From 762c6eb084c5068ff3812b1b9f4261584acce47b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 10 Jan 2024 23:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-10T23:00:25.016727+00:00 --- CVE-2022/CVE-2022-329xx/CVE-2022-32919.json | 24 ++++++ CVE-2022/CVE-2022-329xx/CVE-2022-32931.json | 20 +++++ CVE-2022/CVE-2022-428xx/CVE-2022-42816.json | 20 +++++ CVE-2022/CVE-2022-428xx/CVE-2022-42839.json | 24 ++++++ CVE-2022/CVE-2022-457xx/CVE-2022-45793.json | 63 +++++++++++++++ CVE-2022/CVE-2022-467xx/CVE-2022-46710.json | 24 ++++++ CVE-2022/CVE-2022-467xx/CVE-2022-46721.json | 20 +++++ CVE-2022/CVE-2022-479xx/CVE-2022-47915.json | 20 +++++ CVE-2022/CVE-2022-479xx/CVE-2022-47965.json | 20 +++++ CVE-2022/CVE-2022-485xx/CVE-2022-48504.json | 20 +++++ CVE-2022/CVE-2022-485xx/CVE-2022-48577.json | 20 +++++ CVE-2023/CVE-2023-281xx/CVE-2023-28185.json | 40 ++++++++++ CVE-2023/CVE-2023-281xx/CVE-2023-28197.json | 28 +++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29445.json | 63 +++++++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29446.json | 63 +++++++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29447.json | 63 +++++++++++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32366.json | 36 +++++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32378.json | 28 +++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32383.json | 28 +++++++ CVE-2023/CVE-2023-324xx/CVE-2023-32401.json | 28 +++++++ CVE-2023/CVE-2023-324xx/CVE-2023-32424.json | 24 ++++++ CVE-2023/CVE-2023-324xx/CVE-2023-32436.json | 20 +++++ CVE-2023/CVE-2023-386xx/CVE-2023-38607.json | 20 +++++ CVE-2023/CVE-2023-386xx/CVE-2023-38610.json | 24 ++++++ CVE-2023/CVE-2023-386xx/CVE-2023-38612.json | 36 +++++++++ CVE-2023/CVE-2023-403xx/CVE-2023-40383.json | 20 +++++ CVE-2023/CVE-2023-403xx/CVE-2023-40385.json | 28 +++++++ CVE-2023/CVE-2023-403xx/CVE-2023-40393.json | 20 +++++ CVE-2023/CVE-2023-403xx/CVE-2023-40394.json | 20 +++++ CVE-2023/CVE-2023-404xx/CVE-2023-40411.json | 20 +++++ CVE-2023/CVE-2023-404xx/CVE-2023-40414.json | 36 +++++++++ CVE-2023/CVE-2023-404xx/CVE-2023-40430.json | 20 +++++ CVE-2023/CVE-2023-404xx/CVE-2023-40433.json | 20 +++++ CVE-2023/CVE-2023-404xx/CVE-2023-40437.json | 24 ++++++ CVE-2023/CVE-2023-404xx/CVE-2023-40438.json | 24 ++++++ CVE-2023/CVE-2023-404xx/CVE-2023-40439.json | 24 ++++++ CVE-2023/CVE-2023-405xx/CVE-2023-40529.json | 20 +++++ CVE-2023/CVE-2023-410xx/CVE-2023-41060.json | 24 ++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41069.json | 20 +++++ CVE-2023/CVE-2023-410xx/CVE-2023-41075.json | 36 +++++++++ CVE-2023/CVE-2023-419xx/CVE-2023-41974.json | 20 +++++ CVE-2023/CVE-2023-419xx/CVE-2023-41987.json | 20 +++++ CVE-2023/CVE-2023-419xx/CVE-2023-41991.json | 14 +--- CVE-2023/CVE-2023-419xx/CVE-2023-41992.json | 20 +---- CVE-2023/CVE-2023-419xx/CVE-2023-41993.json | 74 +----------------- CVE-2023/CVE-2023-419xx/CVE-2023-41994.json | 20 +++++ CVE-2023/CVE-2023-428xx/CVE-2023-42826.json | 20 +++++ CVE-2023/CVE-2023-428xx/CVE-2023-42828.json | 20 +++++ CVE-2023/CVE-2023-428xx/CVE-2023-42829.json | 28 +++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42830.json | 24 ++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42831.json | 32 ++++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42832.json | 28 +++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42833.json | 28 +++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42862.json | 32 ++++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42865.json | 32 ++++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42866.json | 36 +++++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42869.json | 24 ++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42870.json | 24 ++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42871.json | 24 ++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42872.json | 24 ++++++ CVE-2023/CVE-2023-428xx/CVE-2023-42876.json | 20 +++++ CVE-2023/CVE-2023-429xx/CVE-2023-42929.json | 20 +++++ CVE-2023/CVE-2023-429xx/CVE-2023-42933.json | 20 +++++ CVE-2023/CVE-2023-429xx/CVE-2023-42934.json | 24 ++++++ CVE-2023/CVE-2023-429xx/CVE-2023-42941.json | 20 +++++ CVE-2023/CVE-2023-492xx/CVE-2023-49295.json | 87 +++++++++++++++++++++ CVE-2023/CVE-2023-511xx/CVE-2023-51123.json | 20 +++++ CVE-2023/CVE-2023-511xx/CVE-2023-51126.json | 20 +++++ CVE-2023/CVE-2023-511xx/CVE-2023-51127.json | 20 +++++ CVE-2023/CVE-2023-520xx/CVE-2023-52064.json | 20 +++++ CVE-2023/CVE-2023-59xx/CVE-2023-5981.json | 6 +- CVE-2024/CVE-2024-03xx/CVE-2024-0333.json | 24 ++++++ CVE-2024/CVE-2024-216xx/CVE-2024-21638.json | 63 +++++++++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22164.json | 10 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22165.json | 10 ++- README.md | 69 ++++++++-------- 76 files changed, 1990 insertions(+), 139 deletions(-) create mode 100644 CVE-2022/CVE-2022-329xx/CVE-2022-32919.json create mode 100644 CVE-2022/CVE-2022-329xx/CVE-2022-32931.json create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42816.json create mode 100644 CVE-2022/CVE-2022-428xx/CVE-2022-42839.json create mode 100644 CVE-2022/CVE-2022-457xx/CVE-2022-45793.json create mode 100644 CVE-2022/CVE-2022-467xx/CVE-2022-46710.json create mode 100644 CVE-2022/CVE-2022-467xx/CVE-2022-46721.json create mode 100644 CVE-2022/CVE-2022-479xx/CVE-2022-47915.json create mode 100644 CVE-2022/CVE-2022-479xx/CVE-2022-47965.json create mode 100644 CVE-2022/CVE-2022-485xx/CVE-2022-48504.json create mode 100644 CVE-2022/CVE-2022-485xx/CVE-2022-48577.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28185.