admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-10T23:00:25.016727+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-10 23:00:28 +00:00
parent dced1d9aa5
commit 762c6eb084
76 changed files with 1990 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022/CVE-2022-329xx/CVE-2022-32919.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-32919",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.173",
"lastModified": "2024-01-10T22:15:47.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213530",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213532",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-329xx/CVE-2022-32931.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-32931",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.240",
"lastModified": "2024-01-10T22:15:47.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-428xx/CVE-2022-42816.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-42816",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.290",
"lastModified": "2024-01-10T22:15:47.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

24
CVE-2022/CVE-2022-428xx/CVE-2022-42839.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-42839",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.330",
"lastModified": "2024-01-10T22:15:47.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213530",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213532",
"source": "product-security@apple.com"
}
]
}

63
CVE-2022/CVE-2022-457xx/CVE-2022-45793.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2022-45793",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-10T21:15:08.193",
"lastModified": "2024-01-10T21:15:08.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf",
"source": "ot-cert@dragos.com"
}
]
}

24
CVE-2022/CVE-2022-467xx/CVE-2022-46710.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-46710",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.380",
"lastModified": "2024-01-10T22:15:47.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213530",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213532",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-467xx/CVE-2022-46721.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-46721",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.430",
"lastModified": "2024-01-10T22:15:47.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-479xx/CVE-2022-47915.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47915",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.473",
"lastModified": "2024-01-10T22:15:47.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-479xx/CVE-2022-47965.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47965",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.523",
"lastModified": "2024-01-10T22:15:47.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-485xx/CVE-2022-48504.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-48504",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.563",
"lastModified": "2024-01-10T22:15:47.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

20
CVE-2022/CVE-2022-485xx/CVE-2022-48577.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-48577",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.610",
"lastModified": "2024-01-10T22:15:47.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-281xx/CVE-2023-28185.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-28185",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.803",
"lastModified": "2024-01-10T22:15:47.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-281xx/CVE-2023-28197.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-28197",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.853",
"lastModified": "2024-01-10T22:15:47.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
}
]
}

63
CVE-2023/CVE-2023-294xx/CVE-2023-29445.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-29445",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-10T21:15:08.410",
"lastModified": "2024-01-10T21:15:08.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.ptc.com/en/support/article/cs399528",
"source": "ot-cert@dragos.com"
}
]
}

63
CVE-2023/CVE-2023-294xx/CVE-2023-29446.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-29446",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-10T21:15:08.603",
"lastModified": "2024-01-10T21:15:08.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.ptc.com/en/support/article/cs399528",
"source": "ot-cert@dragos.com"
}
]
}

63
CVE-2023/CVE-2023-294xx/CVE-2023-29447.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-29447",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-10T21:15:08.790",
"lastModified": "2024-01-10T21:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.ptc.com/en/support/article/cs399528",
"source": "ot-cert@dragos.com"
}
]
}

