admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-15T23:00:17.757023+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-15 23:00:21 +00:00
parent 2b5c8dba93
commit a007f43a04
28 changed files with 14026 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2021/CVE-2021-238xx/CVE-2021-23887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-23887",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-04-15T08:15:14.713",
"lastModified": "2023-11-07T03:30:58.747",
"vulnStatus": "Modified",
"lastModified": "2023-11-15T21:17:14.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,11 +126,17 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10354",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10357",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link"
]
}
]
}

31
CVE-2021/CVE-2021-238xx/CVE-2021-23895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-23895",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-06-02T13:15:12.363",
"lastModified": "2023-11-07T03:31:00.637",
"vulnStatus": "Modified",
"lastModified": "2023-11-15T21:17:04.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,8 +21,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
@ -30,14 +30,14 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,10 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10359",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link"
]
}
]
}

23
CVE-2021/CVE-2021-318xx/CVE-2021-31833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31833",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2022-01-04T10:15:07.977",
"lastModified": "2023-11-07T03:35:02.430",
"vulnStatus": "Modified",
"lastModified": "2023-11-15T21:03:26.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,10 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10370",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link"
]
}
]
}

26
CVE-2021/CVE-2021-318xx/CVE-2021-31834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31834",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-10-22T11:15:07.837",
"lastModified": "2023-11-07T03:35:02.857",
"vulnStatus": "Modified",
"lastModified": "2023-11-15T21:02:01.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -88,11 +98,6 @@
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE158C6-F59B-47CB-B525-B2F33BAD32F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
@ -156,7 +161,10 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2022/CVE-2022-467xx/CVE-2022-46705.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46705",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:12.820",
"lastModified": "2023-06-08T00:15:09.470",
"lastModified": "2023-11-15T21:15:07.583",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-Other"
}
]
}
@ -83,6 +83,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213530",
"source": "product-security@apple.com",

8
CVE-2022/CVE-2022-467xx/CVE-2022-46725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46725",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.420",
"lastModified": "2023-08-19T00:43:53.407",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-15T21:15:07.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-323xx/CVE-2023-32359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32359",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:09.053",
"lastModified": "2023-11-02T14:03:20.657",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-15T21:15:07.783",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com",

20
CVE-2023/CVE-2023-414xx/CVE-2023-41442.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41442",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:27.673",
"lastModified": "2023-11-15T22:15:27.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component."
}
],
"metrics": {},
"references": [
{
"url": "https://writeups.ayyappan.me/v/tor-iot-mqtt/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-419xx/CVE-2023-41983.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41983",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.110",
"lastModified": "2023-11-15T05:15:09.777",
"lastModified": "2023-11-15T21:15:07.880",
"vulnStatus": "Modified",
"descriptions": [
{
@ -134,6 +134,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/",
"source": "product-security@apple.com"

6
CVE-2023/CVE-2023-428xx/CVE-2023-42852.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42852",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.843",
"lastModified": "2023-11-15T05:15:09.963",
"lastModified": "2023-11-15T21:15:07.957",
"vulnStatus": "Modified",
"descriptions": [
{
@ -162,6 +162,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/",
"source": "product-security@apple.com"

343
CVE-2023/CVE-2023-42xx/CVE-2023-4249.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4249",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-08T23:15:11.967",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T22:31:21.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras \n\nwith firmware version M2.1.6.05 has a \ncommand injection vulnerability in their implementation of their \nbinaries and handling of network requests.\n\n"
},
{
"lang": "es",
"value": "IP Cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220 y CD321 con versi\u00f3n de firmware M2.1.6.05 tienen una vulnerabilidad de inyecci\u00f3n de comandos en la implementaci\u00f3n de sus archivos binarios y en el manejo de solicitudes de red.62611"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,313 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "D543FC87-52FF-4BC4-BE57-949BB23D88AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30F595D2-3CB4-4444-A01F-CE38CBE2D0DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA43E48-E3D0-4913-9040-BF11D9E61385"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B008EE1F-5B08-417A-8206-20F1362DB911"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E3CDA-3C8B-4894-A42A-CFC5AA077047"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5240BE7-31E4-4A40-A480-E744E3CAEA3A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF6549F-9E86-4B45-8B60-BB62BEB72B19"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9285F916-50BE-4E41-8EF3-97D882B54CD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7DBB50-D334-493F-B661-04C798383D29"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C32A113-76F5-4EBD-BD15-EFBB17F0942C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "883549EB-5A5B-437E-8B10-D7C691142B92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC86EF14-298F-414E-8558-1D025CDF6057"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "C43C9ED3-167E-4424-841E-50A56FF398F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEC44B0-C2C7-4306-91CA-AA841B23498D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8483A6-426F-4595-8B7F-1FC04E9B31FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766018BD-DD32-420A-9511-D97D9DE46BBA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "779DE260-60AA-465E-957D-B7502E806863"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60E1FE1-F2E8-4BF7-A33D-4ED4D72BF360"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC7EEC-C4A5-4F79-9608-D02E29356217"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8623A941-0514-49BD-967D-E347F6F99329"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35DCACBC-6483-4113-BC77-041BE4D692F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E906053-BE44-45B4-AD08-D7DFCFD5EDF2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43571.json
View File

