diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36646.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36646.json index f7dfeaf9055..31271224f82 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36646.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36646.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36646", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T00:15:28.757", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:38:27.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "La verificaci\u00f3n incorrecta de roles de usuario en m\u00faltiples endpoints de API REST en ProLion CryptoSpike 3.0.15P2 permite a un atacante remoto con privilegios bajos ejecutar funciones privilegiadas y lograr una escalada de privilegios a trav\u00e9s de la invocaci\u00f3n del endpoint de API REST." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*", + "matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36652.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36652.json index e74be55208c..5064dbff9f2 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36652.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36652.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36652", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T01:15:10.270", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:42:54.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una inyecci\u00f3n SQL en los usuarios que buscan el endpoint de la API REST en ProLion CryptoSpike 3.0.15P2 permite a atacantes remotos autenticados leer datos de la base de datos mediante comandos SQL inyectados en el par\u00e1metro de b\u00fasqueda." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*", + "matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36652", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36654.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36654.json index 7b68eff06ed..91b49cdff85 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36654.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36654.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36654", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T01:15:10.313", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:51:12.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Directory traversal en el endpoint de la API REST de descarga de registros en ProLion CryptoSpike 3.0.15P2 permite a atacantes remotos autenticados descargar claves privadas SSH del servidor host (asociadas con un usuario ra\u00edz de Linux) inyectando rutas dentro de los par\u00e1metros del endpoint de la API REST." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*", + "matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36654", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40446.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40446.json index 0c64a48f0d3..5cd54d7d2e2 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40446.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40446.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40446", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:10.360", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:56:06.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,111 @@ "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. El procesamiento de entradas creadas con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en aplicaciones instaladas por el usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.2", + "matchCriteriaId": "3DFB829A-82EA-40BB-81F9-AD4F69F24ABA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.1", + "matchCriteriaId": "387C5D63-833F-4407-A402-501DEF4E15AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.7.2", + "matchCriteriaId": "5EB9EAAE-441A-4844-BCB2-1716FD9ACE85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.1", + "matchCriteriaId": "F53A32D0-DB67-40D7-B14E-3963E696A77E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.7.1", + "matchCriteriaId": "7C0B29FA-3C4E-4F6E-A39E-D7B46CD5A614" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213981", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213982", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213983", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42897.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42897.json index c057273dc1e..ff9595ccf25 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42897.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42897.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42897", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:11.637", - "lastModified": "2023-12-13T01:15:08.600", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T20:57:23.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,83 @@ "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.2 y iPadOS 17.2. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.2", + "matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndExcluding": "17.2", + "matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/7", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214035", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42901.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42901.json index 7bac51a6584..55bed1eb38d 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42901.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42901.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42901", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:11.837", - "lastModified": "2023-12-13T01:15:08.823", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:52:31.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42902.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42902.json index 89295d3a3ae..68bc92788b6 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42902.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42902.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42902", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:11.903", - "lastModified": "2023-12-13T01:15:08.870", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:52:46.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42903.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42903.json index 39496464847..a6b44fed3ab 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42903.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42903.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42903", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:11.950", - "lastModified": "2023-12-13T01:15:08.920", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:53:01.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42904.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42904.json index d4b97e273e6..94823a4494f 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42904.