36
CVE-2023/CVE-2023-323xx/CVE-2023-32366.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-32366",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.897",
"lastModified": "2024-01-10T22:15:47.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-323xx/CVE-2023-32378.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-32378",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.943",
"lastModified": "2024-01-10T22:15:47.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-323xx/CVE-2023-32383.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-32383",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.987",
"lastModified": "2024-01-10T22:15:47.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-324xx/CVE-2023-32401.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-32401",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.040",
"lastModified": "2024-01-10T22:15:48.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-324xx/CVE-2023-32424.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32424",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.087",
"lastModified": "2024-01-10T22:15:48.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-324xx/CVE-2023-32436.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32436",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.140",
"lastModified": "2024-01-10T22:15:48.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-386xx/CVE-2023-38607.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38607",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.310",
"lastModified": "2024-01-10T22:15:48.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-386xx/CVE-2023-38610.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38610",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.357",
"lastModified": "2024-01-10T22:15:48.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-386xx/CVE-2023-38612.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-38612",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.403",
"lastModified": "2024-01-10T22:15:48.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40383.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40383",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.460",
"lastModified": "2024-01-10T22:15:48.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-403xx/CVE-2023-40385.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40385",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.503",
"lastModified": "2024-01-10T22:15:48.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40393.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40393",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.550",
"lastModified": "2024-01-10T22:15:48.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40394.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40394",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.593",
"lastModified": "2024-01-10T22:15:48.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40411.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40411",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.643",
"lastModified": "2024-01-10T22:15:48.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-404xx/CVE-2023-40414.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-40414",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.687",
"lastModified": "2024-01-10T22:15:48.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40430.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40430",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.740",
"lastModified": "2024-01-10T22:15:48.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40433.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40433",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.787",
"lastModified": "2024-01-10T22:15:48.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-404xx/CVE-2023-40437.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40437",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.827",
"lastModified": "2024-01-10T22:15:48.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-404xx/CVE-2023-40438.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40438",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.870",
"lastModified": "2024-01-10T22:15:48.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-404xx/CVE-2023-40439.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40439",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.920",
"lastModified": "2024-01-10T22:15:48.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-405xx/CVE-2023-40529.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40529",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.970",
"lastModified": "2024-01-10T22:15:48.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-410xx/CVE-2023-41060.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41060",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.107",
"lastModified": "2024-01-10T22:15:49.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-410xx/CVE-2023-41069.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41069",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.150",
"lastModified": "2024-01-10T22:15:49.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-410xx/CVE-2023-41075.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41075",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.190",
"lastModified": "2024-01-10T22:15:49.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-419xx/CVE-2023-41974.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41974",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.240",
"lastModified": "2024-01-10T22:15:49.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-419xx/CVE-2023-41987.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41987",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.290",
"lastModified": "2024-01-10T22:15:49.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

14
CVE-2023/CVE-2023-419xx/CVE-2023-41991.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41991",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.283",
"lastModified": "2023-11-07T04:21:11.603",
"lastModified": "2024-01-10T22:15:49.337",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-25",
"cisaActionDue": "2023-10-16",
@ -96,18 +96,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/4",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/5",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com",

20
CVE-2023/CVE-2023-419xx/CVE-2023-41992.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41992",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.520",
"lastModified": "2023-11-07T04:21:11.737",
"lastModified": "2024-01-10T22:15:49.427",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-25",
"cisaActionDue": "2023-10-16",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
},
{
"lang": "es",
@ -103,22 +103,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/4",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/5",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/6",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com",

74
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2023-12-21T22:15:14.453",
"lastModified": "2024-01-10T22:15:49.500",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-09-25",
"cisaActionDue": "2023-10-16",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
},
{
"lang": "es",
@ -146,61 +146,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/4",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"source": "product-security@apple.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ELXBV26Q54BIOVN5LBCJFM2G6VQZ7FO/",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYRHTFVN6FTXLZ27IPTNRSXKBAR2SOMA/",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com",
@ -224,21 +169,6 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213926",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213930",
"source": "product-security@apple.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5527",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-419xx/CVE-2023-41994.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41994",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.640",
"lastModified": "2024-01-10T22:15:49.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42826.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42826",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.707",
"lastModified": "2024-01-10T22:15:49.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42828.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42828",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.757",
"lastModified": "2024-01-10T22:15:49.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42829.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42829",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.803",
"lastModified": "2024-01-10T22:15:49.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-428xx/CVE-2023-42830.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42830",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.850",
"lastModified": "2024-01-10T22:15:49.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42831.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42831",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.903",
"lastModified": "2024-01-10T22:15:49.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213842",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42832.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42832",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.953",
"lastModified": "2024-01-10T22:15:49.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42833.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42833",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.000",
"lastModified": "2024-01-10T22:15:50.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42862.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42862",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.047",
"lastModified": "2024-01-10T22:15:50.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42865.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42865",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.093",
"lastModified": "2024-01-10T22:15:50.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-428xx/CVE-2023-42866.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-42866",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.143",
"lastModified": "2024-01-10T22:15:50.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213846",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213847",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213848",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-428xx/CVE-2023-42869.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42869",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.200",
"lastModified": "2024-01-10T22:15:50.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213757",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-428xx/CVE-2023-42870.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42870",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.240",
"lastModified": "2024-01-10T22:15:50.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-428xx/CVE-2023-42871.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42871",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.280",
"lastModified": "2024-01-10T22:15:50.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-428xx/CVE-2023-42872.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42872",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.327",
"lastModified": "2024-01-10T22:15:50.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42876.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42876",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.370",
"lastModified": "2024-01-10T22:15:50.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42929.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42929",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.417",
"lastModified": "2024-01-10T22:15:50.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42933.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42933",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.460",
"lastModified": "2024-01-10T22:15:50.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-429xx/CVE-2023-42934.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-42934",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.507",
"lastModified": "2024-01-10T22:15:50.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42941.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42941",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.543",
"lastModified": "2024-01-10T22:15:50.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
}
]
}