File diff suppressed because it is too large Load Diff

3154
CVE-2023/CVE-2023-435xx/CVE-2023-43572.json
View File

File diff suppressed because it is too large Load Diff

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43573.json
View File

File diff suppressed because it is too large Load Diff

3154
CVE-2023/CVE-2023-435xx/CVE-2023-43574.json
View File

File diff suppressed because it is too large Load Diff

343
CVE-2023/CVE-2023-437xx/CVE-2023-43755.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43755",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-08T23:15:10.727",
"lastModified": "2023-11-09T13:46:14.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T22:27:24.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras \n\nwith firmware version M2.1.6.05 are \nvulnerable to multiple instances of stack-based overflows. During the \nprocessing and parsing of certain fields in XML elements from incoming \nnetwork requests, the product does not sufficiently check or validate \nallocated buffer size. This may lead to remote code execution.\n\n"
},
{
"lang": "es",
"value": "IP Cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220 y CD321 con versi\u00f3n de firmware M2.1.6.05 son vulnerables a m\u00faltiples instancias de desbordamientos basados en pila. Durante el procesamiento y an\u00e1lisis de ciertos campos en elementos XML de solicitudes de red entrantes, el producto no verifica ni valida suficientemente el tama\u00f1o del b\u00fafer asignado. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,313 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "D543FC87-52FF-4BC4-BE57-949BB23D88AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30F595D2-3CB4-4444-A01F-CE38CBE2D0DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA43E48-E3D0-4913-9040-BF11D9E61385"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B008EE1F-5B08-417A-8206-20F1362DB911"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E3CDA-3C8B-4894-A42A-CFC5AA077047"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5240BE7-31E4-4A40-A480-E744E3CAEA3A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF6549F-9E86-4B45-8B60-BB62BEB72B19"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9285F916-50BE-4E41-8EF3-97D882B54CD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7DBB50-D334-493F-B661-04C798383D29"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C32A113-76F5-4EBD-BD15-EFBB17F0942C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "883549EB-5A5B-437E-8B10-D7C691142B92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC86EF14-298F-414E-8558-1D025CDF6057"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "C43C9ED3-167E-4424-841E-50A56FF398F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEC44B0-C2C7-4306-91CA-AA841B23498D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8483A6-426F-4595-8B7F-1FC04E9B31FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766018BD-DD32-420A-9511-D97D9DE46BBA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "779DE260-60AA-465E-957D-B7502E806863"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60E1FE1-F2E8-4BF7-A33D-4ED4D72BF360"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC7EEC-C4A5-4F79-9608-D02E29356217"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8623A941-0514-49BD-967D-E347F6F99329"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35DCACBC-6483-4113-BC77-041BE4D692F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E906053-BE44-45B4-AD08-D7DFCFD5EDF2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

14
CVE-2023/CVE-2023-447xx/CVE-2023-44760.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-44760",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-23T22:15:09.257",
"lastModified": "2023-10-30T11:36:19.077",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-15T22:15:27.730",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics."
"value": "Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by \"sromanhu\" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly."
},
{
"lang": "es",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes/issues/1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes",
"source": "cve@mitre.org",
@ -75,6 +79,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766",
"source": "cve@mitre.org"
}
]
}

14
CVE-2023/CVE-2023-447xx/CVE-2023-44766.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.977",
"lastModified": "2023-10-06T19:06:47.970",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-15T22:15:27.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings."
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para SEO - Extra desde Configuraci\u00f3n de p\u00e1gina."
}
],
"metrics": {
@ -70,6 +74,10 @@
"tags": [
"Exploit"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/security-advisory-2023-10-31-concrete-cms-rejects-cve-2023-44760-and-cve-2023-44766",
"source": "cve@mitre.org"
}
]
}