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42904.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42904", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.000", - "lastModified": "2023-12-13T01:15:08.963", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:51:18.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42905.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42905.json index 0e46e500999..38f3d671170 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42905.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42905.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42905", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.050", - "lastModified": "2023-12-13T01:15:09.013", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:51:31.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42906.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42906.json index 188f5def652..f8ca76f8171 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42906.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42906.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42906", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.093", - "lastModified": "2023-12-13T01:15:09.060", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:51:46.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42907.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42907.json index e9b4a796718..ad161116de9 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42907.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42907.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42907", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.140", - "lastModified": "2023-12-13T01:15:09.107", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:25:43.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42908.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42908.json index 8295aaecdcd..48e9875fd49 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42908.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42908.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42908", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.183", - "lastModified": "2023-12-13T01:15:09.160", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:26:43.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42909.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42909.json index 38611ee481b..5b8e03d4390 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42909.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42909", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.223", - "lastModified": "2023-12-13T01:15:09.220", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:26:57.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42910.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42910.json index f0d279004cc..51b45f2f722 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42910.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42910", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.263", - "lastModified": "2023-12-13T01:15:09.270", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:14:00.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42911.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42911.json index de972a5da62..1da0891d057 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42911.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42911.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42911", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.313", - "lastModified": "2023-12-13T01:15:09.320", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:12:48.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42912.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42912.json index 6e72eeb76ad..68bbf45422e 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42912.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42912.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42912", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:12.367", - "lastModified": "2023-12-13T01:15:09.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:20:21.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.2", + "matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214036", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43813.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43813.json new file mode 100644 index 00000000000..27b487f7e02 --- /dev/null +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43813.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-43813", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-13T19:15:07.587", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45670.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45670.json index 0f2c81f5518..858177afd64 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45670.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45670.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45670", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-30T23:15:08.543", - "lastModified": "2023-11-08T19:17:43.383", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T20:15:49.010", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -134,6 +134,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45671.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45671.json index 2da079d7573..ffd95a051a7 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45671.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45671.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45671", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-30T23:15:08.620", - "lastModified": "2023-11-08T19:08:21.957", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T20:15:49.170", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -106,6 +106,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45672.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45672.json index 7536f5d21ea..3cf3deed4a2 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45672.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45672.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45672", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-30T23:15:08.697", - "lastModified": "2023-11-08T18:46:22.220", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T20:15:49.260", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -127,6 +127,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json new file mode 100644 index 00000000000..58ed76ecad6 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-46247", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-13T20:15:49.360", + "lastModified": "2023-12-13T20:15:49.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + }, + { + "lang": "en", + "value": "CWE-682" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46726.