admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T15:00:49.818950+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 15:00:53 +00:00
parent bb37f3795b
commit 785ff6e060
93 changed files with 22516 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-286xx/CVE-2021-28663.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-28663",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-10T15:15:07.557",
"lastModified": "2023-02-23T22:15:10.947",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Use-After-Free Vulnerability",
"cisaVulnerabilityName": "Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability",
"descriptions": [
{
"lang": "en",
@ -95,10 +95,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r4p0",
"versionEndIncluding": "r30p0",
"matchCriteriaId": "30CB2295-BB50-48A4-9C9F-AED906560FB1"
"matchCriteriaId": "C57F0AF0-BB86-41BE-B41F-951FC34878D2"
},
{
"vulnerable": true,

8
CVE-2021/CVE-2021-286xx/CVE-2021-28664.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-28664",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-10T15:15:07.590",
"lastModified": "2022-10-27T21:15:09.857",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Boundary Error Vulnerability",
"cisaVulnerabilityName": "Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability",
"descriptions": [
{
"lang": "en",
@ -95,10 +95,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r8p0",
"versionEndIncluding": "r30p0",
"matchCriteriaId": "20E40FCD-B110-4D33-9696-E97159E435DD"
"matchCriteriaId": "36164B50-6A20-4FCD-8382-3B9C9069C9E7"
},
{
"vulnerable": true,

8
CVE-2021/CVE-2021-448xx/CVE-2021-44828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-44828",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-14T20:15:14.053",
"lastModified": "2022-01-21T21:13:03.357",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-787"
}
]
}
@ -91,10 +91,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r26p0",
"versionEndIncluding": "r30p0",
"matchCriteriaId": "63F86A2C-A943-4A17-B11B-D01B1BB65C8B"
"matchCriteriaId": "0318AE85-85FD-4309-8E87-EF45E41B05E3"
},
{
"vulnerable": true,

4
CVE-2022/CVE-2022-229xx/CVE-2022-22942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22942",
"sourceIdentifier": "security@vmware.com",
"published": "2023-12-13T09:15:33.890",
"lastModified": "2023-12-13T09:15:33.890",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-274xx/CVE-2022-27488.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-27488",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:10.910",
"lastModified": "2023-12-13T07:15:10.910",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests."
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en Fortinet FortiVoiceEnterprise versi\u00f3n 6.4.x, 6.0.x, FortiSwitch versi\u00f3n 7.0.0 a 7.0.4, 6.4.0 a 6.4.10, 6.2.0 a 6.2.7, 6.0.x , FortiMail versi\u00f3n 7.0.0 a 7.0.3, 6.4.0 a 6.4.6, 6.2.x, 6.0.x FortiRecorder versi\u00f3n 6.4.0 a 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR versi\u00f3n 1.xx permite que un atacante remoto no autenticado ejecute comandos en la CLI enga\u00f1ando a un administrador autenticado para que ejecute solicitudes GET maliciosas."
}
],
"metrics": {

6
CVE-2022/CVE-2022-283xx/CVE-2022-28348.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28348",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-05-19T01:15:06.803",
"lastModified": "2022-05-28T02:11:09.087",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -91,10 +91,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r4p0",
"versionEndIncluding": "r31p0",
"matchCriteriaId": "F2F841C0-9C43-4A42-90F8-CF98339881CB"
"matchCriteriaId": "A1AB50D5-AAC9-473D-B450-8275CB7E1676"
},
{
"vulnerable": true,

6
CVE-2022/CVE-2022-381xx/CVE-2022-38181.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38181",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-25T19:15:11.487",
"lastModified": "2023-06-12T07:16:46.037",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-03-30",
"cisaActionDue": "2023-04-20",
@ -75,10 +75,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r4p0",
"versionEndIncluding": "r31p0",
"matchCriteriaId": "F2F841C0-9C43-4A42-90F8-CF98339881CB"
"matchCriteriaId": "A1AB50D5-AAC9-473D-B450-8275CB7E1676"
},
{
"vulnerable": true,

6
CVE-2022/CVE-2022-463xx/CVE-2022-46395.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46395",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-06T14:15:09.367",
"lastModified": "2023-06-12T07:16:49.167",
"lastModified": "2023-12-13T13:51:52.563",
"vulnStatus": "Modified",
"descriptions": [
{
@ -67,10 +67,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r0p0",
"versionEndIncluding": "r32p0",
"matchCriteriaId": "19223341-DDCC-4A10-BEDE-28F3EA0D2A61"
"matchCriteriaId": "94829287-8671-41ED-810B-D1560B65F4F7"
},
{
"vulnerable": true,

