admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-11T19:00:18.815163+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-11 19:00:22 +00:00
parent 6123b94be0
commit 76f9ecb965
52 changed files with 56979 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
CVE-2023/CVE-2023-225xx/CVE-2023-22522.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-22522",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-12-06T05:15:09.587",
"lastModified": "2023-12-06T21:15:08.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T18:37:00.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue."
},
{
"lang": "es",
"value": "Esta vulnerabilidad de inyecci\u00f3n de plantilla permite a un atacante autenticado, incluido uno con acceso an\u00f3nimo, inyectar entradas de usuario no seguras en una p\u00e1gina de Confluence. Con este enfoque, un atacante puede lograr la ejecuci\u00f3n remota de c\u00f3digo (RCE) en una instancia afectada. Las versiones de acceso p\u00fablico de Confluence Data Center and Server que se enumeran a continuaci\u00f3n est\u00e1n en riesgo y requieren atenci\u00f3n inmediata. Consulte el aviso para obtener detalles adicionales. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -34,14 +60,98 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "7.19.17",
"matchCriteriaId": "4A015179-59B5-4D96-9052-09DB29D0916C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.4.5",
"matchCriteriaId": "5AA7D282-A8E0-489F-84C1-C6E408A9B4ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.4",
"matchCriteriaId": "083AB6F4-E31A-42A8-ADFD-78EC9707C2E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0",
"versionEndExcluding": "8.6.2",
"matchCriteriaId": "D48F8516-17B8-4389-937F-3F9F739F6D0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FED19C83-6D8B-45B1-AAC3-F4C6B12C0E4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "7.19.17",
"matchCriteriaId": "3807D8DA-9B6B-4BC9-BDAA-ADA323D01BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.4.5",
"matchCriteriaId": "4DAC707F-D5C9-45F8-AB03-2978D4D918E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.4",
"matchCriteriaId": "F1272EBF-A45E-42A7-A71B-401DF806E38D"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93502",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-225xx/CVE-2023-22523.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-22523",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-12-06T05:15:10.087",
"lastModified": "2023-12-06T16:15:06.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T18:29:13.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent."
},
{
"lang": "es",
"value": "Esta vulnerabilidad, si se explota, permite a un atacante realizar RCE (ejecuci\u00f3n remota de c\u00f3digo) privilegiada en m\u00e1quinas con el agente Assets Discovery instalado. La vulnerabilidad existe entre la aplicaci\u00f3n Assets Discovery (anteriormente conocida como Insight Discovery) y el agente Assets Discovery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -34,14 +60,80 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:assets_discovery_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "B605B443-2604-4D2D-99C2-EF7D955B1886"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "3.1.11",
"matchCriteriaId": "6EE9C216-E2F8-4BDB-A67B-095AA0B19613"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.0",
"matchCriteriaId": "C95EF896-3AE4-400B-B4BD-61D909D91B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "3.1.11",
"matchCriteriaId": "63079045-C71C-4D37-9B05-BD3705B90B37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:assets_discovery_data_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.0",
"matchCriteriaId": "329E8EB1-FEAC-4C29-B443-4AB31D5DBC95"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/JSDSERVER-14925",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