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28197.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29445.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29446.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29447.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32366.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32378.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32383.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32401.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32424.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32436.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38607.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38610.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38612.json create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40383.json create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40385.json create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40393.json create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40394.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40411.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40414.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40430.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40433.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40437.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40438.json create mode 100644 CVE-2023/CVE-2023-404xx/CVE-2023-40439.json create mode 100644 CVE-2023/CVE-2023-405xx/CVE-2023-40529.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41060.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41069.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41075.json create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41974.json create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41987.json create mode 100644 CVE-2023/CVE-2023-419xx/CVE-2023-41994.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42826.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42828.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42829.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42830.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42831.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42832.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42833.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42862.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42865.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42866.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42869.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42870.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42871.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42872.json create mode 100644 CVE-2023/CVE-2023-428xx/CVE-2023-42876.json create mode 100644 CVE-2023/CVE-2023-429xx/CVE-2023-42929.json create mode 100644 CVE-2023/CVE-2023-429xx/CVE-2023-42933.json create mode 100644 CVE-2023/CVE-2023-429xx/CVE-2023-42934.json create mode 100644 CVE-2023/CVE-2023-429xx/CVE-2023-42941.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49295.json create mode 100644 CVE-2023/CVE-2023-511xx/CVE-2023-51123.json create mode 100644 CVE-2023/CVE-2023-511xx/CVE-2023-51126.json create mode 100644 CVE-2023/CVE-2023-511xx/CVE-2023-51127.json create mode 100644 CVE-2023/CVE-2023-520xx/CVE-2023-52064.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0333.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21638.json diff --git a/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json b/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json new file mode 100644 index 00000000000..620fe9b25a1 --- /dev/null +++ b/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-32919", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.173", + "lastModified": "2024-01-10T22:15:47.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213530", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213532", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json b/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json new file mode 100644 index 00000000000..0e9f146dd46 --- /dev/null +++ b/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-32931", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.240", + "lastModified": "2024-01-10T22:15:47.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json new file mode 100644 index 00000000000..77480c64e07 --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-42816", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.290", + "lastModified": "2024-01-10T22:15:47.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json new file mode 100644 index 00000000000..63618062d99 --- /dev/null +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-42839", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.330", + "lastModified": "2024-01-10T22:15:47.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213530", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213532", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json b/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json new file mode 100644 index 00000000000..f87699443ba --- /dev/null +++ b/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2022-45793", + "sourceIdentifier": "ot-cert@dragos.com", + "published": "2024-01-10T21:15:08.193", + "lastModified": "2024-01-10T21:15:08.