en una posible p\u00e9rdida de integridad del invitado."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
"source": "psirt@amd.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0.a",
"matchCriteriaId": "D04D59C4-B1F2-477B-A1B6-ADCA15925FC3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0.3",
"matchCriteriaId": "F21375AC-B510-4A7C-8382-D98710569550"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC5CF20-1E17-4F25-A186-5AFD1D0AC641"
}
]
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002",
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

1848
CVE-2023/CVE-2023-205xx/CVE-2023-20596.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2023/CVE-2023-225xx/CVE-2023-22516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22516",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-11-21T18:15:07.910",
"lastModified": "2023-11-21T18:15:07.910",
"vulnStatus": "Received",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-225xx/CVE-2023-22521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22521",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-11-21T18:15:08.070",
"lastModified": "2023-11-21T18:15:08.070",
"vulnStatus": "Received",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

81
CVE-2023/CVE-2023-262xx/CVE-2023-26222.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26222",
"sourceIdentifier": "security@tibco.com",
"published": "2023-11-14T20:15:07.517",
"lastModified": "2023-11-14T21:38:09.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:59:20.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.\n\n"
},
{
"lang": "es",
"value": "El componente Web Application de TIBCO Software Inc. TIBCO EBX y TIBCO Product and Service Catalog con tecnolog\u00eda TIBCO EBX contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con pocos privilegios y acceso a la red ejecutar un XSS almacenado en el sistema afectado. Los productos afectados son TIBCO EBX de TIBCO Software Inc.: versiones 5.9.22 y anteriores, versiones 6.0.13 y siguientes y TIBCO Product and Service Catalog con tecnolog\u00eda TIBCO EBX: versiones 5.0.0 y siguientes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@tibco.com",
"type": "Secondary",
@ -34,10 +58,57 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0.0",
"matchCriteriaId": "FBEE6A78-3EEB-46E0-9002-EFBC59852828"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.1",
"versionEndExcluding": "5.9.23",
"matchCriteriaId": "3B525D42-7A21-4A4C-AD00-D13256623927"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.14",
"matchCriteriaId": "E4217A0B-6B58-4C68-917D-58571CD8CB01"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-326xx/CVE-2023-32641.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32641",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:26.043",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:29:33.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware para Intel(R) QAT anterior a la versi\u00f3n QAT20.L.1.0.40-00004 puede permitir la escalada de privilegios y la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:quickassist_technology:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.0.40-00004",
"matchCriteriaId": "EAC4134A-7434-43C5-9694-5DD4639CE8FF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-326xx/CVE-2023-32662.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32662",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:26.987",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:41:02.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada en alg\u00fan software de instalaci\u00f3n de la herramienta Intel Battery Life Diagnostic Tool anterior a la versi\u00f3n 2.2.1 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "FD5E894A-220F-46C6-BF57-F2C1A5DADF3C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-327xx/CVE-2023-32701.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32701",
"sourceIdentifier": "secure@blackberry.com",
"published": "2023-11-14T19:15:27.163",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:56:58.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secure@blackberry.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@blackberry.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401",
"source": "secure@blackberry.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401",
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-338xx/CVE-2023-33872.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33872",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:27.343",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:57:06.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en la aplicaci\u00f3n Intel Support para Android en todas las versiones puede permitir que un usuario autenticado permita potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:support:*:*:*:*:*:android:*:*",
"matchCriteriaId": "5E92F6C3-54D5-47BE-8359-A3B79ADD5D91"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-340xx/CVE-2023-34060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34060",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-14T21:15:09.253",
"lastModified": "2023-11-16T16:15:30.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:59:44.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,100 @@
"value": "VMware Cloud Director Appliance contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en caso de que VMware Cloud Director Appliance se haya actualizado a 10.5 desde una versi\u00f3n anterior. En una versi\u00f3n actualizada de VMware Cloud Director Appliance 10.5, un actor malicioso con acceso de red al dispositivo puede eludir las restricciones de inicio de sesi\u00f3n al autenticarse en el puerto 22 (ssh) o el puerto 5480 (consola de administraci\u00f3n del dispositivo). Esta omisi\u00f3n no est\u00e1 presente en el puerto 443 (proveedor de VCD e inicio de sesi\u00f3n del inquilino). En una nueva instalaci\u00f3n de VMware Cloud Director Appliance 10.5, la omisi\u00f3n no est\u00e1 presente."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687",
"source": "security@vmware.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512",
"source": "security@vmware.com"
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143",