208
CVE-2023/CVE-2023-261xx/CVE-2023-26154.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26154",
"sourceIdentifier": "report@snyk.io",
"published": "2023-12-06T05:15:10.437",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:48:03.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption."
},
{
"lang": "es",
"value": "Versiones del paquete pubnub anteriores a 7.4.0; todas las versiones del paquete com.pubnub:pubnub; versiones del paquete pubnub anteriores a 6.19.0; todas las versiones del paquete github.com/pubnub/go; versiones del paquete github.com/pubnub/go/v7 anteriores a 7.2.0; versiones del paquete pubnub anteriores a 7.3.0; versiones del paquete pubnub/pubnub anteriores a 6.1.0; versiones del paquete pubnub anteriores a 5.3.0; versiones del paquete pubnub anteriores a 0.4.0; versiones del paquete pubnub/c-core anteriores a 4.5.0; versiones del paquete com.pubnub:pubnub-kotlin anteriores a 7.7.0; versiones del paquete pubnub/swift anteriores a 6.2.0; versiones del paquete pubnub anteriores a 5.2.0; Las versiones del paquete pubnub anteriores a la 4.3.0 son vulnerables a una entrop\u00eda insuficiente a trav\u00e9s de la funci\u00f3n getKey, debido a una implementaci\u00f3n ineficiente del algoritmo criptogr\u00e1fico AES-256-CBC. La funci\u00f3n de cifrado proporcionada es menos segura cuando se aplica codificaci\u00f3n y recorte hexadecimal, dejando la mitad de los bits de la clave siempre igual para cada mensaje o archivo codificado. **Nota:** Para aprovechar esta vulnerabilidad, el atacante necesita invertir recursos en preparar el ataque y aplicar fuerza bruta al cifrado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -46,74 +80,210 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:c-core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0",
"matchCriteriaId": "828BEB48-975A-4362-8BDD-904BCE3823FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:kotlin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.7.0",
"matchCriteriaId": "73948491-97EE-4EB8-8B97-9429088F99DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionEndExcluding": "0.4.0",
"matchCriteriaId": "8170F0DF-1ED2-417E-B339-C08E1155938B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:go:*:*",
"versionEndExcluding": "7.2.0",
"matchCriteriaId": "DF09708C-0267-4D74-BEB3-26273E41BC57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "3.6.4",
"versionEndExcluding": "4.3.0",
"matchCriteriaId": "CFA61BEF-9855-4A93-B02B-4D18B2AA3367"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "4.3.1",
"versionEndExcluding": "5.2.0",
"matchCriteriaId": "8D178036-011A-496A-81B2-2F6EC9CC10A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.1.0",
"matchCriteriaId": "E6AB8896-76D8-4888-A242-9A822898F0E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.19.0",
"matchCriteriaId": "1F2A00A7-9503-40F4-B31C-AEDC2B451A36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.3.0",
"matchCriteriaId": "F1CF5B2D-CBE3-40AE-A53E-55B88317D278"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*",
"versionStartIncluding": "7.3.1",
"versionEndExcluding": "7.4.0",
"matchCriteriaId": "8FF1CC6E-E537-4776-BF26-C07C83EEE35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pubnub:swift:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.0",
"matchCriteriaId": "24510B75-8FA4-46F5-A8C0-24C89141904B"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-28xx/CVE-2023-2861.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2861",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-12-06T07:15:41.430",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:44:27.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la implementaci\u00f3n del sistema de archivos de paso 9p (9pfs) en QEMU. El servidor 9pfs no prohib\u00eda la apertura de archivos especiales en el lado del host, lo que potencialmente permit\u00eda que un cliente malicioso escapara del \u00e1rbol 9p exportado creando y abriendo un archivo de dispositivo en la carpeta compartida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.0",
"matchCriteriaId": "A178AFEF-359C-427C-99C6-EC003039FF3B"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2861",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

7522
CVE-2023/CVE-2023-330xx/CVE-2023-33017.json
View File

File diff suppressed because it is too large Load Diff

7144
CVE-2023/CVE-2023-330xx/CVE-2023-33018.json
View File

File diff suppressed because it is too large Load Diff

5767
CVE-2023/CVE-2023-330xx/CVE-2023-33022.json
View File

File diff suppressed because it is too large Load Diff

1960
CVE-2023/CVE-2023-330xx/CVE-2023-33024.json
View File

File diff suppressed because it is too large Load Diff

3472
CVE-2023/CVE-2023-330xx/CVE-2023-33041.json
View File

File diff suppressed because it is too large Load Diff

2041
CVE-2023/CVE-2023-330xx/CVE-2023-33042.json
View File

File diff suppressed because it is too large Load Diff

1636
CVE-2023/CVE-2023-330xx/CVE-2023-33043.json
View File

File diff suppressed because it is too large Load Diff

2473
CVE-2023/CVE-2023-330xx/CVE-2023-33044.json
View File

File diff suppressed because it is too large Load Diff

3203
CVE-2023/CVE-2023-330xx/CVE-2023-33053.json
View File

File diff suppressed because it is too large Load Diff

4579
CVE-2023/CVE-2023-330xx/CVE-2023-33054.json
View File

File diff suppressed because it is too large Load Diff

7635
CVE-2023/CVE-2023-330xx/CVE-2023-33063.json
View File

File diff suppressed because it is too large Load Diff

2798
CVE-2023/CVE-2023-330xx/CVE-2023-33070.json
View File

File diff suppressed because it is too large Load Diff

395
CVE-2023/CVE-2023-330xx/CVE-2023-33071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33071",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-12-05T03:15:12.433",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T18:45:23.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -38,10 +58,379 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B828AC8-4A01-4537-B2BD-8180C99F5C32"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C16E1E-9D4A-4F20-B697-833FDCCA86FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828CFB37-76A6-4927-9D00-AF9A1C432DD6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11405993-5903-4716-B452-370281034B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C40544E-B040-491C-8DF3-50225E70B50C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DAC85C-CDC9-4784-A69A-147A2CE8A8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F33EB594-B0D3-42F2-B1CA-B0E6C9D82C6B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF47E5-2875-412F-815D-44804BB3A739"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

