diff --git a/CVE-2022/CVE-2022-10xx/CVE-2022-1049.json b/CVE-2022/CVE-2022-10xx/CVE-2022-1049.json index f4e6a0bbdc9..f86bdf161f5 100644 --- a/CVE-2022/CVE-2022-10xx/CVE-2022-1049.json +++ b/CVE-2022/CVE-2022-10xx/CVE-2022-1049.json @@ -2,8 +2,8 @@ "id": "CVE-2022-1049", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-25T19:15:10.577", - "lastModified": "2023-02-12T22:15:22.907", - "vulnStatus": "Modified", + "lastModified": "2023-12-14T21:40:19.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json new file mode 100644 index 00000000000..9c17cf1f5de --- /dev/null +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0248.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-0248", + "sourceIdentifier": "productsecurity@jci.com", + "published": "2023-12-14T21:15:07.553", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.7.2 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", + "source": "productsecurity@jci.com" + }, + { + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "source": "productsecurity@jci.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35622.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35622.json index b28faf0df95..2c95a1f5aa9 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35622.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35622.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35622", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.260", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:27:48.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows DNS Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de DNS de Windows" } ], "metrics": { @@ -34,10 +38,79 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35624.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35624.json index fefca38eb83..cc09d372964 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35624.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35624.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35624", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.440", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:27:05.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Azure Connected Machine Agent Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios del agente de m\u00e1quina conectada de Azure" } ], "metrics": { @@ -34,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.37", + "matchCriteriaId": "3A9FBF72-2C11-4615-8B2D-2C54A4DD34B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35625.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35625.json index 3b96b822570..b847544f983 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35625.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35625.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35625", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.620", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:36:00.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Instancia inform\u00e1tica de Azure Machine Learning para usuarios de SDK Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n" } ], "metrics": { @@ -34,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:azure_machine_learning_software_development_kit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.0", + "matchCriteriaId": "7B380E6F-A069-44BE-A525-D0571C622920" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35638.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35638.json index 8e68276b676..54e157acf29 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35638.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35638.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35638", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:19.460", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:37:52.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "DHCP Server Service Denial of Service Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio del servidor DHCP" } ], "metrics": { @@ -34,10 +38,63 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36020.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36020.json index d843fefb8e5..bcc4c58e400 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36020.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36020.json @@ -2,19 +2,43 @@ "id": "CVE-2023-36020", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:22.333", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:38:39.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Microsoft Dynamics 365 (local)" } ], "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", @@ -34,10 +58,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*", + "versionStartIncluding": "9.0", + "versionEndExcluding": "9.0.51.06", + "matchCriteriaId": "4A8F8E4A-1F88-4289-A87E-4F13134371F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*", + "versionStartIncluding": "9.1", + "versionEndExcluding": "9.1.23.10", + "matchCriteriaId": "62E7E024-2265-4B9B-94D3-DEBEE95976A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36391.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36391.json index eb9d2ab1244..97e83d090c7 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36391.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36391.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36391", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:22.510", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:39:22.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Local Security Authority Subsystem Service Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servicio del subsistema de autoridad de seguridad local" } ], "metrics": { @@ -34,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json index 9250e572f1b..e6ef9717eb2 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37457", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T20:15:52.260", - "lastModified": "2023-12-14T20:15:52.260", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43364.