admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-04T15:01:03.255397+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-04 15:01:07 +00:00
parent 838f4ba39e
commit 6ad917f647
63 changed files with 1314 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
CVE-2022/CVE-2022-458xx/CVE-2022-45886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45886",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-25T04:15:09.273",
"lastModified": "2023-11-07T03:54:56.727",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:52:26.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -64,8 +64,44 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.9",
"matchCriteriaId": "EC099292-5E69-436B-BEC2-5835D46BE6AE"
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "4.19.285",
"matchCriteriaId": "44905DAB-8B5E-4130-B672-07A06C3C4CBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.246",
"matchCriteriaId": "50FC398B-A69A-4845-8676-B189EFD52DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.183",
"matchCriteriaId": "465F6811-5040-44C7-B81C-6467647C1133"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.116",
"matchCriteriaId": "D22A8AFD-08A1-4B25-848B-7112A7444242"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.33",
"matchCriteriaId": "B443970D-73AA-4C9A-9338-25D38130D285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.3.7",
"matchCriteriaId": "EA5A4CD8-7A29-4730-A91A-A85F7B206C8E"
}
]
}
@ -210,11 +246,21 @@
"references": [
{
"url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"URL Repurposed"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230113-0006/",

56
CVE-2023/CVE-2023-12xx/CVE-2023-1295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1295",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T12:15:09.340",
"lastModified": "2023-07-31T19:15:15.733",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:52:07.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -87,8 +87,50 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndIncluding": "5.11",
"matchCriteriaId": "055F7F75-916F-4FA1-802C-44AF9E1D1264"
"versionEndExcluding": "5.10.162",
"matchCriteriaId": "EDBE9988-4B34-4FF5-8D4F-8BAD2A0F7D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.6",
"matchCriteriaId": "EF0D3E9B-CA93-4B02-86F4-AE081E0D30AD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -133,7 +175,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0006/",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-322xx/CVE-2023-32247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32247",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:11.470",
"lastModified": "2023-11-07T04:14:29.590",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:55:19.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -90,8 +90,53 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.9",
"matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D"
"versionStartIncluding": "5.15",
"versionEndIncluding": "6.1.29",
"matchCriteriaId": "2B654D6F-58B7-4F0A-AA17-3D2366073718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.16",
"matchCriteriaId": "F92F7C8E-A977-4255-B1B6-D1908D8B408F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -117,7 +162,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/",

74
CVE-2023/CVE-2023-322xx/CVE-2023-32248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32248",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:11.543",
"lastModified": "2023-11-07T04:14:29.743",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:54:50.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -90,8 +90,65 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.9",
"matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D"
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.111",
"matchCriteriaId": "73004160-CAB6-4206-935F-05BE8E8F3904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.28",
"matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.15",
"matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -117,7 +174,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0006/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/",

172
CVE-2023/CVE-2023-322xx/CVE-2023-32252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32252",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:11.610",
"lastModified": "2023-11-07T04:14:30.290",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:53:38.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 3.6
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -86,8 +86,158 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.9",
"matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D"
"versionStartIncluding": "5.15",
"versionEndExcluding": "6.1.29",
"matchCriteriaId": "7E233AD0-DABB-4668-93A7-DD0909B16CB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.16",
"matchCriteriaId": "F92F7C8E-A977-4255-B1B6-D1908D8B408F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
@ -99,7 +249,8 @@
"url": "https://access.redhat.com/security/cve/CVE-2023-32252",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
},
{
@ -111,6 +262,13 @@
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0001/",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/",
"source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-325xx/CVE-2023-32558.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32558",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-12T02:15:12.067",
"lastModified": "2023-09-15T17:12:58.390",
"lastModified": "2023-12-04T14:57:36.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "El uso de la API obsoleta `process.binding()` puede omitir el modelo de permiso a trav\u00e9s del Path Traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permisos experimental en Node.js 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {
@ -57,8 +61,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndIncluding": "20.6.1",
"matchCriteriaId": "8FFDCDFB-D221-4F5A-BEC6-C3A6F2F5A5F3"
"versionEndExcluding": "20.5.1",
"matchCriteriaId": "1B1EE318-9E7D-4AF1-9FB5-245C9F8BBBE0"
}
]
}

