admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T23:00:25.423840+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 23:00:29 +00:00
parent 9dbc8a91fe
commit a230b6bf8d
25 changed files with 1459 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2022/CVE-2022-398xx/CVE-2022-39818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39818",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:07.880",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:51.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en /cgi-bin/R19.9/log.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro cmd HTTP GET. Esto permite a los usuarios autenticados ejecutar comandos, con privilegios de root, en el sistema operativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-398xx/CVE-2022-39820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39820",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.013",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:40.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En Network Element Manager en NOKIA NFM-T R19.9, se produce una vulnerabilidad de almacenamiento de credenciales desprotegidas en /root/RestUploadManager.xml.DRC y /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. Un usuario remoto, autenticado en el sistema operativo, con privilegios de acceso al directorio /root o /DEPOT, puede leer credenciales en texto plano para acceder al portal web NFM-T y controlar todos los elementos de la red PPS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-398xx/CVE-2022-39822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39822",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.060",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:25.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n SQL en /cgi-bin/R19.9/easy1350.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro GET HTTP id o host. Se requiere un atacante autenticado para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-417xx/CVE-2022-41760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41760",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.110",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:14.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. El Path Traversal relativo puede ocurrir en /oms1350/data/cpb/log de Network Element Manager a trav\u00e9s del par\u00e1metro filename, lo que permite a un atacante remoto autenticado leer archivos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-417xx/CVE-2022-41761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.157",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:06.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. Existe una vulnerabilidad Absolute Path Traversal en /cgi-bin/R19.9/viewlog.pl de VM Manager WebUI a trav\u00e9s del par\u00e1metro logfile, lo que permite a un atacante remoto autenticado leer archivos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-417xx/CVE-2022-41762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41762",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.203",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:00:55.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. Existen m\u00faltiples vulnerabilidades de XSS reflejado en Network Element Manager a trav\u00e9s de cualquier par\u00e1metro de log.pl, el par\u00e1metro bench o pid de top.pl o el par\u00e1metro id de easy1350.pl."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-271xx/CVE-2023-27150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27150",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T04:15:07.713",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:26:47.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s del campo Name despu\u00e9s de la creaci\u00f3n de un Tracker en Manage Activity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.opencrx.org/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

64
CVE-2023/CVE-2023-304xx/CVE-2023-30451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30451",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T05:15:08.553",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:02:47.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En TYPO3 11.5.24, el componente filelist permite a los atacantes (que tienen acceso al panel de administrador) leer archivos arbitrarios a trav\u00e9s del directory traversal en el campo baseuri, como lo demuestra POST /typo3/record/edit con ../../. ./ en datos[sys_file_storage]*[datos][sDEF][lDEF][basePath][vDEF]."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:11.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "39861941-0E9B-46A9-9C88-4886FEE7C544"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2023/CVE-2023-364xx/CVE-2023-36485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.497",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:54:54.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,88 @@
"value": "El motor de workflow de ILIAS anterior a 7.23 y 8 anterior a 8.3 permite a usuarios remotos autenticados ejecutar comandos arbitrarios del sistema en el servidor de aplicaciones como usuario de la aplicaci\u00f3n a trav\u00e9s de un archivo de definici\u00f3n de workflow BPMN2 malicioso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23",
"matchCriteriaId": "271144DF-BF84-49B6-BCDF-0B43CD121189"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.3",
"matchCriteriaId": "0F22AE0C-FE00-4A62-98A0-F17CFC22C307"
}
]
}
]
}
],
"references": [
{
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

81
CVE-2023/CVE-2023-364xx/CVE-2023-36486.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.560",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:54:36.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,88 @@
"value": "El motor de workflow de ILIAS anterior a 7.23 y 8 anterior a 8.3 permite a usuarios remotos autenticados ejecutar comandos arbitrarios del sistema en el servidor de aplicaciones como usuario de la aplicaci\u00f3n cargando un archivo de definici\u00f3n de workflow con un nombre de archivo malicioso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23",
"matchCriteriaId": "271144DF-BF84-49B6-BCDF-0B43CD121189"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.3",
"matchCriteriaId": "0F22AE0C-FE00-4A62-98A0-F17CFC22C307"
}
]
}
]
}
],
"references": [
{
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

106
CVE-2023/CVE-2023-383xx/CVE-2023-38321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T09:15:07.223",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:30:12.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,113 @@