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43364.json index 7f8e7ef66c7..97c6a42e907 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43364.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43364.json @@ -2,35 +2,108 @@ "id": "CVE-2023-43364", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T18:15:22.887", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:15:15.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution." + }, + { + "lang": "es", + "value": "main.py en Searchor anterior a 2.4.2 usa eval en la entrada CLI, lo que puede provocar la ejecuci\u00f3n inesperada de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arjunsharda:searchor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "5F8591B8-9059-4791-A680-0CD942D1EDC0" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ArjunSharda/Searchor/pull/130", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/advisories/GHSA-66m2-493m-crh2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json index be609fb75cd..181d7b07135 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45894", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T20:15:52.687", - "lastModified": "2023-12-14T20:15:52.687", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46456.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46456.json index 7b551fcd63e..775d4a53c8b 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46456.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46456.json @@ -2,23 +2,97 @@ "id": "CVE-2023-46456", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.810", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T22:49:19.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality." + }, + { + "lang": "es", + "value": "En los routers GL.iNET GL-AR300M con firmware 3.216 es posible inyectar comandos de shell arbitrarios a trav\u00e9s de la funcionalidad de carga de archivos del cliente OpenVPN." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:3.216:*:*:*:*:*:*:*", + "matchCriteriaId": "8F08932E-1C0B-4B42-8493-DFA5AB70E15D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.gl-inet.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47063.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47063.json index ed7aec9eb95..f59e0447371 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47063.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47063.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47063", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-13T10:15:08.443", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-14T22:57:56.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "27.0", + "versionEndIncluding": "27.9", + "matchCriteriaId": "8133845F-0B2F-4D65-936C-29AFDF9DE12B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:28.0:*:*:*:*:*:*:*", + "matchCriteriaId": "930BCF80-B8CE-4EF3-ABF0-222DDCCF6866" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47074.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47074.json index 53aa810ee5b..ab930cd8e36 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47074.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47074", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-13T10:15:08.823", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-14T22:57:48.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +60,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "27.0", + "versionEndIncluding": "27.9", + "matchCriteriaId": "8133845F-0B2F-4D65-936C-29AFDF9DE12B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:28.0:*:*:*:*:*:*:*", + "matchCriteriaId": "930BCF80-B8CE-4EF3-ABF0-222DDCCF6866" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47075.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47075.json index 0e11762ebe1..e5ca31b3db0 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47075.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47075.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47075", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-13T10:15:09.160", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-14T22:57:35.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "27.0", + "versionEndIncluding": "27.9", + "matchCriteriaId": "8133845F-0B2F-4D65-936C-29AFDF9DE12B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:illustrator:28.0:*:*:*:*:*:*:*", + "matchCriteriaId": "930BCF80-B8CE-4EF3-ABF0-222DDCCF6866" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47076.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47076.json index a22a3508b3a..309e09473db 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47076.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47076", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-13T10:15:09.480", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-14T22:57:27.203", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndIncluding": "17.4.2", + "matchCriteriaId": "3C6913D3-36EF-4097-9921-462CA2EDC239" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:19.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9BE54A99-6978-4EAA-A7BB-77E687B3E763" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb23-70.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47077.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47077.json index f598e2d7139..4fb1f9241cf 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47077.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47077.