"source": "security@vmware.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html",
"source": "security@vmware.com"
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:cloud_director:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5",
"matchCriteriaId": "9A59ACB8-0B73-4E23-A36E-552DEC6DDB01"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:vmware:photon_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89F14E0F-78B4-4EBE-89E5-AC9C10C586C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-340xx/CVE-2023-34062.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34062",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-15T10:15:07.277",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:11:45.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.\n\n\n"
},
{
"lang": "es",
"value": "En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, un usuario malintencionado puede enviar una solicitud utilizando una URL especialmente manipulada que puede provocar un ataque Directory Traversal. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si el servidor HTTP Reactor Netty est\u00e1 configurado para servir recursos est\u00e1ticos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +58,51 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://spring.io/security/cve-2023-34062",
"source": "security@vmware.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.0.39",
"matchCriteriaId": "4510B84A-88E7-49FB-96C3-9EC35F850DE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.1.13",
"matchCriteriaId": "6C4793FB-0D8F-4B59-A9A7-22CFCA249735"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34062",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-343xx/CVE-2023-34314.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34314",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:27.887",
"lastModified": "2023-11-14T19:30:24.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:57:15.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos heredados inseguros en algunos software Intel(R) Simics Simulator anteriores a la versi\u00f3n 1.7.2 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:simics_simulator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2",
"matchCriteriaId": "5E9C9600-4553-4F50-BEB5-6FBB95D1686D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-343xx/CVE-2023-34350.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34350",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:28.063",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:57:25.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El elemento de ruta de b\u00fasqueda no controlado en algunos software Intel(R) XTU anteriores a la versi\u00f3n 7.12.0.15 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.12.0.15",
"matchCriteriaId": "70124C21-7455-4C06-BD72-75FD8C77B9EB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-344xx/CVE-2023-34430.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34430",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:28.240",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:57:33.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada en algunos software Intel Battery Life Diagnostic Tool anterior a la versi\u00f3n 2.2.1 puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "FD5E894A-220F-46C6-BF57-F2C1A5DADF3C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-349xx/CVE-2023-34997.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34997",
"sourceIdentifier": "secure@intel.com",
"published": "2023-11-14T19:15:28.590",
"lastModified": "2023-11-14T19:30:20.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:57:40.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos heredados inseguros en el instalador de algunos software de Intel Server Configuration Utility anteriores a la versi\u00f3n 16.0.9 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_configuration_utility:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.9",
"matchCriteriaId": "BE9882BF-1158-4A70-9B10-C2F15FD95591"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-360xx/CVE-2023-36007.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36007",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T21:15:09.633",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:12:40.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Microsoft env\u00eda una encuesta de voz del cliente desde la vulnerabilidad de suplantaci\u00f3n de identidad de Dynamics 365"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36007",
"source": "secure@microsoft.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:send_customer_voice_survey_from_dynamics_365:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.0.8",
"matchCriteriaId": "92BF08E3-A27C-4A6B-A8E7-AEED3452A9AB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36007",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

681
CVE-2023/CVE-2023-360xx/CVE-2023-36049.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36049",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T21:15:10.083",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:25:39.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en .NET, .NET Framework y Visual Studio"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,657 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049",
"source": "secure@microsoft.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B0301BA0-81DB-4FC1-9BC3-EB48A56BC608"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "8E3C1327-F331-4448-A253-00EAC7428317"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*",
"matchCriteriaId": "EDCDBC70-9AB7-47F3-BD61-28860EEE5065"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.25",
"matchCriteriaId": "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "73A23066-A84B-4E76-B0ED-63BA1A9C1263"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.22",
"matchCriteriaId": "9EABB880-0CBA-45CD-A197-CB1EE1710061"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4",
"versionEndExcluding": "17.4.14",
"matchCriteriaId": "BCC513DB-075E-4D09-B289-902F3C16BFB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.10",
"matchCriteriaId": "56738F2F-8802-4ADB-AC7C-9BAD67626C75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.7",
"versionEndExcluding": "17.7.7",