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46726.json new file mode 100644 index 00000000000..13048b58e54 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46726.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46726", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-13T19:15:07.830", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46727.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46727.json new file mode 100644 index 00000000000..0bde45ce5ef --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46727.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46727", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-13T19:15:08.047", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json new file mode 100644 index 00000000000..35650162ef6 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49296.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49296", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-13T20:15:49.587", + "lastModified": "2023-12-13T20:15:49.587", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49363.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49363.json index 06f769d775a..5f3676cad16 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49363.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49363.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49363", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T18:15:43.660", - "lastModified": "2023-12-13T18:15:43.660", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49417.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49417.json index 921aa6b8494..e1f76208416 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49417.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49417.json @@ -2,19 +2,91 @@ "id": "CVE-2023-49417", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-11T14:15:31.740", - "lastModified": "2023-12-11T14:15:42.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:23:25.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg." + }, + { + "lang": "es", + "value": "TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s de setOpModeCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*", + "matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setOpModeCfg", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49418.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49418.json index 86c3acd391e..03ea496da4d 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49418.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49418.json @@ -2,19 +2,91 @@ "id": "CVE-2023-49418", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-11T14:15:31.800", - "lastModified": "2023-12-11T14:15:42.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:26:37.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules." + }, + { + "lang": "es", + "value": "TOTOLink A7000R V9.1.0u.6115_B20201022 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s de setIpPortFilterRules." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*", + "matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50430.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50430.json index e85a34bcc98..026fc39089f 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50430.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50430.json @@ -2,19 +2,92 @@ "id": "CVE-2023-50430", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-09T22:15:07.233", - "lastModified": "2023-12-10T11:50:56.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T19:10:39.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint." + }, + { + "lang": "es", + "value": "Goodix Fingerprint Device, tal como se env\u00eda en las computadoras Dell Inspiron 15, no sigue Secure Device Connection Protocol (SDCP) al registrarse a trav\u00e9s de Linux y acepta un paquete de configuraci\u00f3n no autenticado para seleccionar la base de datos de plantilla de Windows, lo que permite omitir la autenticaci\u00f3n de Windows Hello mediante registrar la huella digital de un atacante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:goodix:fingerprint_sensor_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0DFE9AF9-6028-475C-9C1C-93C89183E6A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:goodix:fingerprint_sensor:-:*:*:*:*:*:*:*", + "matchCriteriaId": "066BD958-54E4-4548-A874-515C05B0FAFC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50441.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50441.json new file mode 100644 index 00000000000..e1546765624 --- /dev/null +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50441.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50441", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-13T20:15:49.790", + "lastModified": "2023-12-13T20:15:49.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.primx.eu/fr/blog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50444.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50444.json new file mode 100644 index 00000000000..c11998a49d0 --- /dev/null +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50444.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50444", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-13T20:15:49.840", + "lastModified": "2023-12-13T20:15:49.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.primx.eu/fr/blog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50446.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50446.json index 961aa1e4ee3..95037fb2d55 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50446.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50446.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50446", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-10T17:15:07.070", - "lastModified": "2023-12-11T12:20:50.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T19:46:58.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n Mullvad VPN para Windows antes de 2023.6-beta1. Los permisos insuficientes en un directorio permiten que cualquier usuario local sin privilegios escale privilegios al SYSTEM." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mullvad:mullvad_vpn:*:*:*:*:*:windows:*:*", + "versionEndIncluding": "2023.5", + "matchCriteriaId": "FE432DB4-AEAB-435D-88D2-09633CA56BB5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mullvad/mullvadvpn-app/pull/5398", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50463.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50463.json index 96e25793f2a..c3aa0bfb588 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50463.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50463.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50463", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-10T23:15:07.247", - "lastModified": "2023-12-11T12:20:45.