4
CVE-2023/CVE-2023-328xx/CVE-2023-32804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32804",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-12-04T12:15:07.570",
"lastModified": "2023-12-04T12:15:07.570",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-328xx/CVE-2023-32841.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32841",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.347",
"lastModified": "2023-12-04T04:15:07.347",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01128524 (MSV-846)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32842",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.417",
"lastModified": "2023-12-04T04:15:07.417",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01130256; ID del problema: MOLY01130256 (MSV-848)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32843.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32843",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.463",
"lastModified": "2023-12-04T04:15:07.463",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01130204; ID del problema: MOLY01130204 (MSV-849)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32844.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32844",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.510",
"lastModified": "2023-12-04T04:15:07.510",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01130183 (MSV-850)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32845.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32845",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.567",
"lastModified": "2023-12-04T04:15:07.567",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01139296 (MSV-860)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32846.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32846",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.613",
"lastModified": "2023-12-04T04:15:07.613",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861)."
},
{
"lang": "es",
"value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01138453 (MSV-861)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32847.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32847",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.663",
"lastModified": "2023-12-04T04:15:07.663",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:45.253",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940."
},
{
"lang": "es",
"value": "En audio, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08241940; ID del problema: ALPS08241940."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32848.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32848",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.710",
"lastModified": "2023-12-04T04:15:07.710",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896."
},
{
"lang": "es",
"value": "En vdec, existe una posible escritura fuera de los l\u00edmites debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08163896; ID del problema: ALPS08163896."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32849.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32849",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.757",
"lastModified": "2023-12-04T04:15:07.757",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758."
},
{
"lang": "es",
"value": "En cmdq, existe una posible escritura fuera de los l\u00edmites debido a una confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08161758; ID del problema: ALPS08161758."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32850.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32850",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.807",
"lastModified": "2023-12-04T04:15:07.807",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659."
},
{
"lang": "es",
"value": "En decoder, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08016659; ID del problema: ALPS08016659."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32851.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32851",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.857",
"lastModified": "2023-12-04T04:15:07.857",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652."
},
{
"lang": "es",
"value": "En decoder, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08016652; ID del problema: ALPS08016652."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32852.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32852",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.907",
"lastModified": "2023-12-04T04:15:07.907",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971."
},
{
"lang": "es",
"value": "En cameraisp, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una validaci\u00f3n inadecuada del ingreso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07670971; ID del problema: ALPS07670971."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32853.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32853",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:07.950",
"lastModified": "2023-12-04T04:15:07.950",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764."
},
{
"lang": "es",
"value": "En rpmb, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07648764; ID del problema: ALPS07648764."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32854.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32854",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.000",
"lastModified": "2023-12-04T04:15:08.000",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132."
},
{
"lang": "es",
"value": "En ril, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08240132; ID del problema: ALPS08240132."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32855",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.043",
"lastModified": "2023-12-04T04:15:08.043",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204."
},
{
"lang": "es",
"value": "En aee, existe una posible escalada de privilegios debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07909204; ID del problema: ALPS07909204."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32856.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32856",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.093",
"lastModified": "2023-12-04T04:15:08.093",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705."
},
{
"lang": "es",
"value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de estado incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993705; ID del problema: ALPS07993705."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32857.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32857",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.140",
"lastModified": "2023-12-04T04:15:08.140",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710."
},
{
"lang": "es",
"value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de estado incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993705; ID del problema: ALPS07993710."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32858",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.190",
"lastModified": "2023-12-04T04:15:08.190",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008."
},
{
"lang": "es",
"value": "En GZ existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de eliminaci\u00f3n de datos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07806008; ID del problema: ALPS07806008."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32859",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.240",
"lastModified": "2023-12-04T04:15:08.240",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473."
},
{
"lang": "es",
"value": "En meta, existe un posible desbordamiento del b\u00fafer cl\u00e1sico debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08000473; ID del problema: ALPS08000473."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32860",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.300",
"lastModified": "2023-12-04T04:15:08.300",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788."
},
{
"lang": "es",
"value": "En display, hay un posible desbordamiento del b\u00fafer cl\u00e1sico debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07929788; ID del problema: ALPS07929788."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32861",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.353",
"lastModified": "2023-12-04T04:15:08.353",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081."
},
{
"lang": "es",
"value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08059081; ID del problema: ALPS08059081."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32862.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32862",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.397",
"lastModified": "2023-12-04T04:15:08.397",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762."
},
{
"lang": "es",
"value": "En la pantalla, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07388762; ID del problema: ALPS07388762."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32863.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32863",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.440",
"lastModified": "2023-12-04T04:15:08.440",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314."
},
{
"lang": "es",
"value": "En display drm, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07326314; ID del problema: ALPS07326314."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32864",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.487",
"lastModified": "2023-12-04T04:15:08.487",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187."
},
{
"lang": "es",
"value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07292187; ID del problema: ALPS07292187."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32865.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32865",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.533",
"lastModified": "2023-12-04T04:15:08.533",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456."
},
{
"lang": "es",
"value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363456; ID del problema: ALPS07363456."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32866",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.577",
"lastModified": "2023-12-04T04:15:08.577",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152."
},
{
"lang": "es",
"value": "En mmp, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07342152; ID del problema: ALPS07342152."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32867.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32867",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.623",
"lastModified": "2023-12-04T04:15:08.623",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:50:38.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793."
},
{
"lang": "es",
"value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07560793; ID del problema: ALPS07560793."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32868.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32868",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.673",
"lastModified": "2023-12-04T04:15:08.673",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632."
},
{
"lang": "es",
"value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363632; ID del problema: ALPS07363632."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32869.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32869",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.717",
"lastModified": "2023-12-04T04:15:08.717",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689."
},
{
"lang": "es",
"value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363632; ID del problema: ALPS07363689."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-328xx/CVE-2023-32870.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32870",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-12-04T04:15:08.760",
"lastModified": "2023-12-04T04:15:08.760",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740."
},
{
"lang": "es",
"value": "En display drm, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363740; ID del problema: ALPS07363740."
}
],
"metrics": {},