"matchCriteriaId": "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-364xx/CVE-2023-36437.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36437",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T21:15:10.667",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:00:37.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor Azure DevOps"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437",
"source": "secure@microsoft.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_pipelines_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.39.1",
"matchCriteriaId": "37D0BC79-E23A-4982-8A7A-F292F79A3621"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

133
CVE-2023/CVE-2023-365xx/CVE-2023-36558.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36558",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T22:15:29.323",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:01:19.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ASP.NET Core - Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de funciones de seguridad en ASP.NET Core"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,109 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558",
"source": "secure@microsoft.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.25",
"matchCriteriaId": "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "73A23066-A84B-4E76-B0ED-63BA1A9C1263"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.25",
"matchCriteriaId": "C29B573F-A45D-440B-913F-27AB0A46BCA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "E923109F-46CA-4581-933D-D65C83D72390"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "81F3914E-4A24-4434-8487-31F45948BE86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.2",
"versionEndExcluding": "17.2.22",
"matchCriteriaId": "9EABB880-0CBA-45CD-A197-CB1EE1710061"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4",
"versionEndExcluding": "17.4.14",
"matchCriteriaId": "BCC513DB-075E-4D09-B289-902F3C16BFB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.10",
"matchCriteriaId": "56738F2F-8802-4ADB-AC7C-9BAD67626C75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.7",
"versionEndExcluding": "17.7.7",
"matchCriteriaId": "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-415xx/CVE-2023-41570.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-41570",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T23:15:09.270",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:13:07.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MikroTik RouterOS v7.1 a 7.11 conten\u00eda mecanismos de control de acceso incorrectos para la API Rest."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"versionStartIncluding": "7.1",
"versionEndExcluding": "7.12",
"matchCriteriaId": "3E9E61C3-F25A-43A2-AA35-A495453C2670"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-456xx/CVE-2023-45614.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45614",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:09.313",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:41:44.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-456xx/CVE-2023-45615.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45615",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:09.487",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:53:21.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-456xx/CVE-2023-45625.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45625",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:11.243",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:51:31.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-456xx/CVE-2023-45626.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45626",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:11.410",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:58:43.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad autenticada que permite a un atacante establecer de manera efectiva la ejecuci\u00f3n de c\u00f3digo arbitrario persistente y altamente privilegiado a lo largo de los ciclos de arranque."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-456xx/CVE-2023-45627.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45627",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:11.573",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:00:49.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) autenticada en CLI Service. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +58,71 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndExcluding": "10.4.0.3",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndExcluding": "8.6.0.23",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndExcluding": "8.10.0.9",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0.0",
"versionEndExcluding": "8.11.2.0",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt",
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-473xx/CVE-2023-47308.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-47308",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T01:15:07.810",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:14:36.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Newsletter Popup PRO with Voucher/Coupon code\" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"Newsletter Popup PRO con c\u00f3digo de Bono/Cup\u00f3n\" (newsletterpop) anterior a la versi\u00f3n 2.6.1 de Active Design para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas. El m\u00e9todo `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activedesign:newsletterpop:*:*:*:*:*:prestashop:*:*",
"versionStartIncluding": "2.3.1",
"versionEndIncluding": "2.4.53",
"matchCriteriaId": "9BABF95F-992D-4F6C-9537-5CAA2475C80C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activedesign:newsletterpop:*:*:*:*:*:prestashop:*:*",
"versionStartIncluding": "2.5.2",
"versionEndExcluding": "2.6.1",
"matchCriteriaId": "6A49ABA7-DD7E-4CEB-A72E-6357AA52A441"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-473xx/CVE-2023-47309.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-47309",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T01:15:07.860",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:47:36.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile."