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:33:08.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "El middleware caddy-geo-ip (tambi\u00e9n conocido como GeoIP) hasta la versi\u00f3n 0.6.0 para Caddy 2, cuando se utiliza trust_header X-Forwarded-For, permite a los atacantes falsificar su direcci\u00f3n IP de origen a trav\u00e9s de un encabezado X-Forwarded-For, que puede eludir un mecanismo de protecci\u00f3n (directiva Trusted_proxy en Reverse_Proxy o restricciones de rango de direcciones IP)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.6.0", + "matchCriteriaId": "E7FEAAE7-1B58-403B-A74C-3E7C3A1229E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://caddyserver.com/v2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/shift72/caddy-geo-ip/issues/4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/shift72/caddy-geo-ip/tags", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50465.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50465.json index 0ff73ad210b..8e2bd8ced30 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50465.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50465.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50465", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-11T01:15:07.013", - "lastModified": "2023-12-11T12:20:45.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:56:40.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Monica (tambi\u00e9n conocida como MonicaHQ) 4.0.0 a trav\u00e9s de un documento SVG subido por un usuario autenticado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monicahq:monica:0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A7901C42-2C7A-4D97-946E-222CB01CB1AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Crypt0Cr33py/monicahqvuln", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/monicahq/monica/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.monicahq.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50764.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50764.json index 1b964b773c4..86b9a28cb28 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50764.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50764.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50764", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.737", - "lastModified": "2023-12-13T18:15:43.737", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50765.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50765.json index 652b2e3e786..57b659a0711 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50765.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50765", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.797", - "lastModified": "2023-12-13T18:15:43.797", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50766.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50766.json index f00f8901494..583aa155851 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50766.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50766", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.840", - "lastModified": "2023-12-13T18:15:43.840", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50767.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50767.json index 24d07702415..dfe85f5aa68 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50767.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50767", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.890", - "lastModified": "2023-12-13T18:15:43.890", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50768.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50768.json index a63d229d29d..ea8cd2a3f54 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50768.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50768.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50768", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.943", - "lastModified": "2023-12-13T18:15:43.943", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50769.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50769.json index 4deac55c060..44809079d6e 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50769.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50769.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50769", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:43.990", - "lastModified": "2023-12-13T18:15:43.990", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50770.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50770.json index 572c8caa429..ee0fb9e4c00 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50770.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50770.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50770", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.040", - "lastModified": "2023-12-13T18:15:44.040", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50771.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50771.json index e4f6e1efdd8..b12ea6cd22b 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50771.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50771.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50771", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.090", - "lastModified": "2023-12-13T18:15:44.090", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50772.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50772.json index 6f29b94e1e8..6edf1436fd2 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50772.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50772", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.137", - "lastModified": "2023-12-13T18:15:44.137", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50773.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50773.json index 215d202945f..734cab3376d 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50773.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50773.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50773", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.183", - "lastModified": "2023-12-13T18:15:44.183", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50774.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50774.json index 6cb374ad5c7..ce8030ce1ac 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50774.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50774.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50774", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.233", - "lastModified": "2023-12-13T18:15:44.233", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50775.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50775.json index 5dfb4ab7076..c321c911a13 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50775.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50775.