"value": "OpenNDS, tal como se usa en Sierra Wireless ALEOS anteriores a 4.17.0.12 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia de puntero NULL, ca\u00edda del daemon e interrupci\u00f3n de Captive Portal) a trav\u00e9s de una solicitud GET a /opennds_auth/ que carece de una configuraci\u00f3n personalizada. par\u00e1metro de cadena de consulta y token de cliente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.17.0.12",
"matchCriteriaId": "A2373390-F865-4A67-B66D-C9B5A379C842"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-388xx/CVE-2023-38826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.630",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:54:24.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) en Follet Learning Solutions Destiny hasta 20.0_1U. a trav\u00e9s de handlewpesearchform.do. searchString."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:follettlearning:solutions_destiny:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20.0_1u",
"matchCriteriaId": "0CB1D482-552C-4F9E-83E5-52E54B5D6CFF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.follettlearning.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-430xx/CVE-2023-43064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43064",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-25T03:15:08.210",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:03:54.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,14 +70,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267689",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7101330",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-492xx/CVE-2023-49226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49226",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.760",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:54:12.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La inyecci\u00f3n de comandos en la funci\u00f3n traceroute de la consola de administraci\u00f3n permite a los usuarios con privilegios de administrador ejecutar comandos arbitrarios como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-494xx/CVE-2023-49442.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49442",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T21:15:08.467",
"lastModified": "2024-01-03T21:15:08.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://lemono.fun/thoughts/JEECG-RCE.html",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-498xx/CVE-2023-49880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49880",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-25T03:15:08.430",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:03:07.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*",
"matchCriteriaId": "DD9A7D3A-B68C-49A6-AEB6-5509ED41E63E"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273183",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7101167",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-499xx/CVE-2023-49944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49944",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.833",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:53:45.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "La funci\u00f3n Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta funci\u00f3n descifrando la clave compartida o localizando la clave compartida descifrada en la memoria de proceso. La amenaza se mitiga mediante la funci\u00f3n Agent Protection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-07-14",
"matchCriteriaId": "BBEDF0F2-0E81-4D6D-88F9-B077DA019524"
}
]
}
]
}
],
"references": [
{
"url": "https://www.beyondtrust.com/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-499xx/CVE-2023-49954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49954",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.933",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T22:32:37.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,74 @@
"value": "La integraci\u00f3n de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyecci\u00f3n SQL a trav\u00e9s de un nombre, cadena de b\u00fasqueda o direcci\u00f3n de correo electr\u00f3nico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0.9.23",
"matchCriteriaId": "1BA26323-4B0D-419F-88BD-DFEE4BD66994"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0",
"versionEndExcluding": "20.0.0.1494",
"matchCriteriaId": "93E5C359-516D-4652-B4E8-B57F486DAC75"
}
]
}
]
}
],
"references": [
{
"url": "https://cve-2023-49954.github.io/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-513xx/CVE-2023-51363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51363",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.760",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:08:47.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Versi\u00f3n del firmware VR-S1000. 2.37 y anteriores permiten que un atacante no autenticado adyacente a la red pueda acceder a la p\u00e1gina de administraci\u00f3n web del producto para obtener informaci\u00f3n confidencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.37",
"matchCriteriaId": "C961815C-579A-4422-8C61-467B547E0D23"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45640129-5499-47CD-A890-A86F4B79B6C8"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN23771490/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.buffalo.jp/news/detail/20231225-01.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-517xx/CVE-2023-51771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51771",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T05:15:08.730",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:02:26.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "En MicroHttpServer (tambi\u00e9n conocido como Micro HTTP Server) hasta a8ab029, _ParseHeader en lib/server.c permite un desbordamiento de b\u00fafer de recepci\u00f3n de un byte a trav\u00e9s de un URI largo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:starnight:micro_http_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1464DBE3-B59A-4C81-A17F-DD3F18EB7AFC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/starnight/MicroHttpServer/issues/8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/starnight/MicroHttpServer/tree/a8ab029c9a26a4c9f26b9d8a2757b8299aaff120",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

15
CVE-2023/CVE-2023-521xx/CVE-2023-52140.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-52140",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T22:15:11.187",
"lastModified": "2024-01-03T22:15:11.187",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none."
}
],
"metrics": {},
"references": []
}

15
CVE-2023/CVE-2023-521xx/CVE-2023-52141.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-52141",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T22:15:11.380",
"lastModified": "2024-01-03T22:15:11.380",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none."