15
CVE-2023/CVE-2023-271xx/CVE-2023-27171.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-27171",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:43.543",
"lastModified": "2023-12-13T14:15:43.543",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31210",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-12-13T09:15:34.080",
"lastModified": "2023-12-13T09:15:34.080",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

10193
CVE-2023/CVE-2023-334xx/CVE-2023-33412.json
View File

File diff suppressed because it is too large Load Diff

10193
CVE-2023/CVE-2023-334xx/CVE-2023-33413.json
View File

File diff suppressed because it is too large Load Diff

24
CVE-2023/CVE-2023-341xx/CVE-2023-34194.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34194",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:43.680",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\\0' located after whitespace."
}
],
"metrics": {},
"references": [
{
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp",
"source": "cve@mitre.org"
},
{
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-366xx/CVE-2023-36639.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36639",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:12.900",
"lastModified": "2023-12-13T07:15:12.900",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests."
},
{
"lang": "es",
"value": "Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de FortiOS 7.4.0, 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.15, 6.0.0 a 6.0.17, las versiones de FortiPAM 1.0.0 a 1.0.3 permiten al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes API especialmente manipuladas."
}
],
"metrics": {

6
CVE-2023/CVE-2023-384xx/CVE-2023-38435.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38435",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T16:15:11.500",
"lastModified": "2023-12-01T16:28:34.823",
"lastModified": "2023-12-13T13:49:32.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,9 +65,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:felix_health_check_webconsole:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:apache:felix_health_check_webconsole_plugin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "676D826F-DC6D-4356-9B94-8FEB2EB4F9DB"
"matchCriteriaId": "0CA9B46C-3E77-4915-A91E-D33A1E14669C"
}
]
}

8
CVE-2023/CVE-2023-407xx/CVE-2023-40716.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40716",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:14.223",
"lastModified": "2023-12-13T07:15:14.223",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] \u00a0in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup ."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en el int\u00e9rprete de l\u00ednea de comando de FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante autenticado ejecute comandos no autorizados a trav\u00e9s de argumentos espec\u00edficamente manipulados al ejecutar ejecutar restauraci\u00f3n/copia de seguridad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-416xx/CVE-2023-41673.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41673",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:15.860",
"lastModified": "2023-12-13T07:15:15.860",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n inadecuada [CWE-285] en Fortinet FortiADC versi\u00f3n 7.4.0 y anteriores a 7.2.2 puede permitir que un usuario con pocos privilegios lea o haga una copia de seguridad de la configuraci\u00f3n completa del sistema a trav\u00e9s de solicitudes HTTP o HTTPS."
}
],
"metrics": {

8
CVE-2023/CVE-2023-416xx/CVE-2023-41678.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41678",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:17.317",
"lastModified": "2023-12-13T07:15:17.317",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."
},
{
"lang": "es",
"value": "Un doble gratuito en las versiones Fortinet FortiOS 7.0.0 a 7.0.5, FortiPAM versi\u00f3n 1.0.0 a 1.0.3, 1.1.0 a 1.1.1 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una solicitud espec\u00edficamente manipulada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-418xx/CVE-2023-41844.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41844",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:18.887",
"lastModified": "2023-12-13T07:15:18.887",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web (\"cross-site scripting\") en Fortinet FortiSandbox versi\u00f3n 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2 .4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.4 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP manipuladas en el endpoint de captura de tr\u00e1fico."
}
],
"metrics": {

55
CVE-2023/CVE-2023-424xx/CVE-2023-42495.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42495",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-12-13T13:15:07.450",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

4
CVE-2023/CVE-2023-442xx/CVE-2023-44251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44251",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.280",
"lastModified": "2023-12-13T09:15:34.280",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-442xx/CVE-2023-44252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44252",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.473",
"lastModified": "2023-12-13T09:15:34.473",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-443xx/CVE-2023-44362.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44362",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T12:15:07.363",
"lastModified": "2023-12-13T12:15:07.363",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 22.6 y anteriores de Adobe Prelude se ven afectadas por una vulnerabilidad de acceso a puntero no inicializado que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-455xx/CVE-2023-45587.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45587",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:20.363",
"lastModified": "2023-12-13T07:15:20.363",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests"
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web (\"cross-site scripting\") en Fortinet FortiSandbox versi\u00f3n 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2 .4 y 3.1.0 a 3.1.5 permiten al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP manipuladas"
}
],
"metrics": {