74
CVE-2023/CVE-2023-358xx/CVE-2023-35826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-18T22:15:09.330",
"lastModified": "2023-11-07T04:15:59.710",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:52:10.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,58 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "6.1.28",
"matchCriteriaId": "BFFE4B65-8E1D-4307-9B84-330D5C2B3EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.15",
"matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "86A4A377-C6B0-4E94-8486-019155A51116"
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -86,15 +136,27 @@
},
{
"url": "https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a%40xs4all.nl/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lore.kernel.org/linux-arm-kernel/20230308032333.1893394-1-zyytlz.wz%40163.com/T/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

109
CVE-2023/CVE-2023-358xx/CVE-2023-35828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-18T22:15:09.417",
"lastModified": "2023-11-07T04:16:01.970",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T14:53:50.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,86 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19",
"versionEndExcluding": "4.19.283",
"matchCriteriaId": "E9AD7AA8-ABE6-4255-91B3-D994EC47281F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.243",
"matchCriteriaId": "E54ACEF5-C8C1-4266-85FC-7D513FFD1DEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.180",
"matchCriteriaId": "78422AC3-CC89-479E-B4BC-62381D8F3564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.111",
"matchCriteriaId": "2B9DD776-7F17-4F72-B94F-54BFCBC692DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.28",
"matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.15",
"matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "86A4A377-C6B0-4E94-8486-019155A51116"
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -86,19 +164,36 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lore.kernel.org/all/20230327121700.52d881e0%40canb.auug.org.au/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA%40mail.gmail.com/T/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

20
CVE-2023/CVE-2023-416xx/CVE-2023-41613.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41613",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T14:15:07.457",
"lastModified": "2023-12-04T14:15:07.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EzViz Studio v2.2.0 is vulnerable to DLL hijacking."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/175684/EzViz-Studio-2.2.0-DLL-Hijacking.html",
"source": "cve@mitre.org"
}
]
}