343
CVE-2023/CVE-2023-452xx/CVE-2023-45225.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45225",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-08T23:15:11.790",
"lastModified": "2023-11-09T13:46:14.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T22:31:44.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras\u00a0 with firmware version M2.1.6.05 are \nvulnerable to multiple instances of stack-based overflows. While parsing\n certain XML elements from incoming network requests, the product does \nnot sufficiently check or validate allocated buffer size. This may lead \nto remote code execution.\n\n"
},
{
"lang": "es",
"value": "IP Cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220 y CD321 con versi\u00f3n de firmware M2.1.6.05 son vulnerables a m\u00faltiples instancias de desbordamientos basados en pila. Al analizar ciertos elementos XML de solicitudes de red entrantes, el producto no verifica ni valida suficientemente el tama\u00f1o del b\u00fafer asignado. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,313 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "D543FC87-52FF-4BC4-BE57-949BB23D88AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30F595D2-3CB4-4444-A01F-CE38CBE2D0DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA43E48-E3D0-4913-9040-BF11D9E61385"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B008EE1F-5B08-417A-8206-20F1362DB911"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E3CDA-3C8B-4894-A42A-CFC5AA077047"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5240BE7-31E4-4A40-A480-E744E3CAEA3A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF6549F-9E86-4B45-8B60-BB62BEB72B19"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9285F916-50BE-4E41-8EF3-97D882B54CD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7DBB50-D334-493F-B661-04C798383D29"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C32A113-76F5-4EBD-BD15-EFBB17F0942C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "883549EB-5A5B-437E-8B10-D7C691142B92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC86EF14-298F-414E-8558-1D025CDF6057"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "C43C9ED3-167E-4424-841E-50A56FF398F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEC44B0-C2C7-4306-91CA-AA841B23498D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8483A6-426F-4595-8B7F-1FC04E9B31FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*",
"matchCriteriaId": "766018BD-DD32-420A-9511-D97D9DE46BBA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "779DE260-60AA-465E-957D-B7502E806863"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60E1FE1-F2E8-4BF7-A33D-4ED4D72BF360"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC7EEC-C4A5-4F79-9608-D02E29356217"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8623A941-0514-49BD-967D-E347F6F99329"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35DCACBC-6483-4113-BC77-041BE4D692F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E906053-BE44-45B4-AD08-D7DFCFD5EDF2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47345.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47345",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:27.877",
"lastModified": "2023-11-15T22:15:27.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/483",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-473xx/CVE-2023-47347.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47347",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:27.930",
"lastModified": "2023-11-15T22:15:27.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/496",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-474xx/CVE-2023-47444.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47444",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:27.977",
"lastModified": "2023-11-15T22:15:27.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server."
}
],
"metrics": {},
"references": [
{
"url": "https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/",
"source": "cve@mitre.org"
}
]
}

15
CVE-2023/CVE-2023-476xx/CVE-2023-47638.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-47638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-15T21:15:08.050",
"lastModified": "2023-11-15T21:15:08.050",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: Confirm reference is not public."
}
],
"metrics": {},
"references": []
}

63
CVE-2023/CVE-2023-482xx/CVE-2023-48224.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-48224",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-15T21:15:08.100",
"lastModified": "2023-11-15T21:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358",
"source": "security-advisories@github.com"
},
{
"url": "https://peps.python.org/pep-0506/",
"source": "security-advisories@github.com"
}
]
}

43
CVE-2023/CVE-2023-483xx/CVE-2023-48365.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-48365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T22:15:28.027",
"lastModified": "2023-11-15T22:15:28.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-11-15T14:15:07.503",
"lastModified": "2023-11-15T21:15:08.333",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-10-02",
"cisaActionDue": "2023-10-23",
@ -561,6 +561,10 @@
"url": "https://support.apple.com/kb/HT213961",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://support.apple.com/kb/HT213972",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://twitter.com/maddiestone/status/1707163313711497266",
"source": "chrome-cve-admin@google.com",