87
CVE-2023/CVE-2023-492xx/CVE-2023-49295.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2023-49295",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-10T22:15:50.610",
"lastModified": "2024-01-10T22:15:50.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-511xx/CVE-2023-51123.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51123",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T22:15:50.823",
"lastModified": "2024-01-10T22:15:50.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/WhereisRain/dir-815",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-511xx/CVE-2023-51126.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51126",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.083",
"lastModified": "2024-01-10T21:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/risuxx/CVE-2023-51126",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-511xx/CVE-2023-51127.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51127",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.133",
"lastModified": "2024-01-10T21:15:09.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/risuxx/CVE-2023-51127",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52064.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52064",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.180",
"lastModified": "2024-01-10T21:15:09.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/208",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-59xx/CVE-2023-5981.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5981",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-28T12:15:07.040",
"lastModified": "2023-12-11T09:15:06.907",
"lastModified": "2024-01-10T21:15:09.230",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,6 +138,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0155",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5981",
"source": "secalert@redhat.com",

24
CVE-2024/CVE-2024-03xx/CVE-2024-0333.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0333",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-10T22:15:50.907",
"lastModified": "2024-01-10T22:15:50.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1513379",
"source": "chrome-cve-admin@google.com"
}
]
}

63
CVE-2024/CVE-2024-216xx/CVE-2024-21638.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-21638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-10T22:15:51.563",
"lastModified": "2024-01-10T22:15:51.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Azure/ipam/pull/218",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2024/CVE-2024-221xx/CVE-2024-22164.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22164",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-09T17:15:12.323",
"lastModified": "2024-01-09T19:56:14.023",
"lastModified": "2024-01-10T22:15:51.760",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigaci\u00f3n para realizar una denegaci\u00f3n de servicio (DoS) a la investigaci\u00f3n. El endpoint del archivo adjunto no limita adecuadamente el tama\u00f1o de la solicitud, lo que permite que un atacante haga que la investigaci\u00f3n se vuelva inaccesible."
}
],
"metrics": {
@ -50,6 +54,10 @@
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0101",
"source": "prodsec@splunk.com"
},
{
"url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/",
"source": "prodsec@splunk.com"
}
]
}