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf", + "source": "ot-cert@dragos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json new file mode 100644 index 00000000000..54f44547131 --- /dev/null +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-46710", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.380", + "lastModified": "2024-01-10T22:15:47.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213530", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213532", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json new file mode 100644 index 00000000000..329c5b866fb --- /dev/null +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46721", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.430", + "lastModified": "2024-01-10T22:15:47.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json new file mode 100644 index 00000000000..1fac75a23f8 --- /dev/null +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-47915", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.473", + "lastModified": "2024-01-10T22:15:47.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json new file mode 100644 index 00000000000..bbd03177bca --- /dev/null +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-47965", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.523", + "lastModified": "2024-01-10T22:15:47.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json new file mode 100644 index 00000000000..bb3273397dd --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-48504", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.563", + "lastModified": "2024-01-10T22:15:47.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json new file mode 100644 index 00000000000..f87999ca1f9 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-48577", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.610", + "lastModified": "2024-01-10T22:15:47.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213488", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json new file mode 100644 index 00000000000..ae451b9a5e7 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-28185", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.803", + "lastModified": "2024-01-10T22:15:47.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213673", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213674", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213675", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213677", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213678", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json new file mode 100644 index 00000000000..3069dd74783 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28197", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.853", + "lastModified": "2024-01-10T22:15:47.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213675", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213677", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json new file mode 100644 index 00000000000..eb5935fd7de --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-29445", + "sourceIdentifier": "ot-cert@dragos.com", + "published": "2024-01-10T21:15:08.410", + "lastModified": "2024-01-10T21:15:08.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.ptc.com/en/support/article/cs399528", + "source": "ot-cert@dragos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json new file mode 100644 index 00000000000..83570345fa5 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-29446", + "sourceIdentifier": "ot-cert@dragos.com", + "published": "2024-01-10T21:15:08.603", + "lastModified": "2024-01-10T21:15:08.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u00a0" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.ptc.com/en/support/article/cs399528", + "source": "ot-cert@dragos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json new file mode 100644 index 00000000000..5cf938ecc86 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-29447", + "sourceIdentifier": "ot-cert@dragos.com", + "published": "2024-01-10T21:15:08.790", + "lastModified": "2024-01-10T21:15:08.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.ptc.com/en/support/article/cs399528", + "source": "ot-cert@dragos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json new file mode 100644 index 00000000000..c270095b23d --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-32366", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.897", + "lastModified": "2024-01-10T22:15:47.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213673", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213675", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213677", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json new file mode 100644 index 00000000000..4a736c68df8 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32378", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.943", + "lastModified": "2024-01-10T22:15:47.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213675", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213677", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json new file mode 100644 index 00000000000..8753a9575df --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32383", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:47.987", + "lastModified": "2024-01-10T22:15:47.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json new file mode 100644 index 00000000000..0ccbb1ee7bb --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-32401", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.040", + "lastModified": "2024-01-10T22:15:48.