62
CVE-2023/CVE-2023-419xx/CVE-2023-41999.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41999",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-27T17:15:07.980",
"lastModified": "2023-11-27T19:03:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T14:41:44.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication."
},
{
"lang": "es",
"value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Arcserve UDP antes de la versi\u00f3n 9.2. Un atacante remoto no autenticado puede obtener un identificador de autenticaci\u00f3n v\u00e1lido que le permita autenticarse en la consola de administraci\u00f3n y realizar tareas que requieran autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2",
"matchCriteriaId": "DD913BA7-A48E-4406-93FB-4BD86BCD519E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-37",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-420xx/CVE-2023-42000.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42000",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-27T17:15:08.160",
"lastModified": "2023-11-27T19:03:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T14:42:39.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed."
},
{
"lang": "es",
"value": "Arcserve UDP anterior a 9.2 contiene una vulnerabilidad de Path Traversal en com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Un atacante remoto no autenticado puede aprovecharlo para cargar archivos arbitrarios en cualquier ubicaci\u00f3n del sistema de archivos donde est\u00e9 instalado el agente UDP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2",
"matchCriteriaId": "DD913BA7-A48E-4406-93FB-4BD86BCD519E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-37",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-42xx/CVE-2023-4220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4220",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:07.137",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T14:53:57.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,18 +84,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.24",
"matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4220",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-442xx/CVE-2023-44291.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44291",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:35.623",
"lastModified": "2023-12-04T09:15:35.623",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 contains an OS command injection vulnerability in PPOE component. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el componente PPOE. Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema operativo subyacente, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede llevar a que un atacante se apodere del sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44300",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:35.993",
"lastModified": "2023-12-04T09:15:35.993",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de almacenamiento de contrase\u00f1as de texto plano en PPOE. Un atacante local con privilegios podr\u00eda explotar esta vulnerabilidad, lo que dar\u00eda lugar a la divulgaci\u00f3n de determinadas credenciales de usuario. Es posible que el atacante pueda utilizar las credenciales expuestas para acceder a la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44301.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44301",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.213",
"lastModified": "2023-12-04T09:15:36.213",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de cross-site scripting reflejada. Un atacante de red con privilegios bajos podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de c\u00f3digo HTML o JavaScript malicioso en el navegador web de un usuario v\u00edctima en el contexto de la aplicaci\u00f3n web vulnerable. La explotaci\u00f3n puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n, el robo de sesiones o la falsificaci\u00f3n de solicitudes por parte del cliente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44302.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44302",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.417",
"lastModified": "2023-12-04T09:15:36.417",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de autenticaci\u00f3n incorrecta. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para obtener acceso a recursos o funcionalidades que podr\u00edan conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44304.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44304",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.633",
"lastModified": "2023-12-04T09:15:36.633",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 contains a privilege escalation vulnerability in PPOE Component. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 contiene una vulnerabilidad de escalada de privilegios en el componente PPOE. Un atacante remoto con privilegios bajos podr\u00eda explotar esta vulnerabilidad para escapar del shell restringido y obtener acceso ra\u00edz al dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44305.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44305",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:36.833",
"lastModified": "2023-12-04T09:15:36.833",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in PPOE. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input dat\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de desbordamiento del b\u00fafer basada en pila en PPOE. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para bloquear el proceso afectado o ejecutar c\u00f3digo arbitrario en el sistema enviando datos de entrada especialmente manipulados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44306.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44306",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-04T09:15:37.043",
"lastModified": "2023-12-04T09:15:37.043",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell DM5500 contains a path traversal vulnerability in PPOE Component. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite the files stored on the server filesystem.\n\n"
},
{
"lang": "es",
"value": "Dell DM5500 contiene una vulnerabilidad de path traversal en el componente PPOE. Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad para sobrescribir los archivos almacenados en el sistema de archivos del servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-472xx/CVE-2023-47272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47272",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-06T00:15:09.380",
"lastModified": "2023-11-15T05:15:10.290",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T13:15:07.500",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -129,6 +129,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4F4DUA3Q46ZVB2RD7BFP4XMNS4RYFFQ/",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5572",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-487xx/CVE-2023-48799.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48799",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T13:15:07.657",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution."
}
],
"metrics": {},
"references": [
{
"url": "https://palm-jump-676.notion.site/CVE-2023-48799-632dd667b4574a2c84b04035d04afb5c",
"source": "cve@mitre.org"
},
{
"url": "https://www.notion.so/X6000R-632dd667b4574a2c84b04035d04afb5c?pvs=4",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48800.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48800",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T13:15:07.710",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://palm-jump-676.notion.site/CVE-2023-48800-ad96548d06c645738daf3ab77575fd74",
"source": "cve@mitre.org"
},
{
"url": "https://www.notion.so/X6000R-sub_417338-ad96548d06c645738daf3ab77575fd74?pvs=4",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48863.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48863",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T13:15:07.753",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data."
}
],
"metrics": {},
"references": [
{
"url": "http://www.sem-cms.com/",
"source": "cve@mitre.org"
},
{
"url": "https://gitee.com/NoBlake/cve-2023-48863/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-490xx/CVE-2023-49093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49093",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T05:15:07.430",
"lastModified": "2023-12-04T05:15:07.430",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"
},
{
"lang": "es",
"value": "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de XSTL, al navegar por la p\u00e1gina web del atacante. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49108.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49108",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-04T06:15:07.063",
"lastModified": "2023-12-04T06:15:07.063",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal existe en RakRak Document Plus Ver.3.2.0.0 a Ver.6.4.0.7 (excluyendo Ver.6.1.1.3a). Si se explota esta vulnerabilidad, un usuario del producto con privilegios espec\u00edficos puede obtener o eliminar archivos arbitrarios en el servidor."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49287.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49287",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T06:15:07.173",
"lastModified": "2023-12-04T12:15:07.747",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6."
},
{
"lang": "es",
"value": "TinyDir es un lector de archivos y directorios C liviano. El b\u00fafer se desborda en la funci\u00f3n `tinydir_file_open()`. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.2.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-53xx/CVE-2023-5332.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5332",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-12-04T07:15:07.120",
"lastModified": "2023-12-04T07:15:07.120",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE."
},
{
"lang": "es",
"value": "El parche en la librer\u00eda de terceros Consul requiere que 'enable-script-checks' est\u00e9 configurado en False. Esto fue necesario para habilitar un parche por parte del proveedor. Sin esta configuraci\u00f3n, se podr\u00eda omitir el parche. Esto s\u00f3lo afecta a GitLab-EE."
}
],
"metrics": {