10
CVE-2024/CVE-2024-221xx/CVE-2024-22165.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22165",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-09T17:15:12.523",
"lastModified": "2024-01-09T19:56:14.023",
"lastModified": "2024-01-10T22:15:51.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
},
{
"lang": "es",
"value": "En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\u00f3n con formato incorrecto para realizar una denegaci\u00f3n de servicio (DoS). La investigaci\u00f3n con formato incorrecto impide la generaci\u00f3n y representaci\u00f3n del administrador de Investigaciones hasta que se elimine.<br>La vulnerabilidad requiere una sesi\u00f3n autenticada y acceso para crear una investigaci\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\u00eda de los usuarios."
}
],
"metrics": {
@ -50,6 +54,10 @@
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0102",
"source": "prodsec@splunk.com"
},
{
"url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/",
"source": "prodsec@splunk.com"
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-10T21:00:26.338276+00:00
2024-01-10T23:00:25.016727+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-10T20:58:33.563000+00:00
2024-01-10T22:15:51.837000+00:00
```
### Last Data Feed Release
@ -29,47 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235468
235537
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `69`
* [CVE-2023-50916](CVE-2023/CVE-2023-509xx/CVE-2023-50916.json) (`2024-01-10T19:15:08.227`)
* [CVE-2023-31488](CVE-2023/CVE-2023-314xx/CVE-2023-31488.json) (`2024-01-10T20:15:45.330`)
* [CVE-2023-51195](CVE-2023/CVE-2023-511xx/CVE-2023-51195.json) (`2024-01-10T20:15:45.393`)
* [CVE-2023-41987](CVE-2023/CVE-2023-419xx/CVE-2023-41987.json) (`2024-01-10T22:15:49.290`)
* [CVE-2023-41994](CVE-2023/CVE-2023-419xx/CVE-2023-41994.json) (`2024-01-10T22:15:49.640`)
* [CVE-2023-42826](CVE-2023/CVE-2023-428xx/CVE-2023-42826.json) (`2024-01-10T22:15:49.707`)
* [CVE-2023-42828](CVE-2023/CVE-2023-428xx/CVE-2023-42828.json) (`2024-01-10T22:15:49.757`)
* [CVE-2023-42829](CVE-2023/CVE-2023-428xx/CVE-2023-42829.json) (`2024-01-10T22:15:49.803`)
* [CVE-2023-42830](CVE-2023/CVE-2023-428xx/CVE-2023-42830.json) (`2024-01-10T22:15:49.850`)
* [CVE-2023-42831](CVE-2023/CVE-2023-428xx/CVE-2023-42831.json) (`2024-01-10T22:15:49.903`)
* [CVE-2023-42832](CVE-2023/CVE-2023-428xx/CVE-2023-42832.json) (`2024-01-10T22:15:49.953`)
* [CVE-2023-42833](CVE-2023/CVE-2023-428xx/CVE-2023-42833.json) (`2024-01-10T22:15:50.000`)
* [CVE-2023-42862](CVE-2023/CVE-2023-428xx/CVE-2023-42862.json) (`2024-01-10T22:15:50.047`)
* [CVE-2023-42865](CVE-2023/CVE-2023-428xx/CVE-2023-42865.json) (`2024-01-10T22:15:50.093`)
* [CVE-2023-42866](CVE-2023/CVE-2023-428xx/CVE-2023-42866.json) (`2024-01-10T22:15:50.143`)
* [CVE-2023-42869](CVE-2023/CVE-2023-428xx/CVE-2023-42869.json) (`2024-01-10T22:15:50.200`)
* [CVE-2023-42870](CVE-2023/CVE-2023-428xx/CVE-2023-42870.json) (`2024-01-10T22:15:50.240`)
* [CVE-2023-42871](CVE-2023/CVE-2023-428xx/CVE-2023-42871.json) (`2024-01-10T22:15:50.280`)
* [CVE-2023-42872](CVE-2023/CVE-2023-428xx/CVE-2023-42872.json) (`2024-01-10T22:15:50.327`)
* [CVE-2023-42876](CVE-2023/CVE-2023-428xx/CVE-2023-42876.json) (`2024-01-10T22:15:50.370`)
* [CVE-2023-42929](CVE-2023/CVE-2023-429xx/CVE-2023-42929.json) (`2024-01-10T22:15:50.417`)
* [CVE-2023-42933](CVE-2023/CVE-2023-429xx/CVE-2023-42933.json) (`2024-01-10T22:15:50.460`)