8
CVE-2023/CVE-2023-457xx/CVE-2023-45725.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45725",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-13T08:15:50.190",
"lastModified": "2023-12-13T08:15:50.190",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers\n"
},
{
"lang": "es",
"value": "Las funciones de dise\u00f1o de documentos que reciben un objeto de solicitud http de usuario pueden exponer los encabezados de cookies de sesi\u00f3n o de autorizaci\u00f3n del usuario que accede al documento. Estas funciones del documento de dise\u00f1o son: * lista * mostrar * reescribir * actualizar. Un atacante puede filtrar el componente de la sesi\u00f3n utilizando una salida similar a HTML, insertar la sesi\u00f3n como un recurso externo (como una imagen) o almacenar la credencial en un documento local con una funci\u00f3n de \"actualizaci\u00f3n\". Para que el ataque tenga \u00e9xito, el atacante debe poder insertar los documentos de dise\u00f1o en la base de datos y luego manipular a un usuario para que acceda a una funci\u00f3n desde ese documento de dise\u00f1o. Workaround: evite el uso de documentos de dise\u00f1o de fuentes no confiables que puedan intentar acceder o manipular los encabezados de los objetos de solicitud."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-458xx/CVE-2023-45800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45800",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-12-13T02:15:07.323",
"lastModified": "2023-12-13T02:15:07.323",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el software colaborativo Hanbiro Hanbiro permite la obtenci\u00f3n de informaci\u00f3n. Este problema afecta al software colaborativo Hanbiro: desde V3.8.79 antes de V3.8.81.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-458xx/CVE-2023-45801.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45801",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-12-13T03:15:48.037",
"lastModified": "2023-12-13T03:15:48.037",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de autenticaci\u00f3n incorrecta en Nadatel DVR permite la obtenci\u00f3n de informaci\u00f3n. Este problema afecta al DVR: desde 3.0.0 antes de 9.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46671.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46671",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:22.013",
"lastModified": "2023-12-13T07:15:22.013",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).\n"
},
{
"lang": "es",
"value": "Elastic descubri\u00f3 un problema por el cual se puede registrar informaci\u00f3n confidencial en los registros de Kibana en caso de un error. Elastic lanz\u00f3 Kibana 8.11.1 que resuelve este problema. El mensaje de error registrado en el registro puede contener credenciales de cuenta para el usuario de kibana_system, claves API y credenciales de los usuarios finales de Kibana. El problema ocurre con poca frecuencia, solo si se devuelve un error desde un cl\u00faster de Elasticsearch, en los casos en que hay interacci\u00f3n del usuario y un cl\u00faster en mal estado (por ejemplo, cuando se devuelve un disyuntor o no hay excepciones de fragmentos)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-466xx/CVE-2023-46675.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46675",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:23.077",
"lastModified": "2023-12-13T07:15:23.077",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.\n"
},
{
"lang": "es",
"value": "Elastic descubri\u00f3 un problema por el cual se puede registrar informaci\u00f3n confidencial en los registros de Kibana en caso de un error o en el caso de que el registro de nivel de depuraci\u00f3n est\u00e9 habilitado en Kibana. Elastic lanz\u00f3 Kibana 8.11.2 que resuelve este problema. Los mensajes registrados en el registro pueden contener credenciales de cuenta para el usuario kibana_system, claves API y credenciales de los usuarios finales de Kibana, objetos de pol\u00edtica del paquete Elastic Security que pueden contener claves privadas, tokens de portador y sesiones de integraciones de terceros y, finalmente, autorizaci\u00f3n de encabezados, secretos de cliente, rutas de archivos locales y seguimientos de pila. El problema puede ocurrir en cualquier instancia de Kibana que ejecute una versi\u00f3n afectada y que potencialmente podr\u00eda recibir un error inesperado al comunicarse con Elasticsearch, lo que provocar\u00eda que se incluyeran datos confidenciales en los registros de errores de Kibana. Tambi\u00e9n podr\u00eda ocurrir en circunstancias espec\u00edficas cuando el registro de nivel de depuraci\u00f3n est\u00e1 habilitado en Kibana. Nota: Se descubri\u00f3 que la soluci\u00f3n para ESA-2023-25 en Kibana 8.11.1 para un problema similar estaba incompleta."
}
],
"metrics": {