69
CVE-2023/CVE-2023-56xx/CVE-2023-5653.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5653",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-27T17:15:09.230",
"lastModified": "2023-11-27T19:03:35.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T14:53:32.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins"
},
{
"lang": "es",
"value": "El complemento WassUp Real Time Analytics de WordPress hasta la versi\u00f3n 1.9.4.5 no escapa a la direcci\u00f3n IP proporcionada a trav\u00e9s de algunos encabezados antes de enviarlos nuevamente a una p\u00e1gina de administraci\u00f3n, lo que permite a los usuarios no autenticados realizar ataques XSS Almacenados contra administradores que hayan iniciado sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wassup_real_time_analytics_project:wassup_real_time_analytics:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.4.5",
"matchCriteriaId": "9F6C5F3D-41A9-4190-9490-013F336F074B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-62xx/CVE-2023-6263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6263",
"sourceIdentifier": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
"published": "2023-11-22T18:15:09.780",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T14:40:17.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0.40440",
"matchCriteriaId": "690A44F2-1ED6-4490-9E4E-17C6FFACD3AE"
}
]
}
]
}
],
"references": [
{
"url": "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing",
"source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0"
"source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-64xx/CVE-2023-6460.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6460",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-04T13:15:07.800",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://github.com/googleapis/nodejs-firestore/pull/1742",
"source": "cve-coordination@google.com"
}
]
}

8
CVE-2023/CVE-2023-64xx/CVE-2023-6481.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6481",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-12-04T09:15:37.250",
"lastModified": "2023-12-04T09:15:37.250",
"vulnStatus": "Received",
"lastModified": "2023-12-04T13:48:34.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,\u00a01.3.13 and\u00a01.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de serializaci\u00f3n en el componente Logback Receiver. Las versiones 1.4.13, 1.3.13 y 1.2.12 de Logback permite a un atacante montar un ataque de denegaci\u00f3n de servicio enviando datos envenenados."
}
],
"metrics": {

