From 6ad917f647d41d8983550fa7912f1fd2c553d6a9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 4 Dec 2023 15:01:07 +0000 Subject: [PATCH] Auto-Update: 2023-12-04T15:01:03.255397+00:00 --- CVE-2022/CVE-2022-458xx/CVE-2022-45886.json | 58 ++++++- CVE-2023/CVE-2023-12xx/CVE-2023-1295.json | 56 ++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32247.json | 62 ++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32248.json | 74 ++++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32252.json | 172 +++++++++++++++++++- CVE-2023/CVE-2023-325xx/CVE-2023-32558.json | 10 +- CVE-2023/CVE-2023-328xx/CVE-2023-32804.json | 4 +- CVE-2023/CVE-2023-328xx/CVE-2023-32841.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32842.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32843.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32844.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32845.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32846.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32847.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32848.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32849.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32850.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32851.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32852.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32853.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32854.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32855.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32856.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32857.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32858.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32859.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32860.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32861.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32862.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32863.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32864.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32865.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32866.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32867.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32868.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32869.json | 8 +- CVE-2023/CVE-2023-328xx/CVE-2023-32870.json | 8 +- CVE-2023/CVE-2023-358xx/CVE-2023-35826.json | 74 ++++++++- CVE-2023/CVE-2023-358xx/CVE-2023-35828.json | 109 ++++++++++++- CVE-2023/CVE-2023-416xx/CVE-2023-41613.json | 20 +++ CVE-2023/CVE-2023-419xx/CVE-2023-41999.json | 62 ++++++- CVE-2023/CVE-2023-420xx/CVE-2023-42000.json | 62 ++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4220.json | 73 ++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44291.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44300.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44301.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44302.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44304.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44305.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44306.json | 8 +- CVE-2023/CVE-2023-472xx/CVE-2023-47272.json | 8 +- CVE-2023/CVE-2023-487xx/CVE-2023-48799.json | 24 +++ CVE-2023/CVE-2023-488xx/CVE-2023-48800.json | 24 +++ CVE-2023/CVE-2023-488xx/CVE-2023-48863.json | 24 +++ CVE-2023/CVE-2023-490xx/CVE-2023-49093.json | 8 +- CVE-2023/CVE-2023-491xx/CVE-2023-49108.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49287.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5332.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5653.json | 69 +++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6263.json | 57 ++++++- CVE-2023/CVE-2023-64xx/CVE-2023-6460.json | 55 +++++++ CVE-2023/CVE-2023-64xx/CVE-2023-6481.json | 8 +- README.md | 44 ++++- 63 files changed, 1314 insertions(+), 163 deletions(-) create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41613.json create mode 100644 CVE-2023/CVE-2023-487xx/CVE-2023-48799.json create mode 100644 CVE-2023/CVE-2023-488xx/CVE-2023-48800.json create mode 100644 CVE-2023/CVE-2023-488xx/CVE-2023-48863.json create mode 100644 CVE-2023/CVE-2023-64xx/CVE-2023-6460.json diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45886.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45886.json index 4fbb9c96fca..fb4223dd245 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45886.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45886.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45886", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-25T04:15:09.273", - "lastModified": "2023-11-07T03:54:56.727", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:52:26.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -64,8 +64,44 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.0.9", - "matchCriteriaId": "EC099292-5E69-436B-BEC2-5835D46BE6AE" + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.19.285", + "matchCriteriaId": "44905DAB-8B5E-4130-B672-07A06C3C4CBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.246", + "matchCriteriaId": "50FC398B-A69A-4845-8676-B189EFD52DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.183", + "matchCriteriaId": "465F6811-5040-44C7-B81C-6467647C1133" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.116", + "matchCriteriaId": "D22A8AFD-08A1-4B25-848B-7112A7444242" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.33", + "matchCriteriaId": "B443970D-73AA-4C9A-9338-25D38130D285" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.3.7", + "matchCriteriaId": "EA5A4CD8-7A29-4730-A91A-A85F7B206C8E" } ] } @@ -210,11 +246,21 @@ "references": [ { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory", + "URL Repurposed" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0006/", diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json index a7e8357f9f2..7236cf4de39 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1295", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T12:15:09.340", - "lastModified": "2023-07-31T19:15:15.733", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:52:07.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -87,8 +87,50 @@ "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", - "versionEndIncluding": "5.11", - "matchCriteriaId": "055F7F75-916F-4FA1-802C-44AF9E1D1264" + "versionEndExcluding": "5.10.162", + "matchCriteriaId": "EDBE9988-4B34-4FF5-8D4F-8BAD2A0F7D87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.6", + "matchCriteriaId": "EF0D3E9B-CA93-4B02-86F4-AE081E0D30AD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -133,7 +175,11 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230731-0006/", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32247.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32247.json index c17702b8f14..1777ba0c534 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32247.