admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-09T11:00:19.534475+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-09 11:00:23 +00:00
parent e9cdd71a6f
commit 93e9ecfa36
7 changed files with 148 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-206xx/CVE-2021-20609.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-20609",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2021-12-01T16:15:07.467",
"lastModified": "2022-11-24T06:15:09.027",
"lastModified": "2023-11-09T09:15:07.430",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"28\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version \"23\" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions \"16\" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions \"05\" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-206xx/CVE-2021-20610.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-20610",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2021-12-01T16:15:07.510",
"lastModified": "2022-11-25T03:15:09.607",
"lastModified": "2023-11-09T09:15:07.737",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"28\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version \"23\" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions \"16\" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions \"05\" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-206xx/CVE-2021-20611.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-20611",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2021-12-01T16:15:07.550",
"lastModified": "2022-11-25T03:15:10.123",
"lastModified": "2023-11-09T09:15:07.893",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"28\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions \"08\" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version \"23\" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions \"16\" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions \"05\" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
},
{
"lang": "es",

95
CVE-2023/CVE-2023-42xx/CVE-2023-4218.json Normal file
View File

@ -0,0 +1,95 @@
{
"id": "CVE-2023-4218",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-11-09T09:15:08.320",
"lastModified": "2023-11-09T09:15:08.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761",
"source": "emo@eclipse.org"
},
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8",
"source": "emo@eclipse.org"
}
]
}

8
CVE-2023/CVE-2023-437xx/CVE-2023-43788.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-43788",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:22.137",
"lastModified": "2023-11-07T04:21:30.080",
"lastModified": "2023-11-09T09:15:08.060",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system."
"value": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system."
},
{
"lang": "es",
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{

32
CVE-2023/CVE-2023-472xx/CVE-2023-47248.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47248",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-09T09:15:08.223",
"lastModified": "2023-11-09T09:15:08.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).\n\nThis vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings.\n\nIt is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon.\n\nIf it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n",
"source": "security@apache.org"
}
]
}

19
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-09T09:00:19.804833+00:00
2023-11-09T11:00:19.534475+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-09T08:15:07.897000+00:00
2023-11-09T09:15:08.320000+00:00
```
### Last Data Feed Release
@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230213
230215
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2023-47613](CVE-2023/CVE-2023-476xx/CVE-2023-47613.json) (`2023-11-09T07:15:07.310`)
* [CVE-2023-47248](CVE-2023/CVE-2023-472xx/CVE-2023-47248.json) (`2023-11-09T09:15:08.223`)
* [CVE-2023-4218](CVE-2023/CVE-2023-42xx/CVE-2023-4218.json) (`2023-11-09T09:15:08.320`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `4`
* [CVE-2023-46757](CVE-2023/CVE-2023-467xx/CVE-2023-46757.json) (`2023-11-09T08:15:07.703`)
* [CVE-2023-46758](CVE-2023/CVE-2023-467xx/CVE-2023-46758.json) (`2023-11-09T08:15:07.897`)
* [CVE-2021-20609](CVE-2021/CVE-2021-206xx/CVE-2021-20609.json) (`2023-11-09T09:15:07.430`)
* [CVE-2021-20610](CVE-2021/CVE-2021-206xx/CVE-2021-20610.json) (`2023-11-09T09:15:07.737`)
* [CVE-2021-20611](CVE-2021/CVE-2021-206xx/CVE-2021-20611.json) (`2023-11-09T09:15:07.893`)
* [CVE-2023-43788](CVE-2023/CVE-2023-437xx/CVE-2023-43788.json) (`2023-11-09T09:15:08.060`)
## Download and Usage