3932
CVE-2023/CVE-2023-330xx/CVE-2023-33079.json
View File

File diff suppressed because it is too large Load Diff

79
CVE-2023/CVE-2023-400xx/CVE-2023-40053.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-40053",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-12-06T04:15:07.523",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T18:42:29.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. "
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la funci\u00f3n de compartir archivos de Serv-U, que podr\u00eda usarse de manera maliciosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:serv-u:15.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5D87E13-3438-4299-80B2-A7C0746DBF51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:serv-u:15.4.0:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "258C9475-8149-4889-BC71-69A6D6AAD23F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:serv-u:15.4.0:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2D7FB620-2913-4972-997F-93E7BDA9C627"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-403xx/CVE-2023-40360.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40360",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T18:15:11.510",
"lastModified": "2023-09-15T14:15:11.057",
"vulnStatus": "Modified",
"lastModified": "2023-12-11T18:34:42.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled."
},
{
"lang": "es",
"value": "QEMU hasta 8.0.4 accede a un puntero NULL en nvme_directive_receive en hw/nvme/ctrl.c porque no se verifica si un grupo de resistencia est\u00e1 configurado antes de verificar si la Ubicaci\u00f3n Flexible de Datos est\u00e1 habilitada."
}
],
"metrics": {
@ -56,8 +60,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.4",
"matchCriteriaId": "F7B6B5FB-14AD-40AE-90C6-4D7F455900FF"
"matchCriteriaId": "6265FE36-CDDE-4781-920F-E99CBE343A53"
}
]
}
@ -83,7 +88,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0004/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.qemu.org/docs/master/system/security.html",

65
CVE-2023/CVE-2023-412xx/CVE-2023-41268.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41268",
"sourceIdentifier": "PSIRT@samsung.com",
"published": "2023-12-06T04:15:07.773",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T18:39:45.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.\u00a0This issue affects Escargot: from 3.0.0 through 4.0.0.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Samsung Open Source Escargot permite un desbordamiento de pila y una falla de segmentaci\u00f3n. Este problema afecta a Escargot: desde 3.0.0 hasta 4.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
@ -46,10 +80,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:escargot:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D34787CB-9119-48D9-AA02-81C04EAEECE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF60791-B028-45C4-8BF5-57443F77ADE1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1260",
"source": "PSIRT@samsung.com"
"source": "PSIRT@samsung.com",
"tags": [
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-41xx/CVE-2023-4122.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4122",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-07T23:15:07.277",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:48:11.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application."
},
{
"lang": "es",
"value": "Student Information System v1.0 es afectado por una vulnerabilidad de carga de archivos insegura en el par\u00e1metro 'foto' de la p\u00e1gina de mi perfil, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n remota de c\u00f3digo en el servidor que aloja la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imsurajghosh:student_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F523085-89EA-4377-9799-9A0BB43C342D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/rubinstein/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

5
CVE-2023/CVE-2023-41xx/CVE-2023-4135.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4135",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-04T14:15:12.173",
"lastModified": "2023-11-07T14:50:55.250",
"lastModified": "2023-12-11T18:35:03.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,8 +90,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.1.0",
"matchCriteriaId": "A178AFEF-359C-427C-99C6-EC003039FF3B"
"matchCriteriaId": "423C1B29-97E6-4574-84B0-1F68F1A65DAF"
},
{
"vulnerable": true,

12
CVE-2023/CVE-2023-427xx/CVE-2023-42794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42794",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T18:15:18.863",
"lastModified": "2023-10-16T14:00:56.317",
"lastModified": "2023-12-11T18:23:56.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]