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32247.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32247", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:11.470", - "lastModified": "2023-11-07T04:14:29.590", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:55:19.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -90,8 +90,53 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.3.9", - "matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D" + "versionStartIncluding": "5.15", + "versionEndIncluding": "6.1.29", + "matchCriteriaId": "2B654D6F-58B7-4F0A-AA17-3D2366073718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.16", + "matchCriteriaId": "F92F7C8E-A977-4255-B1B6-D1908D8B408F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -117,7 +162,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0011/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32248.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32248.json index fc985ea730e..15153e20257 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32248.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32248", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:11.543", - "lastModified": "2023-11-07T04:14:29.743", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:54:50.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -90,8 +90,65 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.3.9", - "matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D" + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.111", + "matchCriteriaId": "73004160-CAB6-4206-935F-05BE8E8F3904" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.28", + "matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.15", + "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -117,7 +174,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0006/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32252.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32252.json index dd65767f31b..53e425ff747 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32252.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32252", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:11.610", - "lastModified": "2023-11-07T04:14:30.290", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:53:38.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +66,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -86,8 +86,158 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "6.3.9", - "matchCriteriaId": "91F73DF0-B48A-4A70-A0C6-8844D289441D" + "versionStartIncluding": "5.15", + "versionEndExcluding": "6.1.29", + "matchCriteriaId": "7E233AD0-DABB-4668-93A7-DD0909B16CB9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.16", + "matchCriteriaId": "F92F7C8E-A977-4255-B1B6-D1908D8B408F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.3.2", + "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" } ] } @@ -99,7 +249,8 @@ "url": "https://access.redhat.com/security/cve/CVE-2023-32252", "source": "secalert@redhat.com", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "VDB Entry" ] }, { @@ -111,6 +262,13 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231124-0001/", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32558.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32558.json index 9120a2c78ec..1d4b72f9c9a 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32558.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32558.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32558", "sourceIdentifier": "support@hackerone.com", "published": "2023-09-12T02:15:12.067", - "lastModified": "2023-09-15T17:12:58.390", + "lastModified": "2023-12-04T14:57:36.603", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + }, + { + "lang": "es", + "value": "El uso de la API obsoleta `process.binding()` puede omitir el modelo de permiso a trav\u00e9s del Path Traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permisos experimental en Node.js 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js." } ], "metrics": { @@ -57,8 +61,8 @@ "vulnerable": true, "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "versionStartIncluding": "20.0.0", - "versionEndIncluding": "20.6.1", - "matchCriteriaId": "8FFDCDFB-D221-4F5A-BEC6-C3A6F2F5A5F3" + "versionEndExcluding": "20.5.1", + "matchCriteriaId": "1B1EE318-9E7D-4AF1-9FB5-245C9F8BBBE0" } ] } diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32804.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32804.json index c1096879c6c..86574517195 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32804.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32804", "sourceIdentifier": "arm-security@arm.com", "published": "2023-12-04T12:15:07.570", - "lastModified": "2023-12-04T12:15:07.570", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32841.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32841.json index 56aedb2644c..e7dea285395 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32841.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32841.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32841", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.347", - "lastModified": "2023-12-04T04:15:07.347", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01128524 (MSV-846)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32842.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32842.json index 73e64f13447..fa294482dc6 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32842.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32842.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32842", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.417", - "lastModified": "2023-12-04T04:15:07.417", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01130256; ID del problema: MOLY01130256 (MSV-848)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32843.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32843.json index cda4b1ea4be..53316069fbe 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32843.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32843.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32843", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.463", - "lastModified": "2023-12-04T04:15:07.463", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01130204; ID del problema: MOLY01130204 (MSV-849)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32844.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32844.json index 6425e3ff2df..da8f26ea9f7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32844.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32844.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32844", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.510", - "lastModified": "2023-12-04T04:15:07.510", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01130183 (MSV-850)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32845.