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47077", "sourceIdentifier": "psirt@adobe.com", "published": "2023-12-13T10:15:09.750", - "lastModified": "2023-12-13T13:35:16.620", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-14T22:57:10.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0", + "versionEndIncluding": "17.4.2", + "matchCriteriaId": "3C6913D3-36EF-4097-9921-462CA2EDC239" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:indesign:19.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9BE54A99-6978-4EAA-A7BB-77E687B3E763" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/indesign/apsb23-70.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4886.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4886.json index e1edaca0c52..9cf83e0252d 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4886.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4886.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4886", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T15:15:40.737", - "lastModified": "2023-11-07T04:23:08.180", + "lastModified": "2023-12-14T22:15:43.967", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -114,6 +114,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7851", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4886", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49089.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49089.json index c9fbfdd4645..a4ade7b9e58 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49089.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49089.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49089", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-12T19:15:07.840", - "lastModified": "2023-12-12T20:20:16.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:00:33.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue." + }, + { + "lang": "es", + "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.0, los usuarios de Backoffice con permisos para crear paquetes pueden utilizar el path traversal y, por lo tanto, escribir fuera de la ubicaci\u00f3n esperada. Las versiones 8.18.10, 10.8.1 y 12.3.0 contienen un parche para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.18.10", + "matchCriteriaId": "FAFFD03D-00A2-4AA4-A727-FA10CFC1446F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.8.1", + "matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.3.0", + "matchCriteriaId": "C6F87B7F-5070-4696-983D-42326E61B2E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49274.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49274.json index 0773b4651b0..a8b6e9c8d9b 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49274.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49274.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49274", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-12T20:15:07.993", - "lastModified": "2023-12-12T20:20:16.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T21:19:39.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue." + }, + { + "lang": "es", + "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.4, es posible un ataque de enumeraci\u00f3n de usuarios cuando SMTP no est\u00e1 configurado correctamente, pero el restablecimiento de contrase\u00f1a est\u00e1 habilitado. Las versiones 8.18.10, 10.8.1 y 12.3.4 contienen un parche para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.18.10", + "matchCriteriaId": "FAFFD03D-00A2-4AA4-A727-FA10CFC1446F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.8.1", + "matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.3.4", + "matchCriteriaId": "AD471553-62B9-4DBB-8DF6-93F7C3A08957" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json index 039605b8046..633771087c5 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49294", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T20:15:52.730", - "lastModified": "2023-12-14T20:15:52.730", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json new file mode 100644 index 00000000000..c956a90ef06 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49342.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49342", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:42.813", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49342", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-2vfg-p2h9-wg39", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json new file mode 100644 index 00000000000..273e473b4b1 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49343.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49343", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:43.027", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-337" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json new file mode 100644 index 00000000000..7b1b38fff70 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49344.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49344", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:43.220", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49344", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rhwf-6fc9-9jvm", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json new file mode 100644 index 00000000000..0a5b320bbb8 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49345.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49345", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:43.407", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49345", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rvhc-rch9-j943", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json new file mode 100644 index 00000000000..1f9c812b9ff --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49346.