64
CVE-2023/CVE-2023-432xx/CVE-2023-43298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:07.623",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:48:50.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la miniaplicaci\u00f3n SCOL Members Card en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43298.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-432xx/CVE-2023-43299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43299",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.373",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:49:28.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la miniaplicaci\u00f3n DA BUTCHERS en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43299.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-433xx/CVE-2023-43300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.540",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:50:00.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Un problema en la miniaplicaci\u00f3n urban_project en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43300.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-433xx/CVE-2023-43301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.697",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:42:24.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la miniaplicaci\u00f3n DARTS SHOP MAXIM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43301.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-452xx/CVE-2023-45210.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-45210",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-06T09:15:08.163",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:28:08.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access."
},
{
"lang": "es",
"value": "Pleasanter 1.3.47.0 y versiones anteriores contienen una vulnerabilidad de control de acceso inadecuado, que puede permitir que un atacante autenticado remoto vea los archivos temporales cargados por otros usuarios a los que no se les permite acceder."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3.47.0",
"matchCriteriaId": "AAA04A57-55E0-4DFE-B3F8-173CEC1EA1C6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN96209256/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-466xx/CVE-2023-46688.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46688",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-06T09:15:08.207",
"lastModified": "2023-12-06T13:50:00.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:27:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento abierto en Pleasanter 1.3.47.0 y versiones anteriores permite que un atacante remoto no autenticado redirija a los usuarios a sitios web arbitrarios a trav\u00e9s de una URL especialmente manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3.47.0",
"matchCriteriaId": "AAA04A57-55E0-4DFE-B3F8-173CEC1EA1C6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN96209256/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-488xx/CVE-2023-48861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48861",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T08:15:07.297",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:54:53.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Vulnerabilidad de secuestro de DLL en TTplayer versi\u00f3n 7.0.2, permite a atacantes locales escalar privilegios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de urlmon.dll."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:baidu:ttplayer:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AEF963-B722-41CF-9B33-AB368E5615C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xieqiang11/POC4/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49460.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49460",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.140",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:32:51.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que libheif v1.17.5 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n UncompressedImageCodec::decode_uncompressed_image."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8776EE2B-B4B8-4509-BC0C-3668329FF6C9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libheif/issues/1046",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49462.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49462",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.190",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:32:38.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que libheif v1.17.5 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s del componente /libheif/exif.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8776EE2B-B4B8-4509-BC0C-3668329FF6C9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libheif/issues/1043",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

74
CVE-2023/CVE-2023-494xx/CVE-2023-49463.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-49463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.260",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:32:07.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que libheif v1.17.5 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n find_exif_tag en /libheif/exif.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8776EE2B-B4B8-4509-BC0C-3668329FF6C9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libheif",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/strukturag/libheif/issues/1042",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49464.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.320",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:31:56.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que libheif v1.17.5 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8776EE2B-B4B8-4509-BC0C-3668329FF6C9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libheif/issues/1044",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49465.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.370",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:31:41.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Libde265 v1.0.14 conten\u00eda una vulnerabilidad de desbordamiento del b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n derive_spatial_luma_vector_prediction en motion.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B160149E-E072-4FC7-8E38-E3C469C78472"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/435",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49467.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.427",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:31:18.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Libde265 v1.0.14 conten\u00eda una vulnerabilidad de desbordamiento del b\u00fafer de almacenamiento din\u00e1mico en la funci\u00f3n derive_combined_bipredictive_merging_candidates en motion.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B160149E-E072-4FC7-8E38-E3C469C78472"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/434",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-494xx/CVE-2023-49468.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49468",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T20:15:38.477",
"lastModified": "2023-12-07T21:05:53.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:30:55.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Libde265 v1.0.14 conten\u00eda una vulnerabilidad de desbordamiento de b\u00fafer global en la funci\u00f3n read_coding_unit en slice.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B160149E-E072-4FC7-8E38-E3C469C78472"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/432",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-497xx/CVE-2023-49735.json
View File

@ -2,19 +2,56 @@
"id": "CVE-2023-49735",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-30T22:15:09.123",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:34:30.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** El valor establecido como atributo DefaultLocaleResolver.LOCALE_KEY en la sesi\u00f3n no se valid\u00f3 al resolver archivos de definici\u00f3n XML, lo que provoc\u00f3 un posible path traversal y, finalmente, SSRF/XXE al pasar datos controlados por el usuario a esta clave. Pasar datos controlados por el usuario a esta clave puede ser relativamente com\u00fan, ya que tambi\u00e9n se us\u00f3 as\u00ed para configurar el idioma en la aplicaci\u00f3n 'tiles-test' incluida con Tiles. Este problema afecta a Apache Tiles desde la versi\u00f3n 2 en adelante. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -23,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tiles:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"matchCriteriaId": "DC95F767-D614-4F1B-8603-C3A86F7512E9"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-498xx/CVE-2023-49897.json
View File