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213759", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213760", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json new file mode 100644 index 00000000000..862d40235f4 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-32424", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.087", + "lastModified": "2024-01-10T22:15:48.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213678", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json new file mode 100644 index 00000000000..92b367785c5 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32436", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.140", + "lastModified": "2024-01-10T22:15:48.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json new file mode 100644 index 00000000000..4a73d835667 --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38607", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.310", + "lastModified": "2024-01-10T22:15:48.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json new file mode 100644 index 00000000000..ab70db10078 --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38610", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.357", + "lastModified": "2024-01-10T22:15:48.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json new file mode 100644 index 00000000000..420d68cee8f --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-38612", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.403", + "lastModified": "2024-01-10T22:15:48.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213927", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213931", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213932", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json new file mode 100644 index 00000000000..7ab7700f5f4 --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40383", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.460", + "lastModified": "2024-01-10T22:15:48.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json new file mode 100644 index 00000000000..40f7ce588eb --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-40385", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.503", + "lastModified": "2024-01-10T22:15:48.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213941", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json new file mode 100644 index 00000000000..9c9062ee287 --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40393", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.550", + "lastModified": "2024-01-10T22:15:48.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json new file mode 100644 index 00000000000..ebf28e96a48 --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40394", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.593", + "lastModified": "2024-01-10T22:15:48.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213841", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json new file mode 100644 index 00000000000..e060903a763 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40411", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.643", + "lastModified": "2024-01-10T22:15:48.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json new file mode 100644 index 00000000000..0e273b738d1 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-40414", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.687", + "lastModified": "2024-01-10T22:15:48.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213936", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213937", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213941", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json new file mode 100644 index 00000000000..44abc8a6212 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40430", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.740", + "lastModified": "2024-01-10T22:15:48.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json new file mode 100644 index 00000000000..5e13a5cb043 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40433", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.787", + "lastModified": "2024-01-10T22:15:48.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json new file mode 100644 index 00000000000..3649ea8a5e1 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40437", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.827", + "lastModified": "2024-01-10T22:15:48.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213841", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json new file mode 100644 index 00000000000..2bec5dd5bdc --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40438", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.870", + "lastModified": "2024-01-10T22:15:48.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213927", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json new file mode 100644 index 00000000000..8119c9757f9 --- /dev/null +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40439", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.920", + "lastModified": "2024-01-10T22:15:48.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213841", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json new file mode 100644 index 00000000000..2826da10b7e --- /dev/null +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40529", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:48.970", + "lastModified": "2024-01-10T22:15:48.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json new file mode 100644 index 00000000000..db2eb6d9396 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41060", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.107", + "lastModified": "2024-01-10T22:15:49.