55
CVE-2023/CVE-2023-61xx/CVE-2023-6105.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6105",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-11-15T21:15:08.490",
"lastModified": "2023-11-15T21:15:08.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-35",
"source": "vulnreport@tenable.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-15T21:00:18.073656+00:00
2023-11-15T23:00:17.757023+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-15T20:49:17.243000+00:00
2023-11-15T22:32:21.157000+00:00
```
### Last Data Feed Release
@ -29,53 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230864
230872
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `8`
* [CVE-2023-48011](CVE-2023/CVE-2023-480xx/CVE-2023-48011.json) (`2023-11-15T19:15:07.693`)
* [CVE-2023-48013](CVE-2023/CVE-2023-480xx/CVE-2023-48013.json) (`2023-11-15T19:15:07.753`)
* [CVE-2023-48014](CVE-2023/CVE-2023-480xx/CVE-2023-48014.json) (`2023-11-15T19:15:07.803`)
* [CVE-2023-48219](CVE-2023/CVE-2023-482xx/CVE-2023-48219.json) (`2023-11-15T19:15:07.857`)
* [CVE-2023-22818](CVE-2023/CVE-2023-228xx/CVE-2023-22818.json) (`2023-11-15T20:15:07.157`)
* [CVE-2023-30954](CVE-2023/CVE-2023-309xx/CVE-2023-30954.json) (`2023-11-15T20:15:07.380`)
* [CVE-2023-41699](CVE-2023/CVE-2023-416xx/CVE-2023-41699.json) (`2023-11-15T20:15:07.580`)
* [CVE-2023-47636](CVE-2023/CVE-2023-476xx/CVE-2023-47636.json) (`2023-11-15T20:15:07.803`)
* [CVE-2023-47637](CVE-2023/CVE-2023-476xx/CVE-2023-47637.json) (`2023-11-15T20:15:08.013`)
* [CVE-2023-47638](CVE-2023/CVE-2023-476xx/CVE-2023-47638.json) (`2023-11-15T21:15:08.050`)
* [CVE-2023-48224](CVE-2023/CVE-2023-482xx/CVE-2023-48224.json) (`2023-11-15T21:15:08.100`)
* [CVE-2023-6105](CVE-2023/CVE-2023-61xx/CVE-2023-6105.json) (`2023-11-15T21:15:08.490`)
* [CVE-2023-41442](CVE-2023/CVE-2023-414xx/CVE-2023-41442.json) (`2023-11-15T22:15:27.673`)
* [CVE-2023-47345](CVE-2023/CVE-2023-473xx/CVE-2023-47345.json) (`2023-11-15T22:15:27.877`)
* [CVE-2023-47347](CVE-2023/CVE-2023-473xx/CVE-2023-47347.json) (`2023-11-15T22:15:27.930`)
* [CVE-2023-47444](CVE-2023/CVE-2023-474xx/CVE-2023-47444.json) (`2023-11-15T22:15:27.977`)
* [CVE-2023-48365](CVE-2023/CVE-2023-483xx/CVE-2023-48365.json) (`2023-11-15T22:15:28.027`)
### CVEs modified in the last Commit
Recently modified CVEs: `58`
Recently modified CVEs: `19`
* [CVE-2022-0861](CVE-2022/CVE-2022-08xx/CVE-2022-0861.json) (`2023-11-15T20:23:19.523`)
* [CVE-2022-0842](CVE-2022/CVE-2022-08xx/CVE-2022-0842.json) (`2023-11-15T20:24:37.953`)
* [CVE-2023-32579](CVE-2023/CVE-2023-325xx/CVE-2023-32579.json) (`2023-11-15T19:00:31.357`)
* [CVE-2023-34031](CVE-2023/CVE-2023-340xx/CVE-2023-34031.json) (`2023-11-15T19:01:59.513`)
* [CVE-2023-6069](CVE-2023/CVE-2023-60xx/CVE-2023-6069.json) (`2023-11-15T19:05:02.740`)
* [CVE-2023-28495](CVE-2023/CVE-2023-284xx/CVE-2023-28495.json) (`2023-11-15T19:05:14.223`)
* [CVE-2023-28497](CVE-2023/CVE-2023-284xx/CVE-2023-28497.json) (`2023-11-15T19:06:34.483`)
* [CVE-2023-28498](CVE-2023/CVE-2023-284xx/CVE-2023-28498.json) (`2023-11-15T19:09:32.613`)
* [CVE-2023-27436](CVE-2023/CVE-2023-274xx/CVE-2023-27436.json) (`2023-11-15T19:09:41.087`)