@ -2,23 +2,128 @@
"id": "CVE-2023-49897",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-06T07:15:41.883",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:29:32.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la versi\u00f3n 2.0.9 y anteriores del firmware AE1021PE y en la versi\u00f3n 2.0.9 y anteriores del firmware AE1021. Si se explota esta vulnerabilidad, un atacante puede ejecutar un comando arbitrario del sistema operativo que pueda iniciar sesi\u00f3n en el producto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.10",
"matchCriteriaId": "4F8B5B94-BFD2-4037-B8E2-DCD4F843AD55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03B391D9-2AF4-4889-BFA3-52C11B4390C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.10",
"matchCriteriaId": "A110A774-F48F-4F4F-8EE0-FD17F94B8AB6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB758E1E-0CF5-4CA6-9A08-2B33BF296D67"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92152057/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.fxc.jp/news/20231206",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-504xx/CVE-2023-50428.json
View File

@ -2,35 +2,116 @@
"id": "CVE-2023-50428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-09T19:15:07.977",
"lastModified": "2023-12-10T11:50:56.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:50:29.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023."
},
{
"lang": "es",
"value": "En Bitcoin Core hasta 26.0 y Bitcoin Knots anteriores a 25.1.knots20231115, los l\u00edmites de tama\u00f1o del portador de datos se pueden eludir ofuscando los datos como c\u00f3digo (por ejemplo, con OP_FALSE OP_IF), tal como lo explot\u00f3 Inscriptions en 2022 y 2023."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9",
"versionEndIncluding": "26.0",
"matchCriteriaId": "B1179DE7-9710-433D-83B8-0CE1A7CC8BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9",
"versionEndExcluding": "25.1",
"matchCriteriaId": "42AEEA35-5598-4E0A-B693-5D0918ED30B7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/bitcoin/bitcoin/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-50xx/CVE-2023-5008.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5008",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-08T00:15:07.597",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:47:39.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."
},
{
"lang": "es",
"value": "Student Information System v1.0 es afectado por una vulnerabilidad de inyecci\u00f3n SQL no autenticada en el par\u00e1metro 'regno' de la p\u00e1gina index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y evitar el control de inicio de sesi\u00f3n."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imsurajghosh:student_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F523085-89EA-4377-9799-9A0BB43C342D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/blechacz/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5710",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.527",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:52:15.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "22E03EF4-BD97-49BE-85B2-DF9699D288BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7930",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L7951",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f170379e-e833-42e0-96fd-1e1722a8331c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5711",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.770",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:52:02.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "22E03EF4-BD97-49BE-85B2-DF9699D288BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L1925",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L1932",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5712",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.933",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:51:49.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "22E03EF4-BD97-49BE-85B2-DF9699D288BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L7382",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L7403",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5713",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:07.110",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:51:32.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "22E03EF4-BD97-49BE-85B2-DF9699D288BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L6341",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L6357",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-57xx/CVE-2023-5714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5714",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:07.287",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:51:11.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "22E03EF4-BD97-49BE-85B2-DF9699D288BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L2942",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L2949",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-58xx/CVE-2023-5808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5808",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-05T00:15:09.840",
"lastModified": "2023-12-08T20:15:08.200",
"lastModified": "2023-12-11T18:15:30.130",
"vulnStatus": "Modified",
"descriptions": [
{
@ -112,11 +112,8 @@
],
"references": [
{
"url": "https://support.hitachivantara.com/",
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Not Applicable"
]
"url": "https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