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json new file mode 100644 index 00000000000..a3ca6eaba39 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41069", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.150", + "lastModified": "2024-01-10T22:15:49.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json new file mode 100644 index 00000000000..643cfe7e257 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-41075", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.190", + "lastModified": "2024-01-10T22:15:49.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213673", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213675", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213677", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json new file mode 100644 index 00000000000..ba3c6a0b070 --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41974", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.240", + "lastModified": "2024-01-10T22:15:49.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json new file mode 100644 index 00000000000..8863e0d2f4f --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41987", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.290", + "lastModified": "2024-01-10T22:15:49.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json index e8353e64535..2b2b08c136d 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41991", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.283", - "lastModified": "2023-11-07T04:21:11.603", + "lastModified": "2024-01-10T22:15:49.337", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-25", "cisaActionDue": "2023-10-16", @@ -96,18 +96,6 @@ } ], "references": [ - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/4", - "source": "product-security@apple.com" - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/5", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, { "url": "https://support.apple.com/en-us/HT213927", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json index 512a2998317..72d68ac31be 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41992", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.520", - "lastModified": "2023-11-07T04:21:11.737", + "lastModified": "2024-01-10T22:15:49.427", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-25", "cisaActionDue": "2023-10-16", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." }, { "lang": "es", @@ -103,22 +103,6 @@ } ], "references": [ - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/4", - "source": "product-security@apple.com" - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/5", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/6", - "source": "product-security@apple.com" - }, { "url": "https://support.apple.com/en-us/HT213927", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json index f5ca4e59a9a..5d707321208 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41993", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.660", - "lastModified": "2023-12-21T22:15:14.453", + "lastModified": "2024-01-10T22:15:49.500", "vulnStatus": "Undergoing Analysis", "cisaExploitAdd": "2023-09-25", "cisaActionDue": "2023-10-16", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." }, { "lang": "es", @@ -146,61 +146,6 @@ } ], "references": [ - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/2", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/3", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "http://seclists.org/fulldisclosure/2023/Oct/4", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/", - "source": "product-security@apple.com", - "tags": [ - "Mailing List" - ] - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ELXBV26Q54BIOVN5LBCJFM2G6VQZ7FO/", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYRHTFVN6FTXLZ27IPTNRSXKBAR2SOMA/", - "source": "product-security@apple.com", - "tags": [ - "Mailing List", - "Third Party Advisory" - ] - }, { "url": "https://support.apple.com/en-us/HT213927", "source": "product-security@apple.com", @@ -224,21 +169,6 @@ "Release Notes", "Vendor Advisory" ] - }, - { - "url": "https://support.apple.com/kb/HT213926", - "source": "product-security@apple.com" - }, - { - "url": "https://support.apple.com/kb/HT213930", - "source": "product-security@apple.com" - }, - { - "url": "https://www.debian.org/security/2023/dsa-5527", - "source": "product-security@apple.com", - "tags": [ - "Third Party Advisory" - ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json new file mode 100644 index 00000000000..c9c862861da --- /dev/null +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41994", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.640", + "lastModified": "2024-01-10T22:15:49.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json new file mode 100644 index 00000000000..316aba37aac --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42826", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.707", + "lastModified": "2024-01-10T22:15:49.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json new file mode 100644 index 00000000000..6aea22cdc81 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42828", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.757", + "lastModified": "2024-01-10T22:15:49.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json new file mode 100644 index 00000000000..7dd3a82af9c --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42829", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.803", + "lastModified": "2024-01-10T22:15:49.