8
CVE-2023/CVE-2023-467xx/CVE-2023-46713.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46713",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:24.547",
"lastModified": "2023-12-13T07:15:24.547",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n de salida inadecuada para los registros en Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 y 7.4.0 puede permitir que un atacante falsifique registros de tr\u00e1fico a trav\u00e9s de una URL manipulada de la aplicaci\u00f3n web."
}
],
"metrics": {

55
CVE-2023/CVE-2023-470xx/CVE-2023-47061.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47061",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:07.897",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47062.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47062",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.147",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
}
]
}

4
CVE-2023/CVE-2023-470xx/CVE-2023-47063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47063",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:08.443",
"lastModified": "2023-12-13T10:15:08.443",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47074",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:08.823",
"lastModified": "2023-12-13T10:15:08.823",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47075",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.160",
"lastModified": "2023-12-13T10:15:09.160",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47076",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.480",
"lastModified": "2023-12-13T10:15:09.480",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-470xx/CVE-2023-47077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47077",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.750",
"lastModified": "2023-12-13T10:15:09.750",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-470xx/CVE-2023-47078.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47078",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.400",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47079.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47079",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T13:15:08.680",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/dimension/apsb23-71.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47080.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47080",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:43.763",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-470xx/CVE-2023-47081.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47081",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:43.963",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html",
"source": "psirt@adobe.com"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47320.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.153",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in \"Maintenance Mode\" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47321.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.200",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the \"Porlet Deployer\" which allows administrators to deploy .WAR portlets."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47322.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.247",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The \"userModify\" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47323.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47323",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.293",
"lastModified": "2023-12-13T14:27:29.077",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-473xx/CVE-2023-47324.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47324",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.343",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47325.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47325",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.390",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas Core 6.3.1 administrative \"Bin\" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47326.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.437",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47326",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-473xx/CVE-2023-47327.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T14:15:44.487",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The \"Create a Space\" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL."
}
],
"metrics": {},
"references": [
{
"url": "http://silverpeas.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-475xx/CVE-2023-47536.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47536",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T08:15:50.920",
"lastModified": "2023-12-13T08:15:50.920",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS versi\u00f3n 7.2.0, versi\u00f3n 7.0.13 e inferior, versi\u00f3n 6.4.14 e inferior y FortiProxy versi\u00f3n 7.2.3 e inferior, versi\u00f3n 7.0.9 e inferior, versi\u00f3n 2.0.12 y a continuaci\u00f3n pueden permitir que un atacante remoto no autenticado evite la pol\u00edtica de geolocalizaci\u00f3n de denegaci\u00f3n del firewall sincronizando la omisi\u00f3n con una actualizaci\u00f3n de la base de datos GeoIP."
}
],
"metrics": {