117
CVE-2023/CVE-2023-65xx/CVE-2023-6512.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6512",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-06T02:15:07.543",
"lastModified": "2023-12-09T22:15:07.507",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-11T18:53:29.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,128 @@
"value": "La implementaci\u00f3n inapropiada en la interfaz de usuario del navegador web en Google Chrome anterior a 120.0.6099.62 permit\u00eda a un atacante remoto falsificar potencialmente el contenido de un men\u00fa contextual de di\u00e1logo iframe a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1457702",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5573",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-65xx/CVE-2023-6527.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6527",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-06T05:15:10.750",
"lastModified": "2023-12-06T13:50:08.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-11T17:45:06.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Email Subscription Popup para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del encabezado HTTP_REFERER en todas las versiones hasta la 1.2.18 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i13websolution:email_subscription_popup:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.19",
"matchCriteriaId": "53CF1ED5-FB2B-468C-9FA6-8010AD4A83C0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribe/tags/1.2.19/wp-email-subscription.php?rev=3005188#L2125",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f84814e-f7b7-4228-b331-63027a0770af?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6538.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6538",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-11T18:15:30.250",
"lastModified": "2023-12-11T18:15:30.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-11T17:04:10.424765+00:00
2023-12-11T19:00:18.815163+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-11T16:18:06.687000+00:00
2023-12-11T18:54:15.047000+00:00
```
### Last Data Feed Release
@ -29,48 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232710
232711
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `1`
* [CVE-2023-49417](CVE-2023/CVE-2023-494xx/CVE-2023-49417.json) (`2023-12-11T14:15:31.740`)
* [CVE-2023-49418](CVE-2023/CVE-2023-494xx/CVE-2023-49418.json) (`2023-12-11T14:15:31.800`)
* [CVE-2023-6194](CVE-2023/CVE-2023-61xx/CVE-2023-6194.json) (`2023-12-11T14:15:31.847`)
* [CVE-2023-6671](CVE-2023/CVE-2023-66xx/CVE-2023-6671.json) (`2023-12-11T14:15:32.150`)
* [CVE-2023-6538](CVE-2023/CVE-2023-65xx/CVE-2023-6538.json) (`2023-12-11T18:15:30.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `60`
Recently modified CVEs: `50`
* [CVE-2023-5188](CVE-2023/CVE-2023-51xx/CVE-2023-5188.json) (`2023-12-11T15:32:04.883`)
* [CVE-2023-49070](CVE-2023/CVE-2023-490xx/CVE-2023-49070.json) (`2023-12-11T15:32:29.317`)
* [CVE-2023-43472](CVE-2023/CVE-2023-434xx/CVE-2023-43472.json) (`2023-12-11T15:32:59.420`)
* [CVE-2023-44295](CVE-2023/CVE-2023-442xx/CVE-2023-44295.json) (`2023-12-11T15:33:19.813`)
* [CVE-2023-44288](CVE-2023/CVE-2023-442xx/CVE-2023-44288.json) (`2023-12-11T15:33:33.377`)
* [CVE-2023-39248](CVE-2023/CVE-2023-392xx/CVE-2023-39248.json) (`2023-12-11T15:33:45.650`)
* [CVE-2023-37572](CVE-2023/CVE-2023-375xx/CVE-2023-37572.json) (`2023-12-11T15:34:02.400`)
* [CVE-2023-47304](CVE-2023/CVE-2023-473xx/CVE-2023-47304.json) (`2023-12-11T15:37:02.707`)
* [CVE-2023-42578](CVE-2023/CVE-2023-425xx/CVE-2023-42578.json) (`2023-12-11T15:38:57.763`)