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32845.json index ef85f3b0158..4492cbfe547 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32845.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32845.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32845", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.567", - "lastModified": "2023-12-04T04:15:07.567", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01139296 (MSV-860)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32846.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32846.json index 4c855a82874..9f6b2eaee5c 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32846.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32846.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32846", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.613", - "lastModified": "2023-12-04T04:15:07.613", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861)." + }, + { + "lang": "es", + "value": "En 5G Modem, existe una posible falla del sistema debido a un manejo inadecuado de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio al recibir mensajes RRC con formato incorrecto, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01128524; ID del problema: MOLY01138453 (MSV-861)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32847.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32847.json index 81c957cdf68..92d3e34bd56 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32847.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32847.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32847", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.663", - "lastModified": "2023-12-04T04:15:07.663", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:45.253", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940." + }, + { + "lang": "es", + "value": "En audio, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08241940; ID del problema: ALPS08241940." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32848.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32848.json index 08a9788e38d..ed9f9970011 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32848.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32848.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32848", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.710", - "lastModified": "2023-12-04T04:15:07.710", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896." + }, + { + "lang": "es", + "value": "En vdec, existe una posible escritura fuera de los l\u00edmites debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08163896; ID del problema: ALPS08163896." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32849.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32849.json index ac3bffe33cf..401c53e644c 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32849.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32849.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32849", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.757", - "lastModified": "2023-12-04T04:15:07.757", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758." + }, + { + "lang": "es", + "value": "En cmdq, existe una posible escritura fuera de los l\u00edmites debido a una confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08161758; ID del problema: ALPS08161758." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32850.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32850.json index aecb1cadc14..703fc787964 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32850.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32850.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32850", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.807", - "lastModified": "2023-12-04T04:15:07.807", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659." + }, + { + "lang": "es", + "value": "En decoder, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08016659; ID del problema: ALPS08016659." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32851.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32851.json index 30a8d6ed930..4e3a10fc3d7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32851.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32851.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32851", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.857", - "lastModified": "2023-12-04T04:15:07.857", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652." + }, + { + "lang": "es", + "value": "En decoder, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08016652; ID del problema: ALPS08016652." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32852.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32852.json index f5eddeb0a6a..65dac4dd16b 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32852.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32852.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32852", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.907", - "lastModified": "2023-12-04T04:15:07.907", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971." + }, + { + "lang": "es", + "value": "En cameraisp, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una validaci\u00f3n inadecuada del ingreso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07670971; ID del problema: ALPS07670971." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32853.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32853.json index edb745a90a4..838f5354c2e 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32853.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32853.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32853", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:07.950", - "lastModified": "2023-12-04T04:15:07.950", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764." + }, + { + "lang": "es", + "value": "En rpmb, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07648764; ID del problema: ALPS07648764." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32854.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32854.json index 9ab2ef41ab5..2ea470fb06c 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32854.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32854.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32854", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.000", - "lastModified": "2023-12-04T04:15:08.000", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132." + }, + { + "lang": "es", + "value": "En ril, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08240132; ID del problema: ALPS08240132." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32855.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32855.json index da08e739561..7520dc25f31 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32855.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32855.