}
],
"metrics": {},
"references": []
}

55
CVE-2023/CVE-2023-63xx/CVE-2023-6338.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6338",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-03T21:15:08.547",
"lastModified": "2024-01-03T21:15:08.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-121183",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6540.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6540",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-03T21:15:08.940",
"lastModified": "2024-01-03T21:15:08.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/419251",
"source": "psirt@lenovo.com"
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-03T21:00:24.516862+00:00
2024-01-03T23:00:25.423840+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-03T20:57:31.317000+00:00
2024-01-03T22:54:54.397000+00:00
```
### Last Data Feed Release
@ -29,48 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234819
234824
```
### CVEs added in the last Commit
Recently added CVEs: `5`
* [CVE-2023-46929](CVE-2023/CVE-2023-469xx/CVE-2023-46929.json) (`2024-01-03T19:15:08.390`)
* [CVE-2023-50090](CVE-2023/CVE-2023-500xx/CVE-2023-50090.json) (`2024-01-03T20:15:21.660`)
* [CVE-2023-5879](CVE-2023/CVE-2023-58xx/CVE-2023-5879.json) (`2024-01-03T20:15:21.737`)
* [CVE-2023-5880](CVE-2023/CVE-2023-58xx/CVE-2023-5880.json) (`2024-01-03T20:15:21.833`)
* [CVE-2023-5881](CVE-2023/CVE-2023-58xx/CVE-2023-5881.json) (`2024-01-03T20:15:21.903`)
* [CVE-2023-49442](CVE-2023/CVE-2023-494xx/CVE-2023-49442.json) (`2024-01-03T21:15:08.467`)
* [CVE-2023-6338](CVE-2023/CVE-2023-63xx/CVE-2023-6338.json) (`2024-01-03T21:15:08.547`)
* [CVE-2023-6540](CVE-2023/CVE-2023-65xx/CVE-2023-6540.json) (`2024-01-03T21:15:08.940`)
* [CVE-2023-52140](CVE-2023/CVE-2023-521xx/CVE-2023-52140.json) (`2024-01-03T22:15:11.187`)
* [CVE-2023-52141](CVE-2023/CVE-2023-521xx/CVE-2023-52141.json) (`2024-01-03T22:15:11.380`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `19`
* [CVE-2016-15036](CVE-2016/CVE-2016-150xx/CVE-2016-15036.json) (`2024-01-03T20:48:43.957`)
* [CVE-2022-43675](CVE-2022/CVE-2022-436xx/CVE-2022-43675.json) (`2024-01-03T20:57:31.317`)
* [CVE-2023-31417](CVE-2023/CVE-2023-314xx/CVE-2023-31417.json) (`2024-01-03T19:02:34.430`)
* [CVE-2023-5215](CVE-2023/CVE-2023-52xx/CVE-2023-5215.json) (`2024-01-03T19:03:11.570`)
* [CVE-2023-51662](CVE-2023/CVE-2023-516xx/CVE-2023-51662.json) (`2024-01-03T19:27:28.663`)
* [CVE-2023-51385](CVE-2023/CVE-2023-513xx/CVE-2023-51385.json) (`2024-01-03T19:40:07.653`)
* [CVE-2023-51650](CVE-2023/CVE-2023-516xx/CVE-2023-51650.json) (`2024-01-03T19:53:37.357`)
* [CVE-2023-5962](CVE-2023/CVE-2023-59xx/CVE-2023-5962.json) (`2024-01-03T20:04:06.947`)
* [CVE-2023-51649](CVE-2023/CVE-2023-516xx/CVE-2023-51649.json) (`2024-01-03T20:05:01.863`)
* [CVE-2023-50259](CVE-2023/CVE-2023-502xx/CVE-2023-50259.json) (`2024-01-03T20:07:07.073`)
* [CVE-2023-50258](CVE-2023/CVE-2023-502xx/CVE-2023-50258.json) (`2024-01-03T20:10:06.117`)