* [CVE-2023-42577](CVE-2023/CVE-2023-425xx/CVE-2023-42577.json) (`2023-12-11T15:41:26.297`)
* [CVE-2023-42576](CVE-2023/CVE-2023-425xx/CVE-2023-42576.json) (`2023-12-11T15:42:44.137`)
* [CVE-2023-42575](CVE-2023/CVE-2023-425xx/CVE-2023-42575.json) (`2023-12-11T16:04:34.710`)
* [CVE-2023-42574](CVE-2023/CVE-2023-425xx/CVE-2023-42574.json) (`2023-12-11T16:04:55.683`)
* [CVE-2023-42573](CVE-2023/CVE-2023-425xx/CVE-2023-42573.json) (`2023-12-11T16:05:18.447`)
* [CVE-2023-49240](CVE-2023/CVE-2023-492xx/CVE-2023-49240.json) (`2023-12-11T16:10:25.813`)
* [CVE-2023-49239](CVE-2023/CVE-2023-492xx/CVE-2023-49239.json) (`2023-12-11T16:12:38.460`)
* [CVE-2023-46773](CVE-2023/CVE-2023-467xx/CVE-2023-46773.json) (`2023-12-11T16:14:54.787`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-11T16:15:42.330`)
* [CVE-2023-5557](CVE-2023/CVE-2023-55xx/CVE-2023-5557.json) (`2023-12-11T16:15:42.630`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-11T16:15:42.763`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-11T16:15:42.880`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2023-12-11T16:15:42.990`)
* [CVE-2023-44113](CVE-2023/CVE-2023-441xx/CVE-2023-44113.json) (`2023-12-11T16:15:48.920`)
* [CVE-2023-44099](CVE-2023/CVE-2023-440xx/CVE-2023-44099.json) (`2023-12-11T16:16:17.500`)
* [CVE-2023-48849](CVE-2023/CVE-2023-488xx/CVE-2023-48849.json) (`2023-12-11T16:18:06.687`)
* [CVE-2023-33024](CVE-2023/CVE-2023-330xx/CVE-2023-33024.json) (`2023-12-11T17:51:28.897`)
* [CVE-2023-5713](CVE-2023/CVE-2023-57xx/CVE-2023-5713.json) (`2023-12-11T17:51:32.003`)
* [CVE-2023-5712](CVE-2023/CVE-2023-57xx/CVE-2023-5712.json) (`2023-12-11T17:51:49.363`)
* [CVE-2023-5711](CVE-2023/CVE-2023-57xx/CVE-2023-5711.json) (`2023-12-11T17:52:02.330`)
* [CVE-2023-5710](CVE-2023/CVE-2023-57xx/CVE-2023-5710.json) (`2023-12-11T17:52:15.347`)
* [CVE-2023-33041](CVE-2023/CVE-2023-330xx/CVE-2023-33041.json) (`2023-12-11T17:52:30.027`)
* [CVE-2023-33042](CVE-2023/CVE-2023-330xx/CVE-2023-33042.json) (`2023-12-11T17:53:27.723`)
* [CVE-2023-33043](CVE-2023/CVE-2023-330xx/CVE-2023-33043.json) (`2023-12-11T17:54:32.727`)
* [CVE-2023-48861](CVE-2023/CVE-2023-488xx/CVE-2023-48861.json) (`2023-12-11T17:54:53.557`)
* [CVE-2023-33044](CVE-2023/CVE-2023-330xx/CVE-2023-33044.json) (`2023-12-11T18:03:59.473`)
* [CVE-2023-33053](CVE-2023/CVE-2023-330xx/CVE-2023-33053.json) (`2023-12-11T18:06:27.913`)
* [CVE-2023-33054](CVE-2023/CVE-2023-330xx/CVE-2023-33054.json) (`2023-12-11T18:13:32.720`)
* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-11T18:15:30.130`)
* [CVE-2023-33063](CVE-2023/CVE-2023-330xx/CVE-2023-33063.json) (`2023-12-11T18:20:10.893`)
* [CVE-2023-42794](CVE-2023/CVE-2023-427xx/CVE-2023-42794.json) (`2023-12-11T18:23:56.740`)
* [CVE-2023-22523](CVE-2023/CVE-2023-225xx/CVE-2023-22523.json) (`2023-12-11T18:29:13.970`)
* [CVE-2023-40360](CVE-2023/CVE-2023-403xx/CVE-2023-40360.json) (`2023-12-11T18:34:42.457`)
* [CVE-2023-4135](CVE-2023/CVE-2023-41xx/CVE-2023-4135.json) (`2023-12-11T18:35:03.667`)
* [CVE-2023-22522](CVE-2023/CVE-2023-225xx/CVE-2023-22522.json) (`2023-12-11T18:37:00.900`)
* [CVE-2023-41268](CVE-2023/CVE-2023-412xx/CVE-2023-41268.json) (`2023-12-11T18:39:45.353`)
* [CVE-2023-40053](CVE-2023/CVE-2023-400xx/CVE-2023-40053.json) (`2023-12-11T18:42:29.597`)
* [CVE-2023-33070](CVE-2023/CVE-2023-330xx/CVE-2023-33070.json) (`2023-12-11T18:43:52.907`)
* [CVE-2023-33071](CVE-2023/CVE-2023-330xx/CVE-2023-33071.json) (`2023-12-11T18:45:23.717`)
* [CVE-2023-6512](CVE-2023/CVE-2023-65xx/CVE-2023-6512.json) (`2023-12-11T18:53:29.410`)
* [CVE-2023-33079](CVE-2023/CVE-2023-330xx/CVE-2023-33079.json) (`2023-12-11T18:54:15.047`)
## Download and Usage