},
{
"lang": "es",
"value": "Nukium nkmgls anterior a la versi\u00f3n 3.0.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/14/nkmgls.html",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nukium:gls:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "06E23F44-AC35-4740-9CE4-E7D50AE87AF3"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/14/nkmgls.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-473xx/CVE-2023-47384.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47384",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T20:15:08.417",
"lastModified": "2023-11-14T21:38:09.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:58:59.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master conten\u00eda una p\u00e9rdida de memoria en la funci\u00f3n gf_isom_add_chapter en /isomedia/isom_write.c. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de un archivo MP4 manipulado."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/gpac/gpac/issues/2672",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*",
"matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/issues/2672",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-475xx/CVE-2023-47580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47580",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.030",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:36:59.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,87 @@
"value": "Existen m\u00faltiples problemas de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en TELLUS V4.0.17.0 y anteriores y TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56"
}
]
}
]
}
],
"references": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-475xx/CVE-2023-47581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47581",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.080",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:17:19.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,87 @@
"value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56"
}
]
}
]
}
],
"references": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-475xx/CVE-2023-47582.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47582",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.127",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:23:46.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,87 @@
"value": "El acceso a la vulnerabilidad de puntero no inicializado existe en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.17.0",
"matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56"
}
]
}
]
}
],
"references": [
{
"url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/vu/JVNVU93840158/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-476xx/CVE-2023-47628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T01:15:08.137",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:10:25.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.1",
"matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-476xx/CVE-2023-47643.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-47643",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T20:15:07.270",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM-Core/commit/117dd8172793a239f71c91222606bf00677eeb33",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/salesagility/SuiteCRM-Core/security/advisories/GHSA-fxww-jqfv-9rrr",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/",
"source": "security-advisories@github.com"
}
]
}

99
CVE-2023/CVE-2023-476xx/CVE-2023-47678.json
View File

@ -2,27 +2,104 @@
"id": "CVE-2023-47678",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T02:15:06.800",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:44:06.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del RT-AC87U. Un atacante puede leer o escribir archivos a los que no est\u00e1 previsto acceder conect\u00e1ndose a un dispositivo de destino a trav\u00e9s de tftp."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://jvn.jp/en/vu/JVNVU96079387/",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
{
"url": "https://www.asus.com/event/network/EOL-product/",
"source": "vultures@jpcert.or.jp"
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"url": "https://www.asus.com/support/",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE7F61F-6CEB-4EFA-A534-3A42F75CEACF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU96079387/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.asus.com/event/network/EOL-product/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://www.asus.com/support/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
]
}
]
}

75