* [CVE-2023-27438](CVE-2023/CVE-2023-274xx/CVE-2023-27438.json) (`2023-11-15T19:12:13.987`)
* [CVE-2023-20273](CVE-2023/CVE-2023-202xx/CVE-2023-20273.json) (`2023-11-15T19:13:12.563`)
* [CVE-2023-27441](CVE-2023/CVE-2023-274xx/CVE-2023-27441.json) (`2023-11-15T19:15:28.277`)
* [CVE-2023-27445](CVE-2023/CVE-2023-274xx/CVE-2023-27445.json) (`2023-11-15T19:18:33.467`)
* [CVE-2023-46363](CVE-2023/CVE-2023-463xx/CVE-2023-46363.json) (`2023-11-15T19:22:31.510`)
* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-11-15T19:29:03.473`)
* [CVE-2023-4759](CVE-2023/CVE-2023-47xx/CVE-2023-4759.json) (`2023-11-15T19:35:44.150`)
* [CVE-2023-46362](CVE-2023/CVE-2023-463xx/CVE-2023-46362.json) (`2023-11-15T19:49:17.137`)
* [CVE-2023-47379](CVE-2023/CVE-2023-473xx/CVE-2023-47379.json) (`2023-11-15T20:12:54.297`)
* [CVE-2023-45849](CVE-2023/CVE-2023-458xx/CVE-2023-45849.json) (`2023-11-15T20:15:38.037`)
* [CVE-2023-45319](CVE-2023/CVE-2023-453xx/CVE-2023-45319.json) (`2023-11-15T20:15:50.193`)
* [CVE-2023-5759](CVE-2023/CVE-2023-57xx/CVE-2023-5759.json) (`2023-11-15T20:17:01.213`)
* [CVE-2023-46777](CVE-2023/CVE-2023-467xx/CVE-2023-46777.json) (`2023-11-15T20:21:23.860`)
* [CVE-2023-39284](CVE-2023/CVE-2023-392xx/CVE-2023-39284.json) (`2023-11-15T20:32:55.707`)
* [CVE-2023-3959](CVE-2023/CVE-2023-39xx/CVE-2023-3959.json) (`2023-11-15T20:44:58.910`)
* [CVE-2023-39435](CVE-2023/CVE-2023-394xx/CVE-2023-39435.json) (`2023-11-15T20:47:32.743`)
* [CVE-2021-31834](CVE-2021/CVE-2021-318xx/CVE-2021-31834.json) (`2023-11-15T21:02:01.610`)
* [CVE-2021-31833](CVE-2021/CVE-2021-318xx/CVE-2021-31833.json) (`2023-11-15T21:03:26.983`)
* [CVE-2021-23895](CVE-2021/CVE-2021-238xx/CVE-2021-23895.json) (`2023-11-15T21:17:04.447`)
* [CVE-2021-23887](CVE-2021/CVE-2021-238xx/CVE-2021-23887.json) (`2023-11-15T21:17:14.920`)
* [CVE-2022-46705](CVE-2022/CVE-2022-467xx/CVE-2022-46705.json) (`2023-11-15T21:15:07.583`)
* [CVE-2022-46725](CVE-2022/CVE-2022-467xx/CVE-2022-46725.json) (`2023-11-15T21:15:07.697`)
* [CVE-2023-32359](CVE-2023/CVE-2023-323xx/CVE-2023-32359.json) (`2023-11-15T21:15:07.783`)
* [CVE-2023-41983](CVE-2023/CVE-2023-419xx/CVE-2023-41983.json) (`2023-11-15T21:15:07.880`)
* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2023-11-15T21:15:07.957`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-11-15T21:15:08.333`)
* [CVE-2023-43571](CVE-2023/CVE-2023-435xx/CVE-2023-43571.json) (`2023-11-15T21:15:32.450`)
* [CVE-2023-43572](CVE-2023/CVE-2023-435xx/CVE-2023-43572.json) (`2023-11-15T21:16:30.670`)
* [CVE-2023-43573](CVE-2023/CVE-2023-435xx/CVE-2023-43573.json) (`2023-11-15T21:24:40.690`)
* [CVE-2023-44760](CVE-2023/CVE-2023-447xx/CVE-2023-44760.json) (`2023-11-15T22:15:27.730`)
* [CVE-2023-44766](CVE-2023/CVE-2023-447xx/CVE-2023-44766.json) (`2023-11-15T22:15:27.807`)
* [CVE-2023-43755](CVE-2023/CVE-2023-437xx/CVE-2023-43755.json) (`2023-11-15T22:27:24.050`)
* [CVE-2023-4249](CVE-2023/CVE-2023-42xx/CVE-2023-4249.json) (`2023-11-15T22:31:21.747`)
* [CVE-2023-45225](CVE-2023/CVE-2023-452xx/CVE-2023-45225.json) (`2023-11-15T22:31:44.127`)
* [CVE-2023-43574](CVE-2023/CVE-2023-435xx/CVE-2023-43574.json) (`2023-11-15T22:32:21.157`)
## Download and Usage