* [CVE-2023-50254](CVE-2023/CVE-2023-502xx/CVE-2023-50254.json) (`2024-01-03T20:12:07.347`)
* [CVE-2023-7090](CVE-2023/CVE-2023-70xx/CVE-2023-7090.json) (`2024-01-03T20:22:11.147`)
* [CVE-2023-7095](CVE-2023/CVE-2023-70xx/CVE-2023-7095.json) (`2024-01-03T20:24:59.943`)
* [CVE-2023-7094](CVE-2023/CVE-2023-70xx/CVE-2023-7094.json) (`2024-01-03T20:33:22.497`)
* [CVE-2023-24609](CVE-2023/CVE-2023-246xx/CVE-2023-24609.json) (`2024-01-03T20:34:37.670`)
* [CVE-2023-31297](CVE-2023/CVE-2023-312xx/CVE-2023-31297.json) (`2024-01-03T20:35:00.150`)
* [CVE-2023-28872](CVE-2023/CVE-2023-288xx/CVE-2023-28872.json) (`2024-01-03T20:35:33.797`)
* [CVE-2023-51772](CVE-2023/CVE-2023-517xx/CVE-2023-51772.json) (`2024-01-03T20:37:31.497`)
* [CVE-2023-49594](CVE-2023/CVE-2023-495xx/CVE-2023-49594.json) (`2024-01-03T20:40:02.443`)
* [CVE-2023-49328](CVE-2023/CVE-2023-493xx/CVE-2023-49328.json) (`2024-01-03T20:43:29.493`)
* [CVE-2023-51451](CVE-2023/CVE-2023-514xx/CVE-2023-51451.json) (`2024-01-03T20:52:26.203`)
* [CVE-2023-51763](CVE-2023/CVE-2023-517xx/CVE-2023-51763.json) (`2024-01-03T20:54:40.243`)
* [CVE-2023-48654](CVE-2023/CVE-2023-486xx/CVE-2023-48654.json) (`2024-01-03T20:54:40.840`)
* [CVE-2022-41762](CVE-2022/CVE-2022-417xx/CVE-2022-41762.json) (`2024-01-03T21:00:55.163`)
* [CVE-2022-41761](CVE-2022/CVE-2022-417xx/CVE-2022-41761.json) (`2024-01-03T21:01:06.787`)
* [CVE-2022-41760](CVE-2022/CVE-2022-417xx/CVE-2022-41760.json) (`2024-01-03T21:01:14.330`)
* [CVE-2022-39822](CVE-2022/CVE-2022-398xx/CVE-2022-39822.json) (`2024-01-03T21:01:25.960`)
* [CVE-2022-39820](CVE-2022/CVE-2022-398xx/CVE-2022-39820.json) (`2024-01-03T21:01:40.990`)
* [CVE-2022-39818](CVE-2022/CVE-2022-398xx/CVE-2022-39818.json) (`2024-01-03T21:01:51.820`)
* [CVE-2023-51771](CVE-2023/CVE-2023-517xx/CVE-2023-51771.json) (`2024-01-03T21:02:26.533`)
* [CVE-2023-30451](CVE-2023/CVE-2023-304xx/CVE-2023-30451.json) (`2024-01-03T21:02:47.050`)
* [CVE-2023-49880](CVE-2023/CVE-2023-498xx/CVE-2023-49880.json) (`2024-01-03T21:03:07.817`)
* [CVE-2023-43064](CVE-2023/CVE-2023-430xx/CVE-2023-43064.json) (`2024-01-03T21:03:54.537`)
* [CVE-2023-51363](CVE-2023/CVE-2023-513xx/CVE-2023-51363.json) (`2024-01-03T21:08:47.153`)
* [CVE-2023-27150](CVE-2023/CVE-2023-271xx/CVE-2023-27150.json) (`2024-01-03T22:26:47.350`)
* [CVE-2023-38321](CVE-2023/CVE-2023-383xx/CVE-2023-38321.json) (`2024-01-03T22:30:12.113`)
* [CVE-2023-49954](CVE-2023/CVE-2023-499xx/CVE-2023-49954.json) (`2024-01-03T22:32:37.550`)
* [CVE-2023-49944](CVE-2023/CVE-2023-499xx/CVE-2023-49944.json) (`2024-01-03T22:53:45.343`)
* [CVE-2023-49226](CVE-2023/CVE-2023-492xx/CVE-2023-49226.json) (`2024-01-03T22:54:12.677`)
* [CVE-2023-38826](CVE-2023/CVE-2023-388xx/CVE-2023-38826.json) (`2024-01-03T22:54:24.607`)
* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2024-01-03T22:54:36.863`)
* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2024-01-03T22:54:54.397`)
## Download and Usage