CVE-2023/CVE-2023-482xx/CVE-2023-48226.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-48226",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-21T20:15:07.543",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://bugcrowd.com/vulnerability-rating-taxonomy",
"source": "security-advisories@github.com"
},
{
"url": "https://capec.mitre.org/data/definitions/242.html",
"source": "security-advisories@github.com"
},
{
"url": "https://cwe.mitre.org/data/definitions/20.html",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/openreplay/openreplay/blob/main/api/chalicelib/utils/html/invitation.html#L421",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/openreplay/openreplay/security/advisories/GHSA-xpfv-454c-3fj4",
"source": "security-advisories@github.com"
}
]
}

72
CVE-2023/CVE-2023-48xx/CVE-2023-4889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4889",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-15T07:15:14.580",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:28:48.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve",
"source": "security@wordfence.com"
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.7.8",
"matchCriteriaId": "162978C6-2C74-4ADC-981E-8955A387654F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5055",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-11-21T18:15:09.023",
"lastModified": "2023-11-21T18:15:09.023",
"vulnStatus": "Received",
"lastModified": "2023-11-21T20:31:33.013",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

82
CVE-2023/CVE-2023-51xx/CVE-2023-5189.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5189",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-14T23:15:12.290",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:05:17.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en Ansible al extraer archivos comprimidos. Un atacante podr\u00eda crear un tarball malicioso para que, al utilizar el importador galaxy de Ansible Automation Hub, se pueda colocar un enlace simb\u00f3lico en el disco, lo que provocar\u00eda la sobrescritura de los archivos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,56 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5189",
"source": "secalert@redhat.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387",
"source": "secalert@redhat.com"
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5189",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-59xx/CVE-2023-5984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5984",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.043",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T19:31:38.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -50,10 +70,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf",
"source": "cybersecurity@se.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F157E99-370C-46CD-BB4F-88BC5B55E8B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1936E11C-833A-4E02-A0F9-D53E12FB88D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf",
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-59xx/CVE-2023-5985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5985",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.290",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T20:08:25.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -50,10 +70,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf",
"source": "cybersecurity@se.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F157E99-370C-46CD-BB4F-88BC5B55E8B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1936E11C-833A-4E02-A0F9-D53E12FB88D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf",
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-21T19:00:18.107652+00:00
2023-11-21T21:00:17.887493+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-21T18:50:21.977000+00:00
2023-11-21T20:53:21.610000+00:00
```
### Last Data Feed Release
@ -29,49 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231224
231231
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `7`
* [CVE-2021-27502](CVE-2021/CVE-2021-275xx/CVE-2021-27502.json) (`2023-11-21T18:15:07.510`)
* [CVE-2021-27504](CVE-2021/CVE-2021-275xx/CVE-2021-27504.json) (`2023-11-21T18:15:07.713`)
* [CVE-2023-22516](CVE-2023/CVE-2023-225xx/CVE-2023-22516.json) (`2023-11-21T18:15:07.910`)
* [CVE-2023-22521](CVE-2023/CVE-2023-225xx/CVE-2023-22521.json) (`2023-11-21T18:15:08.070`)
* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-11-21T18:15:09.023`)
* [CVE-2021-38405](CVE-2021/CVE-2021-384xx/CVE-2021-38405.json) (`2023-11-21T19:15:07.647`)
* [CVE-2023-20208](CVE-2023/CVE-2023-202xx/CVE-2023-20208.json) (`2023-11-21T19:15:08.567`)
* [CVE-2023-20265](CVE-2023/CVE-2023-202xx/CVE-2023-20265.json) (`2023-11-21T19:15:08.747`)
* [CVE-2023-20272](CVE-2023/CVE-2023-202xx/CVE-2023-20272.json) (`2023-11-21T19:15:08.920`)
* [CVE-2023-20274](CVE-2023/CVE-2023-202xx/CVE-2023-20274.json) (`2023-11-21T19:15:09.087`)