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49346", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:43.603", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49346", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-rffw-gg7p-5688", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json new file mode 100644 index 00000000000..9ed1f91d60b --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49347.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-49347", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-12-14T22:15:43.787", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49347", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-xxfq-fqfp-cpvj", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6556-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json index 57248aee0d8..af9895eb7fe 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49786", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T20:15:52.927", - "lastModified": "2023-12-14T20:15:52.927", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json index cf45c152a8d..7a357c54aa0 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50471", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T20:15:53.130", - "lastModified": "2023-12-14T20:15:53.130", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json index 11b011c3ea2..8c87a16b1eb 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50472", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T20:15:53.180", - "lastModified": "2023-12-14T20:15:53.180", - "vulnStatus": "Received", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json new file mode 100644 index 00000000000..2467e0b2cd5 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6134.json @@ -0,0 +1,87 @@ +{ + "id": "CVE-2023-6134", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-14T22:15:44.087", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-75" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7854", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7855", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7856", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7857", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7858", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7860", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7861", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6134", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json index 12f4fd2fa8f..a6e02d7ca91 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6563", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-14T18:15:45.540", - "lastModified": "2023-12-14T19:26:01.850", + "lastModified": "2023-12-14T22:15:44.303", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,26 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7854", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7855", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7856", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7857", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7858", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6563", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json new file mode 100644 index 00000000000..45ae141ed2c --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6702", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.387", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1501326", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json new file mode 100644 index 00000000000..0bab24d9665 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6703", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.437", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1502102", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json new file mode 100644 index 00000000000..20b367b16e6 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6704", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.487", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1504792", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json new file mode 100644 index 00000000000..39f00212ecb --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6705", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.533", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1505708", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json new file mode 100644 index 00000000000..5cf2eaacb00 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6706", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.587", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1500921", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json new file mode 100644 index 00000000000..d6903d19d33 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6707", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-12-14T22:15:44.637", + "lastModified": "2023-12-14T22:44:49.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1504036", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 148bfff2b37..94ced8136f7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T21:00:24.921161+00:00 +2023-12-14T23:00:25.007264+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T20:55:34.777000+00:00 +2023-12-14T22:57:56.553000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233221 +233235 