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32855", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.043", - "lastModified": "2023-12-04T04:15:08.043", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204." + }, + { + "lang": "es", + "value": "En aee, existe una posible escalada de privilegios debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07909204; ID del problema: ALPS07909204." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32856.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32856.json index 1ee18d13404..39f5cffbd22 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32856.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32856.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32856", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.093", - "lastModified": "2023-12-04T04:15:08.093", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705." + }, + { + "lang": "es", + "value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de estado incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993705; ID del problema: ALPS07993705." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32857.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32857.json index 90cf596e029..30ba6ed81a3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32857.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32857.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32857", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.140", - "lastModified": "2023-12-04T04:15:08.140", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710." + }, + { + "lang": "es", + "value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de estado incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993705; ID del problema: ALPS07993710." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32858.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32858.json index 0a59e4df8b5..82d36a699a7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32858.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32858.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32858", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.190", - "lastModified": "2023-12-04T04:15:08.190", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008." + }, + { + "lang": "es", + "value": "En GZ existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de eliminaci\u00f3n de datos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07806008; ID del problema: ALPS07806008." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32859.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32859.json index 46cedef7f89..cafef05750f 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32859.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32859.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32859", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.240", - "lastModified": "2023-12-04T04:15:08.240", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473." + }, + { + "lang": "es", + "value": "En meta, existe un posible desbordamiento del b\u00fafer cl\u00e1sico debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08000473; ID del problema: ALPS08000473." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32860.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32860.json index 54bfef15314..acf849d3905 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32860.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32860.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32860", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.300", - "lastModified": "2023-12-04T04:15:08.300", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788." + }, + { + "lang": "es", + "value": "En display, hay un posible desbordamiento del b\u00fafer cl\u00e1sico debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07929788; ID del problema: ALPS07929788." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32861.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32861.json index 56d9502e163..94641fa8da2 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32861.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32861.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32861", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.353", - "lastModified": "2023-12-04T04:15:08.353", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081." + }, + { + "lang": "es", + "value": "En display, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08059081; ID del problema: ALPS08059081." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32862.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32862.json index a48e4711b40..8c54ae357b3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32862.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32862.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32862", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.397", - "lastModified": "2023-12-04T04:15:08.397", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762." + }, + { + "lang": "es", + "value": "En la pantalla, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07388762; ID del problema: ALPS07388762." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32863.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32863.json index 7606687d97a..61ba12d53b1 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32863.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32863.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32863", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.440", - "lastModified": "2023-12-04T04:15:08.440", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314." + }, + { + "lang": "es", + "value": "En display drm, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07326314; ID del problema: ALPS07326314." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32864.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32864.json index a1b58b33ad2..2ef704b7eb8 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32864.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32864.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32864", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.487", - "lastModified": "2023-12-04T04:15:08.487", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187." + }, + { + "lang": "es", + "value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07292187; ID del problema: ALPS07292187." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32865.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32865.json index 9bb6841091b..89495bff4bf 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32865.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32865.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32865", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.533", - "lastModified": "2023-12-04T04:15:08.533", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456." + }, + { + "lang": "es", + "value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363456; ID del problema: ALPS07363456." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32866.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32866.json index a3a17c5eae5..ecd53c9fe38 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32866.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32866.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32866", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.577", - "lastModified": "2023-12-04T04:15:08.577", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152." + }, + { + "lang": "es", + "value": "En mmp, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07342152; ID del problema: ALPS07342152." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32867.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32867.json index 3846d8b0a87..19ea300758a 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32867.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32867.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32867", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.623", - "lastModified": "2023-12-04T04:15:08.623", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:50:38.657", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793." + }, + { + "lang": "es", + "value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07560793; ID del problema: ALPS07560793." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32868.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32868.json index dfd8e00f1fe..7431309a6e3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32868.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32868.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32868", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.673", - "lastModified": "2023-12-04T04:15:08.673", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632." + }, + { + "lang": "es", + "value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363632; ID del problema: ALPS07363632." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32869.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32869.json index 402c24cd146..86d48df8ebb 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32869.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32869.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32869", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.717", - "lastModified": "2023-12-04T04:15:08.717", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689." + }, + { + "lang": "es", + "value": "En display drm, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363632; ID del problema: ALPS07363689." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32870.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32870.json index fb670b10df2..ea826e29f4b 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32870.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32870.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32870", "sourceIdentifier": "security@mediatek.com", "published": "2023-12-04T04:15:08.760", - "lastModified": "2023-12-04T04:15:08.760", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740." + }, + { + "lang": "es", + "value": "En display drm, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07363740; ID del problema: ALPS07363740." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35826.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35826.json index 679294eb0d2..4a982d76e8c 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35826.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35826.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35826", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-18T22:15:09.330", - "lastModified": "2023-11-07T04:15:59.710", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:52:10.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -60,8 +60,58 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.18", + "versionEndExcluding": "6.1.28", + "matchCriteriaId": "BFFE4B65-8E1D-4307-9B84-330D5C2B3EC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.15", + "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", "versionEndExcluding": "6.3.2", - "matchCriteriaId": "86A4A377-C6B0-4E94-8486-019155A51116" + "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -86,15 +136,27 @@ }, { "url": "https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a%40xs4all.nl/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/linux-arm-kernel/20230308032333.1893394-1-zyytlz.wz%40163.com/T/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0002/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json index a9d8d7f4b33..3526d40d134 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35828.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35828", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-18T22:15:09.417", - "lastModified": "2023-11-07T04:16:01.970", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T14:53:50.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -60,8 +60,86 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19", + "versionEndExcluding": "4.19.283", + "matchCriteriaId": "E9AD7AA8-ABE6-4255-91B3-D994EC47281F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.243", + "matchCriteriaId": "E54ACEF5-C8C1-4266-85FC-7D513FFD1DEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.180", + "matchCriteriaId": "78422AC3-CC89-479E-B4BC-62381D8F3564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.111", + "matchCriteriaId": "2B9DD776-7F17-4F72-B94F-54BFCBC692DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.28", + "matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.2.15", + "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", "versionEndExcluding": "6.3.2", - "matchCriteriaId": "86A4A377-C6B0-4E94-8486-019155A51116" + "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -86,19 +164,36 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://lore.kernel.org/all/20230327121700.52d881e0%40canb.auug.org.au/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA%40mail.gmail.com/T/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0002/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41613.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41613.json new file mode 100644 index 00000000000..5a7ce86e3ad --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41613.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41613", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T14:15:07.457", + "lastModified": "2023-12-04T14:15:07.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "EzViz Studio v2.2.0 is vulnerable to DLL hijacking." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/175684/EzViz-Studio-2.2.0-DLL-Hijacking.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41999.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41999.json index 8b4e10b97c9..48412ebd865 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41999.