* [CVE-2023-47643](CVE-2023/CVE-2023-476xx/CVE-2023-47643.json) (`2023-11-21T20:15:07.270`)
* [CVE-2023-48226](CVE-2023/CVE-2023-482xx/CVE-2023-48226.json) (`2023-11-21T20:15:07.543`)
### CVEs modified in the last Commit
Recently modified CVEs: `36`
Recently modified CVEs: `56`
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-21T17:15:07.663`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-21T17:15:07.763`)
* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-11-21T17:15:07.873`)
* [CVE-2023-4147](CVE-2023/CVE-2023-41xx/CVE-2023-4147.json) (`2023-11-21T17:15:08.033`)
* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-21T17:15:08.180`)
* [CVE-2023-28376](CVE-2023/CVE-2023-283xx/CVE-2023-28376.json) (`2023-11-21T17:41:53.923`)
* [CVE-2023-31203](CVE-2023/CVE-2023-312xx/CVE-2023-31203.json) (`2023-11-21T17:54:07.040`)
* [CVE-2023-32279](CVE-2023/CVE-2023-322xx/CVE-2023-32279.json) (`2023-11-21T17:54:26.863`)
* [CVE-2023-32283](CVE-2023/CVE-2023-322xx/CVE-2023-32283.json) (`2023-11-21T17:54:43.380`)
* [CVE-2023-32638](CVE-2023/CVE-2023-326xx/CVE-2023-32638.json) (`2023-11-21T17:54:57.823`)
* [CVE-2023-3961](CVE-2023/CVE-2023-39xx/CVE-2023-3961.json) (`2023-11-21T18:15:08.227`)
* [CVE-2023-42669](CVE-2023/CVE-2023-426xx/CVE-2023-42669.json) (`2023-11-21T18:15:08.343`)
* [CVE-2023-45161](CVE-2023/CVE-2023-451xx/CVE-2023-45161.json) (`2023-11-21T18:15:08.443`)
* [CVE-2023-45163](CVE-2023/CVE-2023-451xx/CVE-2023-45163.json) (`2023-11-21T18:15:08.543`)
* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-21T18:15:08.623`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-11-21T18:15:08.727`)
* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-11-21T18:15:08.873`)
* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-21T18:15:09.220`)
* [CVE-2023-5380](CVE-2023/CVE-2023-53xx/CVE-2023-5380.json) (`2023-11-21T18:15:09.313`)
* [CVE-2023-5964](CVE-2023/CVE-2023-59xx/CVE-2023-5964.json) (`2023-11-21T18:15:09.550`)
* [CVE-2023-36018](CVE-2023/CVE-2023-360xx/CVE-2023-36018.json) (`2023-11-21T18:15:33.700`)
* [CVE-2023-29504](CVE-2023/CVE-2023-295xx/CVE-2023-29504.json) (`2023-11-21T18:34:22.367`)
* [CVE-2023-38411](CVE-2023/CVE-2023-384xx/CVE-2023-38411.json) (`2023-11-21T18:44:14.920`)
* [CVE-2023-29177](CVE-2023/CVE-2023-291xx/CVE-2023-29177.json) (`2023-11-21T18:47:17.137`)
* [CVE-2023-39230](CVE-2023/CVE-2023-392xx/CVE-2023-39230.json) (`2023-11-21T18:50:21.977`)
* [CVE-2023-34997](CVE-2023/CVE-2023-349xx/CVE-2023-34997.json) (`2023-11-21T19:57:40.767`)
* [CVE-2023-45626](CVE-2023/CVE-2023-456xx/CVE-2023-45626.json) (`2023-11-21T19:58:43.770`)
* [CVE-2023-47384](CVE-2023/CVE-2023-473xx/CVE-2023-47384.json) (`2023-11-21T19:58:59.553`)
* [CVE-2023-26222](CVE-2023/CVE-2023-262xx/CVE-2023-26222.json) (`2023-11-21T19:59:20.710`)
* [CVE-2023-34060](CVE-2023/CVE-2023-340xx/CVE-2023-34060.json) (`2023-11-21T19:59:44.507`)
* [CVE-2023-36437](CVE-2023/CVE-2023-364xx/CVE-2023-36437.json) (`2023-11-21T20:00:37.933`)
* [CVE-2023-45627](CVE-2023/CVE-2023-456xx/CVE-2023-45627.json) (`2023-11-21T20:00:49.907`)
* [CVE-2023-36558](CVE-2023/CVE-2023-365xx/CVE-2023-36558.json) (`2023-11-21T20:01:19.307`)
* [CVE-2023-5189](CVE-2023/CVE-2023-51xx/CVE-2023-5189.json) (`2023-11-21T20:05:17.837`)
* [CVE-2023-5985](CVE-2023/CVE-2023-59xx/CVE-2023-5985.json) (`2023-11-21T20:08:25.323`)
* [CVE-2023-34062](CVE-2023/CVE-2023-340xx/CVE-2023-34062.json) (`2023-11-21T20:11:45.330`)
* [CVE-2023-41570](CVE-2023/CVE-2023-415xx/CVE-2023-41570.json) (`2023-11-21T20:13:07.453`)
* [CVE-2023-47308](CVE-2023/CVE-2023-473xx/CVE-2023-47308.json) (`2023-11-21T20:14:36.287`)
* [CVE-2023-47581](CVE-2023/CVE-2023-475xx/CVE-2023-47581.json) (`2023-11-21T20:17:19.600`)
* [CVE-2023-47582](CVE-2023/CVE-2023-475xx/CVE-2023-47582.json) (`2023-11-21T20:23:46.320`)
* [CVE-2023-20519](CVE-2023/CVE-2023-205xx/CVE-2023-20519.json) (`2023-11-21T20:27:42.837`)
* [CVE-2023-20596](CVE-2023/CVE-2023-205xx/CVE-2023-20596.json) (`2023-11-21T20:28:27.040`)
* [CVE-2023-4889](CVE-2023/CVE-2023-48xx/CVE-2023-4889.json) (`2023-11-21T20:28:48.533`)
* [CVE-2023-32641](CVE-2023/CVE-2023-326xx/CVE-2023-32641.json) (`2023-11-21T20:29:33.007`)
* [CVE-2023-22516](CVE-2023/CVE-2023-225xx/CVE-2023-22516.json) (`2023-11-21T20:31:33.013`)
* [CVE-2023-22521](CVE-2023/CVE-2023-225xx/CVE-2023-22521.json) (`2023-11-21T20:31:33.013`)
* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-11-21T20:31:33.013`)
* [CVE-2023-47580](CVE-2023/CVE-2023-475xx/CVE-2023-47580.json) (`2023-11-21T20:36:59.427`)
* [CVE-2023-45614](CVE-2023/CVE-2023-456xx/CVE-2023-45614.json) (`2023-11-21T20:41:44.020`)
* [CVE-2023-45615](CVE-2023/CVE-2023-456xx/CVE-2023-45615.json) (`2023-11-21T20:53:21.610`)
## Download and Usage