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `14` -* [CVE-2023-41151](CVE-2023/CVE-2023-411xx/CVE-2023-41151.json) (`2023-12-14T19:15:16.193`) -* [CVE-2023-4694](CVE-2023/CVE-2023-46xx/CVE-2023-4694.json) (`2023-12-14T19:15:16.243`) -* [CVE-2023-50017](CVE-2023/CVE-2023-500xx/CVE-2023-50017.json) (`2023-12-14T19:15:16.297`) -* [CVE-2023-50713](CVE-2023/CVE-2023-507xx/CVE-2023-50713.json) (`2023-12-14T19:15:16.340`) -* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-14T20:15:52.260`) -* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-14T20:15:52.687`) -* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-14T20:15:52.730`) -* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-14T20:15:52.927`) -* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-14T20:15:53.130`) -* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-14T20:15:53.180`) +* [CVE-2023-0248](CVE-2023/CVE-2023-02xx/CVE-2023-0248.json) (`2023-12-14T21:15:07.553`) +* [CVE-2023-49342](CVE-2023/CVE-2023-493xx/CVE-2023-49342.json) (`2023-12-14T22:15:42.813`) +* [CVE-2023-49343](CVE-2023/CVE-2023-493xx/CVE-2023-49343.json) (`2023-12-14T22:15:43.027`) +* [CVE-2023-49344](CVE-2023/CVE-2023-493xx/CVE-2023-49344.json) (`2023-12-14T22:15:43.220`) +* [CVE-2023-49345](CVE-2023/CVE-2023-493xx/CVE-2023-49345.json) (`2023-12-14T22:15:43.407`) +* [CVE-2023-49346](CVE-2023/CVE-2023-493xx/CVE-2023-49346.json) (`2023-12-14T22:15:43.603`) +* [CVE-2023-49347](CVE-2023/CVE-2023-493xx/CVE-2023-49347.json) (`2023-12-14T22:15:43.787`) +* [CVE-2023-6134](CVE-2023/CVE-2023-61xx/CVE-2023-6134.json) (`2023-12-14T22:15:44.087`) +* [CVE-2023-6702](CVE-2023/CVE-2023-67xx/CVE-2023-6702.json) (`2023-12-14T22:15:44.387`) +* [CVE-2023-6703](CVE-2023/CVE-2023-67xx/CVE-2023-6703.json) (`2023-12-14T22:15:44.437`) +* [CVE-2023-6704](CVE-2023/CVE-2023-67xx/CVE-2023-6704.json) (`2023-12-14T22:15:44.487`) +* [CVE-2023-6705](CVE-2023/CVE-2023-67xx/CVE-2023-6705.json) (`2023-12-14T22:15:44.533`) +* [CVE-2023-6706](CVE-2023/CVE-2023-67xx/CVE-2023-6706.json) (`2023-12-14T22:15:44.587`) +* [CVE-2023-6707](CVE-2023/CVE-2023-67xx/CVE-2023-6707.json) (`2023-12-14T22:15:44.637`) ### CVEs modified in the last Commit -Recently modified CVEs: `57` +Recently modified CVEs: `24` -* [CVE-2023-49805](CVE-2023/CVE-2023-498xx/CVE-2023-49805.json) (`2023-12-14T19:48:34.987`) -* [CVE-2023-41119](CVE-2023/CVE-2023-411xx/CVE-2023-41119.json) (`2023-12-14T19:48:44.997`) -* [CVE-2023-41120](CVE-2023/CVE-2023-411xx/CVE-2023-41120.json) (`2023-12-14T19:54:24.970`) -* [CVE-2023-49804](CVE-2023/CVE-2023-498xx/CVE-2023-49804.json) (`2023-12-14T19:59:50.187`) -* [CVE-2023-49803](CVE-2023/CVE-2023-498xx/CVE-2023-49803.json) (`2023-12-14T20:03:24.677`) -* [CVE-2023-48427](CVE-2023/CVE-2023-484xx/CVE-2023-48427.json) (`2023-12-14T20:07:17.240`) -* [CVE-2023-6193](CVE-2023/CVE-2023-61xx/CVE-2023-6193.json) (`2023-12-14T20:19:39.233`) -* [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2023-12-14T20:22:25.383`) -* [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2023-12-14T20:28:47.477`) -* [CVE-2023-50495](CVE-2023/CVE-2023-504xx/CVE-2023-50495.json) (`2023-12-14T20:37:40.283`) -* [CVE-2023-35619](CVE-2023/CVE-2023-356xx/CVE-2023-35619.json) (`2023-12-14T20:39:57.213`) -* [CVE-2023-26920](CVE-2023/CVE-2023-269xx/CVE-2023-26920.json) (`2023-12-14T20:41:19.917`) -* [CVE-2023-41963](CVE-2023/CVE-2023-419xx/CVE-2023-41963.json) (`2023-12-14T20:41:34.697`) -* [CVE-2023-35636](CVE-2023/CVE-2023-356xx/CVE-2023-35636.json) (`2023-12-14T20:42:06.433`) -* [CVE-2023-35635](CVE-2023/CVE-2023-356xx/CVE-2023-35635.json) (`2023-12-14T20:42:38.230`) -* [CVE-2023-35634](CVE-2023/CVE-2023-356xx/CVE-2023-35634.json) (`2023-12-14T20:44:58.467`) -* [CVE-2023-35633](CVE-2023/CVE-2023-356xx/CVE-2023-35633.json) (`2023-12-14T20:45:09.917`) -* [CVE-2023-35632](CVE-2023/CVE-2023-356xx/CVE-2023-35632.json) (`2023-12-14T20:46:02.290`) -* [CVE-2023-35631](CVE-2023/CVE-2023-356xx/CVE-2023-35631.json) (`2023-12-14T20:46:22.417`) -* [CVE-2023-35630](CVE-2023/CVE-2023-356xx/CVE-2023-35630.json) (`2023-12-14T20:46:37.387`) -* [CVE-2023-36696](CVE-2023/CVE-2023-366xx/CVE-2023-36696.json) (`2023-12-14T20:47:25.777`) -* [CVE-2023-35629](CVE-2023/CVE-2023-356xx/CVE-2023-35629.json) (`2023-12-14T20:47:46.863`) -* [CVE-2023-35628](CVE-2023/CVE-2023-356xx/CVE-2023-35628.json) (`2023-12-14T20:48:31.847`) -* [CVE-2023-49140](CVE-2023/CVE-2023-491xx/CVE-2023-49140.json) (`2023-12-14T20:50:01.000`) -* [CVE-2023-48313](CVE-2023/CVE-2023-483xx/CVE-2023-48313.json) (`2023-12-14T20:55:34.777`) +* [CVE-2022-1049](CVE-2022/CVE-2022-10xx/CVE-2022-1049.json) (`2023-12-14T21:40:19.627`) +* [CVE-2023-49089](CVE-2023/CVE-2023-490xx/CVE-2023-49089.json) (`2023-12-14T21:00:33.137`) +* [CVE-2023-43364](CVE-2023/CVE-2023-433xx/CVE-2023-43364.json) (`2023-12-14T21:15:15.067`) +* [CVE-2023-49274](CVE-2023/CVE-2023-492xx/CVE-2023-49274.json) (`2023-12-14T21:19:39.513`) +* [CVE-2023-35624](CVE-2023/CVE-2023-356xx/CVE-2023-35624.json) (`2023-12-14T21:27:05.323`) +* [CVE-2023-35622](CVE-2023/CVE-2023-356xx/CVE-2023-35622.json) (`2023-12-14T21:27:48.973`) +* [CVE-2023-35625](CVE-2023/CVE-2023-356xx/CVE-2023-35625.json) (`2023-12-14T21:36:00.040`) +* [CVE-2023-35638](CVE-2023/CVE-2023-356xx/CVE-2023-35638.json) (`2023-12-14T21:37:52.933`) +* [CVE-2023-36020](CVE-2023/CVE-2023-360xx/CVE-2023-36020.json) (`2023-12-14T21:38:39.890`) +* [CVE-2023-36391](CVE-2023/CVE-2023-363xx/CVE-2023-36391.json) (`2023-12-14T21:39:22.057`) +* [CVE-2023-4886](CVE-2023/CVE-2023-48xx/CVE-2023-4886.json) (`2023-12-14T22:15:43.967`) +* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T22:15:44.303`) +* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-14T22:44:49.057`) +* [CVE-2023-46456](CVE-2023/CVE-2023-464xx/CVE-2023-46456.json) (`2023-12-14T22:49:19.163`) +* [CVE-2023-47077](CVE-2023/CVE-2023-470xx/CVE-2023-47077.json) (`2023-12-14T22:57:10.713`) +* [CVE-2023-47076](CVE-2023/CVE-2023-470xx/CVE-2023-47076.json) (`2023-12-14T22:57:27.203`) +* [CVE-2023-47075](CVE-2023/CVE-2023-470xx/CVE-2023-47075.json) (`2023-12-14T22:57:35.057`) +* [CVE-2023-47074](CVE-2023/CVE-2023-470xx/CVE-2023-47074.json) (`2023-12-14T22:57:48.280`) +* [CVE-2023-47063](CVE-2023/CVE-2023-470xx/CVE-2023-47063.json) (`2023-12-14T22:57:56.553`) ## Download and Usage