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50775", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.280", - "lastModified": "2023-12-13T18:15:44.280", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50776.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50776.json index de4f7dd6b75..cb3bb944bcd 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50776.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50776", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.330", - "lastModified": "2023-12-13T18:15:44.330", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50777.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50777.json index a365023f6be..93ff2ff57d5 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50777.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50777.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50777", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.377", - "lastModified": "2023-12-13T18:15:44.377", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50778.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50778.json index 98edab8b58c..9aef0e3d4da 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50778.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50778.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50778", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.420", - "lastModified": "2023-12-13T18:15:44.420", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50779.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50779.json index 17ab58d50ae..5fdb6dca404 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50779.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50779", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-12-13T18:15:44.467", - "lastModified": "2023-12-13T18:15:44.467", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5749.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5749.json index dbfa1e2dea6..021d1decb07 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5749.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5749.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5749", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-11T20:15:07.093", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T20:28:26.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento EmbedPress de WordPress anterior a 3.9.2 no sanitiza ni escapa a la entrada del usuario antes de devolverla a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejada que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.9.2", + "matchCriteriaId": "A1E4A2B6-DDCB-4719-BAF6-580203399DA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/3931daac-3899-4169-8625-4c95fd2adafc", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5750.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5750.json index ac34cd9e6ae..4c54863226e 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5750.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5750", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-11T20:15:07.160", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T20:28:36.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento EmbedPress de WordPress anterior a 3.9.2 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina que contiene un contenido espec\u00edfico, lo que genera un Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.9.2", + "matchCriteriaId": "A1E4A2B6-DDCB-4719-BAF6-580203399DA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/cf323f72-8374-40fe-9e2e-810e46de1ec8", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5757.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5757.json index 3538d72ce9c..a5e63506c86 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5757.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5757.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5757", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-11T20:15:07.213", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T20:29:04.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento WP Crowdfunding de WordPress anterior a 2.1.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.8", + "matchCriteriaId": "3AB02294-6F29-4247-AE09-5380B27AA40E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/2adc5995-03a9-4860-b00b-7f8d7fe18058", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json index 0dd531d3d74..affd352b553 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5868", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.163", - "lastModified": "2023-12-13T10:15:10.390", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T19:56:50.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,74 +80,368 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.22", + "matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.17", + "matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.13", + "matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.10", + "matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.5", + "matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", + "matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:7545", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7579", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7580", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7581", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7616", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7656", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7666", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7667", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7694", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7695", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7714", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7770", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:7772", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5868", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.postgresql.org/support/security/CVE-2023-5868/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5907.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5907.json index 139396b79fc..c5544ff3416 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5907.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5907.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5907", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-11T20:15:07.263", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-13T19:55:59.