8
CVE-2023/CVE-2023-475xx/CVE-2023-47573.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47573",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.553",
"lastModified": "2023-12-13T02:15:07.553",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions."
},
{
"lang": "es",
"value": "Un problema descubierto en dispositivos Relyum RELY-PCIe 22.2.1. El mecanismo de autorizaci\u00f3n no se aplica en la interfaz web, lo que permite que un usuario con pocos privilegios ejecute funciones administrativas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47574.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47574",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.600",
"lastModified": "2023-12-13T02:15:07.600",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Relyum RELY-PCIe 22.2.1 y RELY-REC 23.1.0. Hay una configuraci\u00f3n SMB d\u00e9bil con la firma deshabilitada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47575.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.643",
"lastModified": "2023-12-13T02:15:07.643",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Relyum RELY-PCIe 22.2.1 y RELY-REC 23.1.0. Las interfaces web de los dispositivos Relyum son susceptibles a XSS reflejado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47576.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47576",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.693",
"lastModified": "2023-12-13T02:15:07.693",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Relyum RELY-PCIe 22.2.1 y RELY-REC 23.1.0, que permit\u00eda la inyecci\u00f3n de comandos autenticados a trav\u00e9s de la interfaz web."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47577.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47577",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.753",
"lastModified": "2023-12-13T02:15:07.753",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password."
},
{
"lang": "es",
"value": "Un problema descubierto en Relyum RELY-PCIe 22.2.1 y RELY-REC 23.1.0 permite cambios de contrase\u00f1a no autorizados debido a que no se verifica la contrase\u00f1a actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47578.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47578",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.800",
"lastModified": "2023-12-13T02:15:07.800",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface."
},
{
"lang": "es",
"value": "Los dispositivos Relyum RELY-PCIe 22.2.1 y RELY-REC 23.1.0 son susceptibles a ataques de Cross-Site Request Forgery (CSRF) debido a la ausencia de protecci\u00f3n CSRF en la interfaz web."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47579.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47579",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-13T02:15:07.850",
"lastModified": "2023-12-13T02:15:07.850",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system."
},
{
"lang": "es",
"value": "Los dispositivos Relyum RELY-PCIe 22.2.1 sufren una mala configuraci\u00f3n del grupo del sistema, lo que permite el acceso de lectura al archivo hash de contrase\u00f1a central del sistema operativo."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-486xx/CVE-2023-48625.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48625",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:44.533",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48626.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48626",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:44.737",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48627.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48627",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:44.923",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48628.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48628",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:45.120",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48629.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48629",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:45.310",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48630.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48630",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:45.513",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48632.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48632",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:45.713",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48633.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48633",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:45.907",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48634.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48634",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.103",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48635.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48635",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.297",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48636.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48636",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.483",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48637.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48637",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.673",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48638.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48638",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:46.880",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-486xx/CVE-2023-48639.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48639",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T14:15:47.073",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-487xx/CVE-2023-48782.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48782",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:27.480",
"lastModified": "2023-12-13T07:15:27.480",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters"
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiWLM versi\u00f3n 8.6.0 a 8.6.5 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de par\u00e1metros de solicitud http get espec\u00edficamente manipulados"
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48791.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48791",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:28.980",
"lastModified": "2023-12-13T07:15:28.980",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ('Inyecci\u00f3n de comando') [CWE-77] en FortiPortal versi\u00f3n 7.2.0, versi\u00f3n 7.0.6 y anteriores puede permitir que un atacante remoto autenticado con al menos permiso R/W ejecute comandos no autorizados a trav\u00e9s de argumentos espec\u00edficamente manipulados en el campo de la p\u00e1gina Programar Copia de Seguridad del Sistema."
}
],
"metrics": {

70
CVE-2023/CVE-2023-499xx/CVE-2023-49958.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-49958",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T13:15:07.833",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T13:53:04.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Dalmann OCPP.Core hasta 1.2.0 para OCPP (Protocolo de punto de carga abierto) para veh\u00edculos el\u00e9ctricos. El servidor procesa mensajes StartTransaction mal manejados que contienen propiedades adicionales, arbitrarias o propiedades duplicadas. Se acepta la \u00faltima aparici\u00f3n de una propiedad duplicada. Esto podr\u00eda aprovecharse para alterar los registros de transacciones o afectar la integridad del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.0",
"matchCriteriaId": "E2779F2A-1D74-4C69-8151-B5E9D49F025A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dallmann-consulting/OCPP.Core/issues/36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-62xx/CVE-2023-6245.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6245",
"sourceIdentifier": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"published": "2023-12-08T15:15:08.233",
"lastModified": "2023-12-08T16:37:45.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T14:41:10.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Candid library causes a Denial of Service while \nparsing a specially crafted payload with 'empty' data type. For example,\n if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.\n\n\nCanisters using affected versions of candid\n are exposed to denial of service by causing the decoding to run \nindefinitely until the canister traps due to reaching maximum \ninstruction limit per execution round. Repeated exposure to the payload \nwill result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.\n\n\n\n"
},
{
"lang": "es",
"value": "La librer\u00eda Candid provoca una denegaci\u00f3n de servicio mientras analiza un payload especialmente manipulado con un tipo de datos \"vac\u00edo\". Por ejemplo, si el payload es `record { * ; empty }` y la interfaz del recipiente espera `record { * }`, entonces el decodificador sincero de Rust trata el vac\u00edo como un campo adicional requerido por el tipo. El problema con el tipo vac\u00edo es que la sincera librer\u00eda Rust clasifica err\u00f3neamente vac\u00edo como un error recuperable al omitir el campo y, por lo tanto, provoca un bucle de decodificaci\u00f3n infinito. Los contenedores que utilizan versiones afectadas de candid est\u00e1n expuestos a una denegaci\u00f3n de servicio al hacer que la decodificaci\u00f3n se ejecute indefinidamente hasta que el contenedor se bloquea debido a que alcanza el l\u00edmite m\u00e1ximo de instrucciones por ronda de ejecuci\u00f3n. La exposici\u00f3n repetida a el payload dar\u00e1 como resultado un rendimiento degradado del recipiente. Nota: Los botes escritos en Motoko no se ven afectados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
},
{
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"type": "Secondary",
@ -58,26 +92,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dfinity:candid:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "0.9.0",
"versionEndExcluding": "0.9.10",
"matchCriteriaId": "F95D6602-30FA-4473-9660-F87B18A446FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dfinity/candid/blob/master/spec/Candid.md",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"tags": [
"Product"
]
},
{
"url": "https://github.com/dfinity/candid/pull/478",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://internetcomputer.org/docs/current/references/candid-ref",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"tags": [
"Product"
]
},
{
"url": "https://internetcomputer.org/docs/current/references/ic-interface-spec",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-63xx/CVE-2023-6377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-13T10:15:10.867",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -70,6 +70,10 @@
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5576",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-63xx/CVE-2023-6379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6379",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.100",
"lastModified": "2023-12-13T11:15:07.100",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6380.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6380",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.630",
"lastModified": "2023-12-13T11:15:07.630",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-63xx/CVE-2023-6381.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6381",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.830",
"lastModified": "2023-12-13T11:15:07.830",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-64xx/CVE-2023-6478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6478",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-13T10:15:10.963",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -70,6 +70,10 @@
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5576",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6534",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.680",
"lastModified": "2023-12-13T09:15:34.680",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