* [CVE-2023-42934](CVE-2023/CVE-2023-429xx/CVE-2023-42934.json) (`2024-01-10T22:15:50.507`)
* [CVE-2023-42941](CVE-2023/CVE-2023-429xx/CVE-2023-42941.json) (`2024-01-10T22:15:50.543`)
* [CVE-2023-49295](CVE-2023/CVE-2023-492xx/CVE-2023-49295.json) (`2024-01-10T22:15:50.610`)
* [CVE-2023-51123](CVE-2023/CVE-2023-511xx/CVE-2023-51123.json) (`2024-01-10T22:15:50.823`)
* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-10T22:15:50.907`)
* [CVE-2024-21638](CVE-2024/CVE-2024-216xx/CVE-2024-21638.json) (`2024-01-10T22:15:51.563`)
### CVEs modified in the last Commit
Recently modified CVEs: `36`
Recently modified CVEs: `6`
* [CVE-2023-52150](CVE-2023/CVE-2023-521xx/CVE-2023-52150.json) (`2024-01-10T19:50:26.923`)
* [CVE-2023-50256](CVE-2023/CVE-2023-502xx/CVE-2023-50256.json) (`2024-01-10T20:00:20.797`)
* [CVE-2023-6540](CVE-2023/CVE-2023-65xx/CVE-2023-6540.json) (`2024-01-10T20:23:28.493`)
* [CVE-2023-6338](CVE-2023/CVE-2023-63xx/CVE-2023-6338.json) (`2024-01-10T20:25:38.457`)
* [CVE-2023-49442](CVE-2023/CVE-2023-494xx/CVE-2023-49442.json) (`2024-01-10T20:26:06.417`)
* [CVE-2023-5881](CVE-2023/CVE-2023-58xx/CVE-2023-5881.json) (`2024-01-10T20:26:45.550`)
* [CVE-2023-49128](CVE-2023/CVE-2023-491xx/CVE-2023-49128.json) (`2024-01-10T20:28:33.693`)
* [CVE-2023-49127](CVE-2023/CVE-2023-491xx/CVE-2023-49127.json) (`2024-01-10T20:28:49.513`)
* [CVE-2023-49126](CVE-2023/CVE-2023-491xx/CVE-2023-49126.json) (`2024-01-10T20:28:58.340`)
* [CVE-2023-49124](CVE-2023/CVE-2023-491xx/CVE-2023-49124.json) (`2024-01-10T20:29:11.320`)
* [CVE-2023-49129](CVE-2023/CVE-2023-491xx/CVE-2023-49129.json) (`2024-01-10T20:30:03.073`)
* [CVE-2023-49130](CVE-2023/CVE-2023-491xx/CVE-2023-49130.json) (`2024-01-10T20:30:18.623`)
* [CVE-2023-49131](CVE-2023/CVE-2023-491xx/CVE-2023-49131.json) (`2024-01-10T20:30:29.007`)
* [CVE-2023-49132](CVE-2023/CVE-2023-491xx/CVE-2023-49132.json) (`2024-01-10T20:30:39.817`)
* [CVE-2023-49121](CVE-2023/CVE-2023-491xx/CVE-2023-49121.json) (`2024-01-10T20:31:15.787`)
* [CVE-2023-49122](CVE-2023/CVE-2023-491xx/CVE-2023-49122.json) (`2024-01-10T20:31:25.807`)
* [CVE-2023-49123](CVE-2023/CVE-2023-491xx/CVE-2023-49123.json) (`2024-01-10T20:31:36.863`)
* [CVE-2023-52277](CVE-2023/CVE-2023-522xx/CVE-2023-52277.json) (`2024-01-10T20:58:33.563`)
* [CVE-2024-22047](CVE-2024/CVE-2024-220xx/CVE-2024-22047.json) (`2024-01-10T20:02:53.583`)
* [CVE-2024-22088](CVE-2024/CVE-2024-220xx/CVE-2024-22088.json) (`2024-01-10T20:05:19.737`)
* [CVE-2024-0262](CVE-2024/CVE-2024-02xx/CVE-2024-0262.json) (`2024-01-10T20:24:53.017`)
* [CVE-2024-0263](CVE-2024/CVE-2024-02xx/CVE-2024-0263.json) (`2024-01-10T20:43:55.220`)
* [CVE-2024-0261](CVE-2024/CVE-2024-02xx/CVE-2024-0261.json) (`2024-01-10T20:49:43.997`)
* [CVE-2024-0260](CVE-2024/CVE-2024-02xx/CVE-2024-0260.json) (`2024-01-10T20:53:51.637`)
* [CVE-2024-0264](CVE-2024/CVE-2024-02xx/CVE-2024-0264.json) (`2024-01-10T20:57:12.603`)
* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-10T21:15:09.230`)
* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2024-01-10T22:15:49.337`)
* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2024-01-10T22:15:49.427`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-10T22:15:49.500`)
* [CVE-2024-22164](CVE-2024/CVE-2024-221xx/CVE-2024-22164.json) (`2024-01-10T22:15:51.760`)
* [CVE-2024-22165](CVE-2024/CVE-2024-221xx/CVE-2024-22165.json) (`2024-01-10T22:15:51.837`)
## Download and Usage