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41999.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41999", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-11-27T17:15:07.980", - "lastModified": "2023-11-27T19:03:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T14:41:44.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication." + }, + { + "lang": "es", + "value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Arcserve UDP antes de la versi\u00f3n 9.2. Un atacante remoto no autenticado puede obtener un identificador de autenticaci\u00f3n v\u00e1lido que le permita autenticarse en la consola de administraci\u00f3n y realizar tareas que requieran autenticaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2", + "matchCriteriaId": "DD913BA7-A48E-4406-93FB-4BD86BCD519E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.tenable.com/security/research/tra-2023-37", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-420xx/CVE-2023-42000.json b/CVE-2023/CVE-2023-420xx/CVE-2023-42000.json index b30bd23f2b8..4738f2dddca 100644 --- a/CVE-2023/CVE-2023-420xx/CVE-2023-42000.json +++ b/CVE-2023/CVE-2023-420xx/CVE-2023-42000.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42000", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-11-27T17:15:08.160", - "lastModified": "2023-11-27T19:03:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T14:42:39.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed." + }, + { + "lang": "es", + "value": "Arcserve UDP anterior a 9.2 contiene una vulnerabilidad de Path Traversal en com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Un atacante remoto no autenticado puede aprovecharlo para cargar archivos arbitrarios en cualquier ubicaci\u00f3n del sistema de archivos donde est\u00e9 instalado el agente UDP." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2", + "matchCriteriaId": "DD913BA7-A48E-4406-93FB-4BD86BCD519E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.tenable.com/security/research/tra-2023-37", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json index 3202498ecd8..71f2a21994d 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4220", "sourceIdentifier": "info@starlabs.sg", "published": "2023-11-28T08:15:07.137", - "lastModified": "2023-11-28T14:12:58.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T14:53:57.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "info@starlabs.sg", "type": "Secondary", @@ -39,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "info@starlabs.sg", "type": "Secondary", @@ -50,18 +84,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.11.24", + "matchCriteriaId": "3CA5310C-E5B0-4369-BC5A-F56EBED72EBA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49", - "source": "info@starlabs.sg" + "source": "info@starlabs.sg", + "tags": [ + "Patch" + ] }, { "url": "https://starlabs.sg/advisories/23/23-4220", - "source": "info@starlabs.sg" + "source": "info@starlabs.sg", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220", - "source": "info@starlabs.sg" + "source": "info@starlabs.sg", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44291.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44291.json index 33839c3975f..f08dd97a606 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44291.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44291.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44291", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:35.623", - "lastModified": "2023-12-04T09:15:35.623", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 5.14.0.0 contains an OS command injection vulnerability in PPOE component. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el componente PPOE. Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema operativo subyacente, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede llevar a que un atacante se apodere del sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44300.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44300.json index 904304b57ec..92784b75eca 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44300.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44300.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44300", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:35.993", - "lastModified": "2023-12-04T09:15:35.993", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de almacenamiento de contrase\u00f1as de texto plano en PPOE. Un atacante local con privilegios podr\u00eda explotar esta vulnerabilidad, lo que dar\u00eda lugar a la divulgaci\u00f3n de determinadas credenciales de usuario. Es posible que el atacante pueda utilizar las credenciales expuestas para acceder a la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44301.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44301.json index eb5692cee10..a3296b32ba0 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44301.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44301.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44301", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:36.213", - "lastModified": "2023-12-04T09:15:36.213", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de cross-site scripting reflejada. Un atacante de red con privilegios bajos podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de c\u00f3digo HTML o JavaScript malicioso en el navegador web de un usuario v\u00edctima en el contexto de la aplicaci\u00f3n web vulnerable. La explotaci\u00f3n puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n, el robo de sesiones o la falsificaci\u00f3n de solicitudes por parte del cliente." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44302.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44302.json index 85aceaaaf88..7e850fc8714 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44302.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44302.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44302", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:36.417", - "lastModified": "2023-12-04T09:15:36.417", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de autenticaci\u00f3n incorrecta. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para obtener acceso a recursos o funcionalidades que podr\u00edan conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44304.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44304.json index 8b59a4938b5..d60c52f3d88 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44304.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44304.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44304", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:36.633", - "lastModified": "2023-12-04T09:15:36.633", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 contains a privilege escalation vulnerability in PPOE Component. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 contiene una vulnerabilidad de escalada de privilegios en el componente PPOE. Un atacante remoto con privilegios bajos podr\u00eda explotar esta vulnerabilidad para escapar del shell restringido y obtener acceso ra\u00edz al dispositivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44305.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44305.json index 6c02b6d3082..397dcd5f7a0 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44305.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44305.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44305", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:36.833", - "lastModified": "2023-12-04T09:15:36.833", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in PPOE. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input dat\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 5.14.0.0 contiene una vulnerabilidad de desbordamiento del b\u00fafer basada en pila en PPOE. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para bloquear el proceso afectado o ejecutar c\u00f3digo arbitrario en el sistema enviando datos de entrada especialmente manipulados." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44306.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44306.json index f439dafa2f7..0f16e90be5a 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44306.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44306.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44306", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-04T09:15:37.043", - "lastModified": "2023-12-04T09:15:37.043", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell DM5500 contains a path traversal vulnerability in PPOE Component. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite the files stored on the server filesystem.\n\n" + }, + { + "lang": "es", + "value": "Dell DM5500 contiene una vulnerabilidad de path traversal en el componente PPOE. Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad para sobrescribir los archivos almacenados en el sistema de archivos del servidor." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json index 9bfde8d2055..7c7e5636aa1 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47272", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.380", - "lastModified": "2023-11-15T05:15:10.290", - "vulnStatus": "Modified", + "lastModified": "2023-12-04T13:15:07.500", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -129,6 +129,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4F4DUA3Q46ZVB2RD7BFP4XMNS4RYFFQ/", "source": "cve@mitre.org" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5572", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48799.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48799.json new file mode 100644 index 00000000000..9fc61d2e3b0 --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48799.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48799", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T13:15:07.657", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://palm-jump-676.notion.site/CVE-2023-48799-632dd667b4574a2c84b04035d04afb5c", + "source": "cve@mitre.org" + }, + { + "url": "https://www.notion.so/X6000R-632dd667b4574a2c84b04035d04afb5c?pvs=4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48800.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48800.json new file mode 100644 index 00000000000..8c99f42f379 --- /dev/null +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48800.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48800", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T13:15:07.710", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://palm-jump-676.notion.site/CVE-2023-48800-ad96548d06c645738daf3ab77575fd74", + "source": "cve@mitre.org" + }, + { + "url": "https://www.notion.so/X6000R-sub_417338-ad96548d06c645738daf3ab77575fd74?pvs=4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-488xx/CVE-2023-48863.json b/CVE-2023/CVE-2023-488xx/CVE-2023-48863.json new file mode 100644 index 00000000000..65c6fba6663 --- /dev/null +++ b/CVE-2023/CVE-2023-488xx/CVE-2023-48863.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48863", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-04T13:15:07.753", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://www.sem-cms.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://gitee.com/NoBlake/cve-2023-48863/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49093.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49093.json index ea2bcb4fcfe..ed57b8c4567 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49093.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49093.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49093", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T05:15:07.430", - "lastModified": "2023-12-04T05:15:07.430", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0" + }, + { + "lang": "es", + "value": "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de XSTL, al navegar por la p\u00e1gina web del atacante. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.9.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49108.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49108.json index f688e1ab56d..87d7457840a 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49108.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49108.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49108", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-04T06:15:07.063", - "lastModified": "2023-12-04T06:15:07.063", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges." + }, + { + "lang": "es", + "value": "Vulnerabilidad de path traversal existe en RakRak Document Plus Ver.3.2.0.0 a Ver.6.4.0.7 (excluyendo Ver.6.1.1.3a). Si se explota esta vulnerabilidad, un usuario del producto con privilegios espec\u00edficos puede obtener o eliminar archivos arbitrarios en el servidor." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json index d464e9f1ab0..dafcad35d4f 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49287.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49287", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T06:15:07.173", - "lastModified": "2023-12-04T12:15:07.747", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6." + }, + { + "lang": "es", + "value": "TinyDir es un lector de archivos y directorios C liviano. El b\u00fafer se desborda en la funci\u00f3n `tinydir_file_open()`. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.2.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5332.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5332.json index 31978c239b4..c8ae98738c6 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5332.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5332.