74
CVE-2023/CVE-2023-65xx/CVE-2023-6580.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6580",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-07T22:15:08.533",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-13T14:11:27.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en D-Link DIR-846 FW100A53DBR y clasificada como cr\u00edtica. Una parte desconocida del fichero /HNAP1/ del componente QoS POST Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento smartqos_express_devices/smartqos_normal_devices conduce a la deserializaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-247161. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-846_firmware:100a53dbr:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EEA9B9-62A2-4BEA-A671-66D029EB7A79"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77723994-0E2A-4A90-B2C6-5B262CBBAFA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247161",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247161",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-66xx/CVE-2023-6660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6660",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.730",
"lastModified": "2023-12-13T09:15:34.730",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6718",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T09:15:34.780",
"lastModified": "2023-12-13T09:15:34.780",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6719",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.070",
"lastModified": "2023-12-13T10:15:11.070",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6720",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.403",
"lastModified": "2023-12-13T10:15:11.403",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6721",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.793",
"lastModified": "2023-12-13T10:15:11.793",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6722",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:12.150",
"lastModified": "2023-12-13T10:15:12.150",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-67xx/CVE-2023-6723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6723",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:08.040",
"lastModified": "2023-12-13T11:15:08.040",
"vulnStatus": "Received",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2023/CVE-2023-67xx/CVE-2023-6755.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6755",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T13:15:09.203",
"lastModified": "2023-12-13T13:35:16.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ycwxy/test/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247883",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247883",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6756.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6756",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T14:15:47.267",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "http://124.71.147.32:8082/IceCMS2.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247884",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247884",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-67xx/CVE-2023-6757.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6757",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T14:15:47.500",
"lastModified": "2023-12-13T14:27:24.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "http://124.71.147.32:8082/IceCMS3.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.247885",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.247885",
"source": "cna@vuldb.com"
}
]
}