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-04T13:00:57.838254+00:00
2023-12-04T15:01:03.255397+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-04T12:15:07.883000+00:00
2023-12-04T14:57:36.603000+00:00
```
### Last Data Feed Release
@ -29,23 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232130
232135
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
* [CVE-2023-32804](CVE-2023/CVE-2023-328xx/CVE-2023-32804.json) (`2023-12-04T12:15:07.570`)
* [CVE-2023-48799](CVE-2023/CVE-2023-487xx/CVE-2023-48799.json) (`2023-12-04T13:15:07.657`)
* [CVE-2023-48800](CVE-2023/CVE-2023-488xx/CVE-2023-48800.json) (`2023-12-04T13:15:07.710`)
* [CVE-2023-48863](CVE-2023/CVE-2023-488xx/CVE-2023-48863.json) (`2023-12-04T13:15:07.753`)
* [CVE-2023-6460](CVE-2023/CVE-2023-64xx/CVE-2023-6460.json) (`2023-12-04T13:15:07.800`)
* [CVE-2023-41613](CVE-2023/CVE-2023-416xx/CVE-2023-41613.json) (`2023-12-04T14:15:07.457`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `57`
* [CVE-2023-5605](CVE-2023/CVE-2023-56xx/CVE-2023-5605.json) (`2023-12-04T11:15:07.120`)
* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T12:15:07.747`)
* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-12-04T12:15:07.883`)
* [CVE-2023-32862](CVE-2023/CVE-2023-328xx/CVE-2023-32862.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32863](CVE-2023/CVE-2023-328xx/CVE-2023-32863.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32864](CVE-2023/CVE-2023-328xx/CVE-2023-32864.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32865](CVE-2023/CVE-2023-328xx/CVE-2023-32865.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32866](CVE-2023/CVE-2023-328xx/CVE-2023-32866.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32867](CVE-2023/CVE-2023-328xx/CVE-2023-32867.json) (`2023-12-04T13:50:38.657`)
* [CVE-2023-32841](CVE-2023/CVE-2023-328xx/CVE-2023-32841.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32842](CVE-2023/CVE-2023-328xx/CVE-2023-32842.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32843](CVE-2023/CVE-2023-328xx/CVE-2023-32843.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32844](CVE-2023/CVE-2023-328xx/CVE-2023-32844.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32845](CVE-2023/CVE-2023-328xx/CVE-2023-32845.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32846](CVE-2023/CVE-2023-328xx/CVE-2023-32846.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-32847](CVE-2023/CVE-2023-328xx/CVE-2023-32847.json) (`2023-12-04T13:50:45.253`)
* [CVE-2023-6263](CVE-2023/CVE-2023-62xx/CVE-2023-6263.json) (`2023-12-04T14:40:17.437`)
* [CVE-2023-41999](CVE-2023/CVE-2023-419xx/CVE-2023-41999.json) (`2023-12-04T14:41:44.107`)
* [CVE-2023-42000](CVE-2023/CVE-2023-420xx/CVE-2023-42000.json) (`2023-12-04T14:42:39.750`)
* [CVE-2023-1295](CVE-2023/CVE-2023-12xx/CVE-2023-1295.json) (`2023-12-04T14:52:07.117`)
* [CVE-2023-35826](CVE-2023/CVE-2023-358xx/CVE-2023-35826.json) (`2023-12-04T14:52:10.630`)
* [CVE-2023-5653](CVE-2023/CVE-2023-56xx/CVE-2023-5653.json) (`2023-12-04T14:53:32.297`)
* [CVE-2023-32252](CVE-2023/CVE-2023-322xx/CVE-2023-32252.json) (`2023-12-04T14:53:38.480`)
* [CVE-2023-35828](CVE-2023/CVE-2023-358xx/CVE-2023-35828.json) (`2023-12-04T14:53:50.153`)
* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-12-04T14:53:57.123`)
* [CVE-2023-32248](CVE-2023/CVE-2023-322xx/CVE-2023-32248.json) (`2023-12-04T14:54:50.907`)
* [CVE-2023-32247](CVE-2023/CVE-2023-322xx/CVE-2023-32247.json) (`2023-12-04T14:55:19.007`)
* [CVE-2023-32558](CVE-2023/CVE-2023-325xx/CVE-2023-32558.json) (`2023-12-04T14:57:36.603`)
## Download and Usage