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5332", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-04T07:15:07.120", - "lastModified": "2023-12-04T07:15:07.120", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE." + }, + { + "lang": "es", + "value": "El parche en la librer\u00eda de terceros Consul requiere que 'enable-script-checks' est\u00e9 configurado en False. Esto fue necesario para habilitar un parche por parte del proveedor. Sin esta configuraci\u00f3n, se podr\u00eda omitir el parche. Esto s\u00f3lo afecta a GitLab-EE." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5653.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5653.json index 1467bd0686c..93675d7a7c0 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5653.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5653.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5653", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-27T17:15:09.230", - "lastModified": "2023-11-27T19:03:35.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T14:53:32.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins" + }, + { + "lang": "es", + "value": "El complemento WassUp Real Time Analytics de WordPress hasta la versi\u00f3n 1.9.4.5 no escapa a la direcci\u00f3n IP proporcionada a trav\u00e9s de algunos encabezados antes de enviarlos nuevamente a una p\u00e1gina de administraci\u00f3n, lo que permite a los usuarios no autenticados realizar ataques XSS Almacenados contra administradores que hayan iniciado sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wassup_real_time_analytics_project:wassup_real_time_analytics:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.9.4.5", + "matchCriteriaId": "9F6C5F3D-41A9-4190-9490-013F336F074B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json index a230c447a81..b2a8e1adf14 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6263", "sourceIdentifier": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", "published": "2023-11-22T18:15:09.780", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-04T14:40:17.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.1.0.40440", + "matchCriteriaId": "690A44F2-1ED6-4490-9E4E-17C6FFACD3AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing", - "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0" + "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json new file mode 100644 index 00000000000..ec81a7f64f6 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6460.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6460", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-12-04T13:15:07.800", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/googleapis/nodejs-firestore/pull/1742", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6481.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6481.json index 0bf84fc924f..02ba3363511 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6481.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6481.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6481", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-12-04T09:15:37.250", - "lastModified": "2023-12-04T09:15:37.250", - "vulnStatus": "Received", + "lastModified": "2023-12-04T13:48:34.723", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,\u00a01.3.13 and\u00a01.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de serializaci\u00f3n en el componente Logback Receiver. Las versiones 1.4.13, 1.3.13 y 1.2.12 de Logback permite a un atacante montar un ataque de denegaci\u00f3n de servicio enviando datos envenenados." } ], "metrics": { diff --git a/README.md b/README.md index b5ae3defebc..d90e0802ae5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-04T13:00:57.838254+00:00 +2023-12-04T15:01:03.255397+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-04T12:15:07.883000+00:00 +2023-12-04T14:57:36.603000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232130 +232135 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-32804](CVE-2023/CVE-2023-328xx/CVE-2023-32804.json) (`2023-12-04T12:15:07.570`) +* [CVE-2023-48799](CVE-2023/CVE-2023-487xx/CVE-2023-48799.json) (`2023-12-04T13:15:07.657`) +* [CVE-2023-48800](CVE-2023/CVE-2023-488xx/CVE-2023-48800.json) (`2023-12-04T13:15:07.710`) +* [CVE-2023-48863](CVE-2023/CVE-2023-488xx/CVE-2023-48863.json) (`2023-12-04T13:15:07.753`) +* [CVE-2023-6460](CVE-2023/CVE-2023-64xx/CVE-2023-6460.json) (`2023-12-04T13:15:07.800`) +* [CVE-2023-41613](CVE-2023/CVE-2023-416xx/CVE-2023-41613.json) (`2023-12-04T14:15:07.457`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `57` -* [CVE-2023-5605](CVE-2023/CVE-2023-56xx/CVE-2023-5605.json) (`2023-12-04T11:15:07.120`) -* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T12:15:07.747`) -* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-12-04T12:15:07.883`) +* [CVE-2023-32862](CVE-2023/CVE-2023-328xx/CVE-2023-32862.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32863](CVE-2023/CVE-2023-328xx/CVE-2023-32863.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32864](CVE-2023/CVE-2023-328xx/CVE-2023-32864.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32865](CVE-2023/CVE-2023-328xx/CVE-2023-32865.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32866](CVE-2023/CVE-2023-328xx/CVE-2023-32866.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32867](CVE-2023/CVE-2023-328xx/CVE-2023-32867.json) (`2023-12-04T13:50:38.657`) +* [CVE-2023-32841](CVE-2023/CVE-2023-328xx/CVE-2023-32841.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32842](CVE-2023/CVE-2023-328xx/CVE-2023-32842.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32843](CVE-2023/CVE-2023-328xx/CVE-2023-32843.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32844](CVE-2023/CVE-2023-328xx/CVE-2023-32844.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32845](CVE-2023/CVE-2023-328xx/CVE-2023-32845.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32846](CVE-2023/CVE-2023-328xx/CVE-2023-32846.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-32847](CVE-2023/CVE-2023-328xx/CVE-2023-32847.json) (`2023-12-04T13:50:45.253`) +* [CVE-2023-6263](CVE-2023/CVE-2023-62xx/CVE-2023-6263.json) (`2023-12-04T14:40:17.437`) +* [CVE-2023-41999](CVE-2023/CVE-2023-419xx/CVE-2023-41999.json) (`2023-12-04T14:41:44.107`) +* [CVE-2023-42000](CVE-2023/CVE-2023-420xx/CVE-2023-42000.json) (`2023-12-04T14:42:39.750`) +* [CVE-2023-1295](CVE-2023/CVE-2023-12xx/CVE-2023-1295.json) (`2023-12-04T14:52:07.117`) +* [CVE-2023-35826](CVE-2023/CVE-2023-358xx/CVE-2023-35826.json) (`2023-12-04T14:52:10.630`) +* [CVE-2023-5653](CVE-2023/CVE-2023-56xx/CVE-2023-5653.json) (`2023-12-04T14:53:32.297`) +* [CVE-2023-32252](CVE-2023/CVE-2023-322xx/CVE-2023-32252.json) (`2023-12-04T14:53:38.480`) +* [CVE-2023-35828](CVE-2023/CVE-2023-358xx/CVE-2023-35828.json) (`2023-12-04T14:53:50.153`) +* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-12-04T14:53:57.123`) +* [CVE-2023-32248](CVE-2023/CVE-2023-322xx/CVE-2023-32248.json) (`2023-12-04T14:54:50.907`) +* [CVE-2023-32247](CVE-2023/CVE-2023-322xx/CVE-2023-32247.json) (`2023-12-04T14:55:19.007`) +* [CVE-2023-32558](CVE-2023/CVE-2023-325xx/CVE-2023-32558.json) (`2023-12-04T14:57:36.603`) ## Download and Usage