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento File Manager de WordPress anterior a 6.3 no restringe el directorio ra\u00edz de los administradores de archivos, lo que permite a un administrador establecer una ra\u00edz fuera del directorio ra\u00edz de WordPress, brindando acceso a archivos y directorios del sistema incluso en una configuraci\u00f3n de m\u00faltiples sitios, donde los administradores de sitios no deber\u00edan tener permiso para modificar los archivos del sitio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bitapps:file_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.3", + "matchCriteriaId": "B1E4A18B-D18F-4E74-ABA1-2826212A7AD0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6507.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6507.json index 0e050467881..4e03b1c2cf4 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6507.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6507.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6507", "sourceIdentifier": "cna@python.org", "published": "2023-12-08T19:15:08.440", - "lastModified": "2023-12-08T20:18:15.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:17:39.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.\n\nWhen using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.\n\nThis issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un problema en el m\u00f3dulo `subproceso` de CPython 3.12.0 en plataformas POSIX. El problema se solucion\u00f3 en CPython 3.12.1 y no afecta a otras versiones estables. Cuando se utiliza el par\u00e1metro `extra_groups=` con una lista vac\u00eda como valor (es decir, `extra_groups=[]`), la l\u00f3gica retrocede para no llamar a `setgroups(0, NULL)` antes de llamar a `exec()`, por lo que no se descarta el grupos de procesos originales antes de iniciar el nuevo proceso. No hay ning\u00fan problema cuando no se usa el par\u00e1metro o cuando se usa cualquier valor adem\u00e1s de una lista vac\u00eda. Este problema solo afecta los procesos de CPython que se ejecutan con privilegios suficientes para realizar la llamada al sistema \"setgroups\" (normalmente \"root\")." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "cna@python.org", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cna@python.org", "type": "Secondary", @@ -46,18 +80,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:python:3.12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5C76EDC2-43FF-448B-B65C-20AC83D680FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "978582FF-B8F3-479F-AE77-359E9AEE6F23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:python:3.13.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "84E3F62C-7218-4DC3-8473-8A576739643A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/python/cpython/issues/112334", - "source": "cna@python.org" + "source": "cna@python.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/python/cpython/pull/112617", - "source": "cna@python.org" + "source": "cna@python.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/", - "source": "cna@python.org" + "source": "cna@python.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6657.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6657.json index 6f34b41fbab..0982dd00699 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6657.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6657.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6657", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T21:15:07.343", - "lastModified": "2023-12-11T12:20:45.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:30:26.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/student_form.php_SQL_injection.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.247365", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.247365", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6658.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6658.json index 494ce342222..a83838e0b3e 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6658.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6658.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6658", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T23:15:07.313", - "lastModified": "2023-12-11T12:20:45.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:34:08.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0907D49A-D649-42A3-BE96-A1EB234C6859" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.247366", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.247366", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6671.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6671.json index c2d6c56e9a3..6d661292697 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6671.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6671.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6671", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-12-11T14:15:32.150", - "lastModified": "2023-12-11T14:15:42.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-13T20:26:53.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad en OJS que consiste en un ataque CSRF (Cross-Site Request Forgery) que obliga a un usuario final a ejecutar acciones no deseadas en una aplicaci\u00f3n web en la que se encuentra actualmente autenticado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openjournalsystems:open_journal_systems:3.3.0.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0E73FB6F-1DC0-4AA8-A922-FDC519D637DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-open-journal-systems", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6765.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6765.json index f6d347f37e2..eca81a52ebc 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6765.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6765", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-13T18:15:44.627", - "lastModified": "2023-12-13T18:15:44.627", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6766.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6766.json index 0db7310917e..b5442487247 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6766.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6766", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-13T18:15:44.870", - "lastModified": "2023-12-13T18:15:44.870", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6767.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6767.json index c8e6843ce7b..b3742bae9ff 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6767.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6767", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-13T18:15:45.107", - "lastModified": "2023-12-13T18:15:45.107", - "vulnStatus": "Received", + "lastModified": "2023-12-13T19:01:57.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6771.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6771.json new file mode 100644 index 00000000000..4facd2074c8 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6771.