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json new file mode 100644 index 00000000000..22b9179d8e3 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42830", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.850", + "lastModified": "2024-01-10T22:15:49.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json new file mode 100644 index 00000000000..539e5b86cd9 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-42831", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.903", + "lastModified": "2024-01-10T22:15:49.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213842", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json new file mode 100644 index 00000000000..77b3432ac38 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42832", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:49.953", + "lastModified": "2024-01-10T22:15:49.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213844", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213845", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json new file mode 100644 index 00000000000..bd024cb221b --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42833", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.000", + "lastModified": "2024-01-10T22:15:50.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213941", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json new file mode 100644 index 00000000000..898f9477552 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-42862", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.047", + "lastModified": "2024-01-10T22:15:50.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213674", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213678", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json new file mode 100644 index 00000000000..173e07514e6 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-42865", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.093", + "lastModified": "2024-01-10T22:15:50.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213670", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213674", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213676", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213678", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json new file mode 100644 index 00000000000..7dd60845d5d --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-42866", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.143", + "lastModified": "2024-01-10T22:15:50.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213841", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213843", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213846", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213847", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213848", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json new file mode 100644 index 00000000000..1d8b83c5046 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42869", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.200", + "lastModified": "2024-01-10T22:15:50.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213757", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213758", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json new file mode 100644 index 00000000000..adc3f6e9b35 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42870", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.240", + "lastModified": "2024-01-10T22:15:50.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json new file mode 100644 index 00000000000..9995f2220a0 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42871", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.280", + "lastModified": "2024-01-10T22:15:50.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json new file mode 100644 index 00000000000..e1aff2fd71e --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42872", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.327", + "lastModified": "2024-01-10T22:15:50.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json new file mode 100644 index 00000000000..15624349328 --- /dev/null +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42876", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.370", + "lastModified": "2024-01-10T22:15:50.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json new file mode 100644 index 00000000000..e77cf6f17da --- /dev/null +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42929", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.417", + "lastModified": "2024-01-10T22:15:50.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json new file mode 100644 index 00000000000..5ae25d8137c --- /dev/null +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42933", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.460", + "lastModified": "2024-01-10T22:15:50.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json new file mode 100644 index 00000000000..a522af14bc2 --- /dev/null +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42934", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.507", + "lastModified": "2024-01-10T22:15:50.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213938", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213940", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json new file mode 100644 index 00000000000..f58a0d493c3 --- /dev/null +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42941", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-01-10T22:15:50.543", + "lastModified": "2024-01-10T22:15:50.