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-13T13:08:21.816983+00:00
2023-12-13T15:00:49.818950+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-13T12:15:07.363000+00:00
2023-12-13T14:41:10.210000+00:00
```
### Last Data Feed Release
@ -29,48 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232975
233009
```
### CVEs added in the last Commit
Recently added CVEs: `21`
Recently added CVEs: `34`
* [CVE-2022-22942](CVE-2022/CVE-2022-229xx/CVE-2022-22942.json) (`2023-12-13T09:15:33.890`)
* [CVE-2023-31210](CVE-2023/CVE-2023-312xx/CVE-2023-31210.json) (`2023-12-13T09:15:34.080`)
* [CVE-2023-44251](CVE-2023/CVE-2023-442xx/CVE-2023-44251.json) (`2023-12-13T09:15:34.280`)
* [CVE-2023-44252](CVE-2023/CVE-2023-442xx/CVE-2023-44252.json) (`2023-12-13T09:15:34.473`)
* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-13T09:15:34.680`)
* [CVE-2023-6660](CVE-2023/CVE-2023-66xx/CVE-2023-6660.json) (`2023-12-13T09:15:34.730`)
* [CVE-2023-6718](CVE-2023/CVE-2023-67xx/CVE-2023-6718.json) (`2023-12-13T09:15:34.780`)
* [CVE-2023-47063](CVE-2023/CVE-2023-470xx/CVE-2023-47063.json) (`2023-12-13T10:15:08.443`)
* [CVE-2023-47074](CVE-2023/CVE-2023-470xx/CVE-2023-47074.json) (`2023-12-13T10:15:08.823`)
* [CVE-2023-47075](CVE-2023/CVE-2023-470xx/CVE-2023-47075.json) (`2023-12-13T10:15:09.160`)
* [CVE-2023-47076](CVE-2023/CVE-2023-470xx/CVE-2023-47076.json) (`2023-12-13T10:15:09.480`)
* [CVE-2023-47077](CVE-2023/CVE-2023-470xx/CVE-2023-47077.json) (`2023-12-13T10:15:09.750`)
* [CVE-2023-6719](CVE-2023/CVE-2023-67xx/CVE-2023-6719.json) (`2023-12-13T10:15:11.070`)
* [CVE-2023-6720](CVE-2023/CVE-2023-67xx/CVE-2023-6720.json) (`2023-12-13T10:15:11.403`)
* [CVE-2023-6721](CVE-2023/CVE-2023-67xx/CVE-2023-6721.json) (`2023-12-13T10:15:11.793`)
* [CVE-2023-6722](CVE-2023/CVE-2023-67xx/CVE-2023-6722.json) (`2023-12-13T10:15:12.150`)
* [CVE-2023-6379](CVE-2023/CVE-2023-63xx/CVE-2023-6379.json) (`2023-12-13T11:15:07.100`)
* [CVE-2023-6380](CVE-2023/CVE-2023-63xx/CVE-2023-6380.json) (`2023-12-13T11:15:07.630`)
* [CVE-2023-6381](CVE-2023/CVE-2023-63xx/CVE-2023-6381.json) (`2023-12-13T11:15:07.830`)
* [CVE-2023-6723](CVE-2023/CVE-2023-67xx/CVE-2023-6723.json) (`2023-12-13T11:15:08.040`)
* [CVE-2023-44362](CVE-2023/CVE-2023-443xx/CVE-2023-44362.json) (`2023-12-13T12:15:07.363`)
* [CVE-2023-47326](CVE-2023/CVE-2023-473xx/CVE-2023-47326.json) (`2023-12-13T14:15:44.437`)
* [CVE-2023-47327](CVE-2023/CVE-2023-473xx/CVE-2023-47327.json) (`2023-12-13T14:15:44.487`)
* [CVE-2023-48625](CVE-2023/CVE-2023-486xx/CVE-2023-48625.json) (`2023-12-13T14:15:44.533`)
* [CVE-2023-48626](CVE-2023/CVE-2023-486xx/CVE-2023-48626.json) (`2023-12-13T14:15:44.737`)
* [CVE-2023-48627](CVE-2023/CVE-2023-486xx/CVE-2023-48627.json) (`2023-12-13T14:15:44.923`)
* [CVE-2023-48628](CVE-2023/CVE-2023-486xx/CVE-2023-48628.json) (`2023-12-13T14:15:45.120`)
* [CVE-2023-48629](CVE-2023/CVE-2023-486xx/CVE-2023-48629.json) (`2023-12-13T14:15:45.310`)
* [CVE-2023-48630](CVE-2023/CVE-2023-486xx/CVE-2023-48630.json) (`2023-12-13T14:15:45.513`)
* [CVE-2023-48632](CVE-2023/CVE-2023-486xx/CVE-2023-48632.json) (`2023-12-13T14:15:45.713`)
* [CVE-2023-48633](CVE-2023/CVE-2023-486xx/CVE-2023-48633.json) (`2023-12-13T14:15:45.907`)
* [CVE-2023-48634](CVE-2023/CVE-2023-486xx/CVE-2023-48634.json) (`2023-12-13T14:15:46.103`)
* [CVE-2023-48635](CVE-2023/CVE-2023-486xx/CVE-2023-48635.json) (`2023-12-13T14:15:46.297`)
* [CVE-2023-48636](CVE-2023/CVE-2023-486xx/CVE-2023-48636.json) (`2023-12-13T14:15:46.483`)
* [CVE-2023-48637](CVE-2023/CVE-2023-486xx/CVE-2023-48637.json) (`2023-12-13T14:15:46.673`)