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6771", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-13T19:15:08.257", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247907", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247907", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6772.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6772.json new file mode 100644 index 00000000000..e66205dd4cf --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6772.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6772", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-13T19:15:08.513", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Num-Nine/CVE/issues/8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247908", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247908", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6773.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6773.json new file mode 100644 index 00000000000..fd5b214ed4c --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6773.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6773", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-13T20:15:49.890", + "lastModified": "2023-12-13T20:15:49.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247909", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247909", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6774.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6774.json new file mode 100644 index 00000000000..11456437b91 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6774.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6774", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-13T20:15:50.140", + "lastModified": "2023-12-13T20:15:50.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1wnrdIuBhZh5ia9Q61b_V_72eIaHsX-B1?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.247910", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.247910", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6789.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6789.json new file mode 100644 index 00000000000..e7d4713f468 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6789.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6789", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:08.777", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6789", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6790.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6790.json new file mode 100644 index 00000000000..fdda657f85c --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6790.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6790", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:09.030", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator\u2019s browser when they view a specifically crafted link to the PAN-OS web interface." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6790", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6791.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6791.json new file mode 100644 index 00000000000..8a0d97650b4 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6791.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6791", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:09.337", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-701" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6791", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6792.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6792.json new file mode 100644 index 00000000000..5685f16eddf --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6792.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6792", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:09.640", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6792", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6793.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6793.json new file mode 100644 index 00000000000..b49c8df94e4 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6793.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6793", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:09.937", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6793", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6794.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6794.json new file mode 100644 index 00000000000..aaf42be29d2 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6794.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6794", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:10.240", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6794", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6795.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6795.json new file mode 100644 index 00000000000..6192d6624d2 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6795.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6795", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2023-12-13T19:15:10.537", + "lastModified": "2023-12-13T19:54:46.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-6795", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 04694376ee7..659788ab7ac 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-13T19:01:02.419291+00:00 +2023-12-13T21:00:17.811772+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-13T18:47:41.807000+00:00 +2023-12-13T20:57:23.147000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233034 +233052 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `18` -* [CVE-2023-49363](CVE-2023/CVE-2023-493xx/CVE-2023-49363.json) (`2023-12-13T18:15:43.660`) -* [CVE-2023-50764](CVE-2023/CVE-2023-507xx/CVE-2023-50764.json) (`2023-12-13T18:15:43.737`) -* [CVE-2023-50765](CVE-2023/CVE-2023-507xx/CVE-2023-50765.json) (`2023-12-13T18:15:43.797`) -* [CVE-2023-50766](CVE-2023/CVE-2023-507xx/CVE-2023-50766.json) (`2023-12-13T18:15:43.840`) -* [CVE-2023-50767](CVE-2023/CVE-2023-507xx/CVE-2023-50767.json) (`2023-12-13T18:15:43.890`) -* [CVE-2023-50768](CVE-2023/CVE-2023-507xx/CVE-2023-50768.json) (`2023-12-13T18:15:43.943`) -* [CVE-2023-50769](CVE-2023/CVE-2023-507xx/CVE-2023-50769.json) (`2023-12-13T18:15:43.990`) -* [CVE-2023-50770](CVE-2023/CVE-2023-507xx/CVE-2023-50770.json) (`2023-12-13T18:15:44.040`) -* [CVE-2023-50771](CVE-2023/CVE-2023-507xx/CVE-2023-50771.json) (`2023-12-13T18:15:44.090`) -* [CVE-2023-50772](CVE-2023/CVE-2023-507xx/CVE-2023-50772.json) (`2023-12-13T18:15:44.137`) -* [CVE-2023-50773](CVE-2023/CVE-2023-507xx/CVE-2023-50773.json) (`2023-12-13T18:15:44.183`) -* [CVE-2023-50774](CVE-2023/CVE-2023-507xx/CVE-2023-50774.json) (`2023-12-13T18:15:44.233`) -* [CVE-2023-50775](CVE-2023/CVE-2023-507xx/CVE-2023-50775.json) (`2023-12-13T18:15:44.280`) -* [CVE-2023-50776](CVE-2023/CVE-2023-507xx/CVE-2023-50776.json) (`2023-12-13T18:15:44.330`) -* [CVE-2023-50777](CVE-2023/CVE-2023-507xx/CVE-2023-50