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT214035", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json new file mode 100644 index 00000000000..b965154b89e --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json @@ -0,0 +1,87 @@ +{ + "id": "CVE-2023-49295", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-10T22:15:50.610", + "lastModified": "2024-01-10T22:15:50.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json new file mode 100644 index 00000000000..cc0717c584a --- /dev/null +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51123", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-10T22:15:50.823", + "lastModified": "2024-01-10T22:15:50.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/WhereisRain/dir-815", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json new file mode 100644 index 00000000000..f5084aadb12 --- /dev/null +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51126", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-10T21:15:09.083", + "lastModified": "2024-01-10T21:15:09.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/risuxx/CVE-2023-51126", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json new file mode 100644 index 00000000000..fc7acdd9efc --- /dev/null +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51127", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-10T21:15:09.133", + "lastModified": "2024-01-10T21:15:09.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/risuxx/CVE-2023-51127", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json new file mode 100644 index 00000000000..547c7f2e880 --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-52064", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-10T21:15:09.180", + "lastModified": "2024-01-10T21:15:09.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/wuzhicms/wuzhicms/issues/208", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json index f418eac4579..e18d4679a02 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5981", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-28T12:15:07.040", - "lastModified": "2023-12-11T09:15:06.907", + "lastModified": "2024-01-10T21:15:09.230", "vulnStatus": "Modified", "descriptions": [ { @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0155", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5981", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json new file mode 100644 index 00000000000..a4b77b96486 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-0333", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-01-10T22:15:50.907", + "lastModified": "2024-01-10T22:15:50.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1513379", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json new file mode 100644 index 00000000000..06391f1af8a --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-21638", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-10T22:15:51.563", + "lastModified": "2024-01-10T22:15:51.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Azure/ipam/pull/218", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json index 4d09d71264a..d3ffcc34743 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22164", "sourceIdentifier": "prodsec@splunk.com", "published": "2024-01-09T17:15:12.323", - "lastModified": "2024-01-09T19:56:14.023", + "lastModified": "2024-01-10T22:15:51.760", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible." + }, + { + "lang": "es", + "value": "En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigaci\u00f3n para realizar una denegaci\u00f3n de servicio (DoS) a la investigaci\u00f3n. El endpoint del archivo adjunto no limita adecuadamente el tama\u00f1o de la solicitud, lo que permite que un atacante haga que la investigaci\u00f3n se vuelva inaccesible." } ], "metrics": { @@ -50,6 +54,10 @@ { "url": "https://advisory.splunk.com/advisories/SVD-2024-0101", "source": "prodsec@splunk.com" + }, + { + "url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/", + "source": "prodsec@splunk.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json index f3a7cd534d5..b8dfcc6a83f 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22165", "sourceIdentifier": "prodsec@splunk.com", "published": "2024-01-09T17:15:12.523", - "lastModified": "2024-01-09T19:56:14.023", + "lastModified": "2024-01-10T22:15:51.837", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.
The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users." + }, + { + "lang": "es", + "value": "En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\u00f3n con formato incorrecto para realizar una denegaci\u00f3n de servicio (DoS). La investigaci\u00f3n con formato incorrecto impide la generaci\u00f3n y representaci\u00f3n del administrador de Investigaciones hasta que se elimine.