* [CVE-2023-48638](CVE-2023/CVE-2023-486xx/CVE-2023-48638.json) (`2023-12-13T14:15:46.880`)
* [CVE-2023-48639](CVE-2023/CVE-2023-486xx/CVE-2023-48639.json) (`2023-12-13T14:15:47.073`)
* [CVE-2023-6756](CVE-2023/CVE-2023-67xx/CVE-2023-6756.json) (`2023-12-13T14:15:47.267`)
* [CVE-2023-6757](CVE-2023/CVE-2023-67xx/CVE-2023-6757.json) (`2023-12-13T14:15:47.500`)
* [CVE-2023-34194](CVE-2023/CVE-2023-341xx/CVE-2023-34194.json) (`2023-12-13T14:15:43.680`)
* [CVE-2023-47080](CVE-2023/CVE-2023-470xx/CVE-2023-47080.json) (`2023-12-13T14:15:43.763`)
* [CVE-2023-47081](CVE-2023/CVE-2023-470xx/CVE-2023-47081.json) (`2023-12-13T14:15:43.963`)
* [CVE-2023-47320](CVE-2023/CVE-2023-473xx/CVE-2023-47320.json) (`2023-12-13T14:15:44.153`)
* [CVE-2023-47321](CVE-2023/CVE-2023-473xx/CVE-2023-47321.json) (`2023-12-13T14:15:44.200`)
* [CVE-2023-47322](CVE-2023/CVE-2023-473xx/CVE-2023-47322.json) (`2023-12-13T14:15:44.247`)
* [CVE-2023-47323](CVE-2023/CVE-2023-473xx/CVE-2023-47323.json) (`2023-12-13T14:15:44.293`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `58`
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-13T10:15:07.907`)
* [CVE-2023-5189](CVE-2023/CVE-2023-51xx/CVE-2023-5189.json) (`2023-12-13T10:15:10.110`)
* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-13T10:15:10.293`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-13T10:15:10.390`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-13T10:15:10.600`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2023-12-13T10:15:10.740`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T10:15:10.867`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T10:15:10.963`)
* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-47536](CVE-2023/CVE-2023-475xx/CVE-2023-47536.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-44251](CVE-2023/CVE-2023-442xx/CVE-2023-44251.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-44252](CVE-2023/CVE-2023-442xx/CVE-2023-44252.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-6718](CVE-2023/CVE-2023-67xx/CVE-2023-6718.json) (`2023-12-13T13:35:21.667`)
* [CVE-2023-45800](CVE-2023/CVE-2023-458xx/CVE-2023-45800.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47574](CVE-2023/CVE-2023-475xx/CVE-2023-47574.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47575](CVE-2023/CVE-2023-475xx/CVE-2023-47575.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47576](CVE-2023/CVE-2023-475xx/CVE-2023-47576.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47578](CVE-2023/CVE-2023-475xx/CVE-2023-47578.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-47579](CVE-2023/CVE-2023-475xx/CVE-2023-47579.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-45801](CVE-2023/CVE-2023-458xx/CVE-2023-45801.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-31210](CVE-2023/CVE-2023-312xx/CVE-2023-31210.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-6660](CVE-2023/CVE-2023-66xx/CVE-2023-6660.json) (`2023-12-13T13:35:25.510`)
* [CVE-2023-33412](CVE-2023/CVE-2023-334xx/CVE-2023-33412.json) (`2023-12-13T13:36:43.570`)
* [CVE-2023-33413](CVE-2023/CVE-2023-334xx/CVE-2023-33413.json) (`2023-12-13T13:41:51.183`)
* [CVE-2023-38435](CVE-2023/CVE-2023-384xx/CVE-2023-38435.json) (`2023-12-13T13:49:32.873`)
* [CVE-2023-49958](CVE-2023/CVE-2023-499xx/CVE-2023-49958.json) (`2023-12-13T13:53:04.123`)
* [CVE-2023-6580](CVE-2023/CVE-2023-65xx/CVE-2023-6580.json) (`2023-12-13T14:11:27.950`)
* [CVE-2023-6245](CVE-2023/CVE-2023-62xx/CVE-2023-6245.json) (`2023-12-13T14:41:10.210`)
## Download and Usage