777.json) (`2023-12-13T18:15:44.377`) -* [CVE-2023-50778](CVE-2023/CVE-2023-507xx/CVE-2023-50778.json) (`2023-12-13T18:15:44.420`) -* [CVE-2023-50779](CVE-2023/CVE-2023-507xx/CVE-2023-50779.json) (`2023-12-13T18:15:44.467`) -* [CVE-2023-6765](CVE-2023/CVE-2023-67xx/CVE-2023-6765.json) (`2023-12-13T18:15:44.627`) -* [CVE-2023-6766](CVE-2023/CVE-2023-67xx/CVE-2023-6766.json) (`2023-12-13T18:15:44.870`) -* [CVE-2023-6767](CVE-2023/CVE-2023-67xx/CVE-2023-6767.json) (`2023-12-13T18:15:45.107`) +* [CVE-2023-43813](CVE-2023/CVE-2023-438xx/CVE-2023-43813.json) (`2023-12-13T19:15:07.587`) +* [CVE-2023-46726](CVE-2023/CVE-2023-467xx/CVE-2023-46726.json) (`2023-12-13T19:15:07.830`) +* [CVE-2023-46727](CVE-2023/CVE-2023-467xx/CVE-2023-46727.json) (`2023-12-13T19:15:08.047`) +* [CVE-2023-6771](CVE-2023/CVE-2023-67xx/CVE-2023-6771.json) (`2023-12-13T19:15:08.257`) +* [CVE-2023-6772](CVE-2023/CVE-2023-67xx/CVE-2023-6772.json) (`2023-12-13T19:15:08.513`) +* [CVE-2023-6789](CVE-2023/CVE-2023-67xx/CVE-2023-6789.json) (`2023-12-13T19:15:08.777`) +* [CVE-2023-6790](CVE-2023/CVE-2023-67xx/CVE-2023-6790.json) (`2023-12-13T19:15:09.030`) +* [CVE-2023-6791](CVE-2023/CVE-2023-67xx/CVE-2023-6791.json) (`2023-12-13T19:15:09.337`) +* [CVE-2023-6792](CVE-2023/CVE-2023-67xx/CVE-2023-6792.json) (`2023-12-13T19:15:09.640`) +* [CVE-2023-6793](CVE-2023/CVE-2023-67xx/CVE-2023-6793.json) (`2023-12-13T19:15:09.937`) +* [CVE-2023-6794](CVE-2023/CVE-2023-67xx/CVE-2023-6794.json) (`2023-12-13T19:15:10.240`) +* [CVE-2023-6795](CVE-2023/CVE-2023-67xx/CVE-2023-6795.json) (`2023-12-13T19:15:10.537`) +* [CVE-2023-46247](CVE-2023/CVE-2023-462xx/CVE-2023-46247.json) (`2023-12-13T20:15:49.360`) +* [CVE-2023-49296](CVE-2023/CVE-2023-492xx/CVE-2023-49296.json) (`2023-12-13T20:15:49.587`) +* [CVE-2023-50441](CVE-2023/CVE-2023-504xx/CVE-2023-50441.json) (`2023-12-13T20:15:49.790`) +* [CVE-2023-50444](CVE-2023/CVE-2023-504xx/CVE-2023-50444.json) (`2023-12-13T20:15:49.840`) +* [CVE-2023-6773](CVE-2023/CVE-2023-67xx/CVE-2023-6773.json) (`2023-12-13T20:15:49.890`) +* [CVE-2023-6774](CVE-2023/CVE-2023-67xx/CVE-2023-6774.json) (`2023-12-13T20:15:50.140`) ### CVEs modified in the last Commit -Recently modified CVEs: `32` +Recently modified CVEs: `55` -* [CVE-2023-5955](CVE-2023/CVE-2023-59xx/CVE-2023-5955.json) (`2023-12-13T17:29:12.180`) -* [CVE-2023-49800](CVE-2023/CVE-2023-498xx/CVE-2023-49800.json) (`2023-12-13T17:30:47.393`) -* [CVE-2023-5940](CVE-2023/CVE-2023-59xx/CVE-2023-5940.json) (`2023-12-13T17:39:17.437`) -* [CVE-2023-49490](CVE-2023/CVE-2023-494xx/CVE-2023-49490.json) (`2023-12-13T17:43:33.160`) -* [CVE-2023-42891](CVE-2023/CVE-2023-428xx/CVE-2023-42891.json) (`2023-12-13T17:46:10.560`) -* [CVE-2023-50457](CVE-2023/CVE-2023-504xx/CVE-2023-50457.json) (`2023-12-13T18:02:33.973`) -* [CVE-2023-50456](CVE-2023/CVE-2023-504xx/CVE-2023-50456.json) (`2023-12-13T18:02:57.440`) -* [CVE-2023-50455](CVE-2023/CVE-2023-504xx/CVE-2023-50455.json) (`2023-12-13T18:03:08.230`) -* [CVE-2023-50454](CVE-2023/CVE-2023-504xx/CVE-2023-50454.json) (`2023-12-13T18:04:38.017`) -* [CVE-2023-49782](CVE-2023/CVE-2023-497xx/CVE-2023-49782.json) (`2023-12-13T18:05:03.240`) -* [CVE-2023-6337](CVE-2023/CVE-2023-63xx/CVE-2023-6337.json) (`2023-12-13T18:06:18.783`) -* [CVE-2023-42890](CVE-2023/CVE-2023-428xx/CVE-2023-42890.json) (`2023-12-13T18:10:56.723`) -* [CVE-2023-49788](CVE-2023/CVE-2023-497xx/CVE-2023-49788.json) (`2023-12-13T18:11:14.110`) -* [CVE-2023-42886](CVE-2023/CVE-2023-428xx/CVE-2023-42886.json) (`2023-12-13T18:14:03.663`) -* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-12-13T18:15:43.387`) -* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-12-13T18:15:43.537`) -* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-12-13T18:15:44.510`) -* [CVE-2023-42884](CVE-2023/CVE-2023-428xx/CVE-2023-42884.json) (`2023-12-13T18:25:12.683`) -* [CVE-2023-42883](CVE-2023/CVE-2023-428xx/CVE-2023-42883.json) (`2023-12-13T18:29:00.980`) -* [CVE-2023-42882](CVE-2023/CVE-2023-428xx/CVE-2023-42882.json) (`2023-12-13T18:30:30.523`) -* [CVE-2023-48311](CVE-2023/CVE-2023-483xx/CVE-2023-48311.json) (`2023-12-13T18:39:26.447`) -* [CVE-2023-6574](CVE-2023/CVE-2023-65xx/CVE-2023-6574.json) (`2023-12-13T18:45:36.640`) -* [CVE-2023-6575](CVE-2023/CVE-2023-65xx/CVE-2023-6575.json) (`2023-12-13T18:45:52.623`) -* [CVE-2023-34320](CVE-2023/CVE-2023-343xx/CVE-2023-34320.json) (`2023-12-13T18:46:07.917`) -* [CVE-2023-4486](CVE-2023/CVE-2023-44xx/CVE-2023-4486.json) (`2023-12-13T18:47:41.807`) +* [CVE-2023-42906](CVE-2023/CVE-2023-429xx/CVE-2023-42906.json) (`2023-12-13T19:51:46.413`) +* [CVE-2023-42901](CVE-2023/CVE-2023-429xx/CVE-2023-42901.json) (`2023-12-13T19:52:31.333`) +* [CVE-2023-42902](CVE-2023/CVE-2023-429xx/CVE-2023-42902.json) (`2023-12-13T19:52:46.847`) +* [CVE-2023-42903](CVE-2023/CVE-2023-429xx/CVE-2023-42903.json) (`2023-12-13T19:53:01.920`) +* [CVE-2023-5907](CVE-2023/CVE-2023-59xx/CVE-2023-5907.json) (`2023-12-13T19:55:59.017`) +* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-13T19:56:50.143`) +* [CVE-2023-45670](CVE-2023/CVE-2023-456xx/CVE-2023-45670.json) (`2023-12-13T20:15:49.010`) +* [CVE-2023-45671](CVE-2023/CVE-2023-456xx/CVE-2023-45671.json) (`2023-12-13T20:15:49.170`) +* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-12-13T20:15:49.260`) +* [CVE-2023-6507](CVE-2023/CVE-2023-65xx/CVE-2023-6507.json) (`2023-12-13T20:17:39.047`) +* [CVE-2023-49417](CVE-2023/CVE-2023-494xx/CVE-2023-49417.json) (`2023-12-13T20:23:25.940`) +* [CVE-2023-49418](CVE-2023/CVE-2023-494xx/CVE-2023-49418.json) (`2023-12-13T20:26:37.280`) +* [CVE-2023-6671](CVE-2023/CVE-2023-66xx/CVE-2023-6671.json) (`2023-12-13T20:26:53.753`) +* [CVE-2023-5749](CVE-2023/CVE-2023-57xx/CVE-2023-5749.json) (`2023-12-13T20:28:26.880`) +* [CVE-2023-5750](CVE-2023/CVE-2023-57xx/CVE-2023-5750.json) (`2023-12-13T20:28:36.853`) +* [CVE-2023-5757](CVE-2023/CVE-2023-57xx/CVE-2023-5757.json) (`2023-12-13T20:29:04.543`) +* [CVE-2023-6657](CVE-2023/CVE-2023-66xx/CVE-2023-6657.json) (`2023-12-13T20:30:26.467`) +* [CVE-2023-50463](CVE-2023/CVE-2023-504xx/CVE-2023-50463.json) (`2023-12-13T20:33:08.687`) +* [CVE-2023-6658](CVE-2023/CVE-2023-66xx/CVE-2023-6658.json) (`2023-12-13T20:34:08.910`) +* [CVE-2023-36646](CVE-2023/CVE-2023-366xx/CVE-2023-36646.json) (`2023-12-13T20:38:27.083`) +* [CVE-2023-36652](CVE-2023/CVE-2023-366xx/CVE-2023-36652.json) (`2023-12-13T20:42:54.737`) +* [CVE-2023-36654](CVE-2023/CVE-2023-366xx/CVE-2023-36654.json) (`2023-12-13T20:51:12.487`) +* [CVE-2023-40446](CVE-2023/CVE-2023-404xx/CVE-2023-40446.json) (`2023-12-13T20:56:06.690`) +* [CVE-2023-50465](CVE-2023/CVE-2023-504xx/CVE-2023-50465.json) (`2023-12-13T20:56:40.520`) +* [CVE-2023-42897](CVE-2023/CVE-2023-428xx/CVE-2023-42897.json) (`2023-12-13T20:57:23.147`) ## Download and Usage