La vulnerabilidad requiere una sesi\u00f3n autenticada y acceso para crear una investigaci\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\u00eda de los usuarios." } ], "metrics": { @@ -50,6 +54,10 @@ { "url": "https://advisory.splunk.com/advisories/SVD-2024-0102", "source": "prodsec@splunk.com" + }, + { + "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/", + "source": "prodsec@splunk.com" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 9f3f87b383d..ba7a9a96df4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-10T21:00:26.338276+00:00 +2024-01-10T23:00:25.016727+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-10T20:58:33.563000+00:00 +2024-01-10T22:15:51.837000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235468 +235537 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `69` -* [CVE-2023-50916](CVE-2023/CVE-2023-509xx/CVE-2023-50916.json) (`2024-01-10T19:15:08.227`) -* [CVE-2023-31488](CVE-2023/CVE-2023-314xx/CVE-2023-31488.json) (`2024-01-10T20:15:45.330`) -* [CVE-2023-51195](CVE-2023/CVE-2023-511xx/CVE-2023-51195.json) (`2024-01-10T20:15:45.393`) +* [CVE-2023-41987](CVE-2023/CVE-2023-419xx/CVE-2023-41987.json) (`2024-01-10T22:15:49.290`) +* [CVE-2023-41994](CVE-2023/CVE-2023-419xx/CVE-2023-41994.json) (`2024-01-10T22:15:49.640`) +* [CVE-2023-42826](CVE-2023/CVE-2023-428xx/CVE-2023-42826.json) (`2024-01-10T22:15:49.707`) +* [CVE-2023-42828](CVE-2023/CVE-2023-428xx/CVE-2023-42828.json) (`2024-01-10T22:15:49.757`) +* [CVE-2023-42829](CVE-2023/CVE-2023-428xx/CVE-2023-42829.json) (`2024-01-10T22:15:49.803`) +* [CVE-2023-42830](CVE-2023/CVE-2023-428xx/CVE-2023-42830.json) (`2024-01-10T22:15:49.850`) +* [CVE-2023-42831](CVE-2023/CVE-2023-428xx/CVE-2023-42831.json) (`2024-01-10T22:15:49.903`) +* [CVE-2023-42832](CVE-2023/CVE-2023-428xx/CVE-2023-42832.json) (`2024-01-10T22:15:49.953`) +* [CVE-2023-42833](CVE-2023/CVE-2023-428xx/CVE-2023-42833.json) (`2024-01-10T22:15:50.000`) +* [CVE-2023-42862](CVE-2023/CVE-2023-428xx/CVE-2023-42862.json) (`2024-01-10T22:15:50.047`) +* [CVE-2023-42865](CVE-2023/CVE-2023-428xx/CVE-2023-42865.json) (`2024-01-10T22:15:50.093`) +* [CVE-2023-42866](CVE-2023/CVE-2023-428xx/CVE-2023-42866.json) (`2024-01-10T22:15:50.143`) +* [CVE-2023-42869](CVE-2023/CVE-2023-428xx/CVE-2023-42869.json) (`2024-01-10T22:15:50.200`) +* [CVE-2023-42870](CVE-2023/CVE-2023-428xx/CVE-2023-42870.json) (`2024-01-10T22:15:50.240`) +* [CVE-2023-42871](CVE-2023/CVE-2023-428xx/CVE-2023-42871.json) (`2024-01-10T22:15:50.280`) +* [CVE-2023-42872](CVE-2023/CVE-2023-428xx/CVE-2023-42872.json) (`2024-01-10T22:15:50.327`) +* [CVE-2023-42876](CVE-2023/CVE-2023-428xx/CVE-2023-42876.json) (`2024-01-10T22:15:50.370`) +* [CVE-2023-42929](CVE-2023/CVE-2023-429xx/CVE-2023-42929.json) (`2024-01-10T22:15:50.417`) +* [CVE-2023-42933](CVE-2023/CVE-2023-429xx/CVE-2023-42933.json) (`2024-01-10T22:15:50.460`) +* [CVE-2023-42934](CVE-2023/CVE-2023-429xx/CVE-2023-42934.json) (`2024-01-10T22:15:50.507`) +* [CVE-2023-42941](CVE-2023/CVE-2023-429xx/CVE-2023-42941.json) (`2024-01-10T22:15:50.543`) +* [CVE-2023-49295](CVE-2023/CVE-2023-492xx/CVE-2023-49295.json) (`2024-01-10T22:15:50.610`) +* [CVE-2023-51123](CVE-2023/CVE-2023-511xx/CVE-2023-51123.json) (`2024-01-10T22:15:50.823`) +* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-10T22:15:50.907`) +* [CVE-2024-21638](CVE-2024/CVE-2024-216xx/CVE-2024-21638.json) (`2024-01-10T22:15:51.563`) ### CVEs modified in the last Commit -Recently modified CVEs: `36` +Recently modified CVEs: `6` -* [CVE-2023-52150](CVE-2023/CVE-2023-521xx/CVE-2023-52150.json) (`2024-01-10T19:50:26.923`) -* [CVE-2023-50256](CVE-2023/CVE-2023-502xx/CVE-2023-50256.json) (`2024-01-10T20:00:20.797`) -* [CVE-2023-6540](CVE-2023/CVE-2023-65xx/CVE-2023-6540.json) (`2024-01-10T20:23:28.493`) -* [CVE-2023-6338](CVE-2023/CVE-2023-63xx/CVE-2023-6338.json) (`2024-01-10T20:25:38.457`) -* [CVE-2023-49442](CVE-2023/CVE-2023-494xx/CVE-2023-49442.json) (`2024-01-10T20:26:06.417`) -* [CVE-2023-5881](CVE-2023/CVE-2023-58xx/CVE-2023-5881.json) (`2024-01-10T20:26:45.550`) -* [CVE-2023-49128](CVE-2023/CVE-2023-491xx/CVE-2023-49128.json) (`2024-01-10T20:28:33.693`) -* [CVE-2023-49127](CVE-2023/CVE-2023-491xx/CVE-2023-49127.json) (`2024-01-10T20:28:49.513`) -* [CVE-2023-49126](CVE-2023/CVE-2023-491xx/CVE-2023-49126.json) (`2024-01-10T20:28:58.340`) -* [CVE-2023-49124](CVE-2023/CVE-2023-491xx/CVE-2023-49124.json) (`2024-01-10T20:29:11.320`) -* [CVE-2023-49129](CVE-2023/CVE-2023-491xx/CVE-2023-49129.json) (`2024-01-10T20:30:03.073`) -* [CVE-2023-49130](CVE-2023/CVE-2023-491xx/CVE-2023-49130.json) (`2024-01-10T20:30:18.623`) -* [CVE-2023-49131](CVE-2023/CVE-2023-491xx/CVE-2023-49131.json) (`2024-01-10T20:30:29.007`) -* [CVE-2023-49132](CVE-2023/CVE-2023-491xx/CVE-2023-49132.json) (`2024-01-10T20:30:39.817`) -* [CVE-2023-49121](CVE-2023/CVE-2023-491xx/CVE-2023-49121.json) (`2024-01-10T20:31:15.787`) -* [CVE-2023-49122](CVE-2023/CVE-2023-491xx/CVE-2023-49122.json) (`2024-01-10T20:31:25.807`) -* [CVE-2023-49123](CVE-2023/CVE-2023-491xx/CVE-2023-49123.json) (`2024-01-10T20:31:36.863`) -* [CVE-2023-52277](CVE-2023/CVE-2023-522xx/CVE-2023-52277.json) (`2024-01-10T20:58:33.563`) -* [CVE-2024-22047](CVE-2024/CVE-2024-220xx/CVE-2024-22047.json) (`2024-01-10T20:02:53.583`) -* [CVE-2024-22088](CVE-2024/CVE-2024-220xx/CVE-2024-22088.json) (`2024-01-10T20:05:19.737`) -* [CVE-2024-0262](CVE-2024/CVE-2024-02xx/CVE-2024-0262.json) (`2024-01-10T20:24:53.017`) -* [CVE-2024-0263](CVE-2024/CVE-2024-02xx/CVE-2024-0263.json) (`2024-01-10T20:43:55.220`) -* [CVE-2024-0261](CVE-2024/CVE-2024-02xx/CVE-2024-0261.json) (`2024-01-10T20:49:43.997`) -* [CVE-2024-0260](CVE-2024/CVE-2024-02xx/CVE-2024-0260.json) (`2024-01-10T20:53:51.637`) -* [CVE-2024-0264](CVE-2024/CVE-2024-02xx/CVE-2024-0264.json) (`2024-01-10T20:57:12.603`) +* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-10T21:15:09.230`) +* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2024-01-10T22:15:49.337`) +* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2024-01-10T22:15:49.427`) +* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-10T22:15:49.500`) +* [CVE-2024-22164](CVE-2024/CVE-2024-221xx/CVE-2024-22164.json) (`2024-01-10T22:15:51.760`) +* [CVE-2024-22165](CVE-2024/CVE-2024-221xx/CVE-2024-22165.json) (`2024-01-10T22:15:51.837`) ## Download and Usage