admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-18T13:00:24.492725+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-18 13:00:28 +00:00
parent d4418f91e4
commit a78a1aac54
5 changed files with 145 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-514xx/CVE-2023-51463.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51463",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-18T11:15:08.173",
"lastModified": "2024-01-18T11:15:08.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
},
{
"lang": "es",
"value": "Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de cross site scripting (XSS)reflejado. Si un atacante con pocos privilegios puede convencer a una v\u00edctima para que visite una URL que hace referencia a una p\u00e1gina vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-514xx/CVE-2023-51464.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51464",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-18T11:15:08.827",
"lastModified": "2024-01-18T11:15:08.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
},
{
"lang": "es",
"value": "Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de cross site scripting (XSS) almacenado que un atacante con pocos privilegios podr\u00eda aprovechar para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html",
"source": "psirt@adobe.com"
}
]
}

10
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-18T12:15:07.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el servidor X.Org. Tanto DeviceFocusEvent como la respuesta de XIQueryPointer contienen un bit para cada bot\u00f3n l\u00f3gico actualmente presionado. Los botones se pueden asignar arbitrariamente a cualquier valor hasta 255, pero el servidor X.Org solo asignaba espacio para la cantidad particular de botones del dispositivo, lo que provocaba un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria si se usaba un valor mayor."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"source": "secalert@redhat.com"

10
CVE-2024/CVE-2024-235xx/CVE-2024-23525.json
View File

@ -2,16 +2,24 @@
"id": "CVE-2024-23525",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T00:15:38.590",
"lastModified": "2024-01-18T00:15:38.590",
"lastModified": "2024-01-18T12:15:08.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig."
},
{
"lang": "es",
"value": "El paquete Spreadsheet::ParseXLSX anterior a 0.30 para Perl permite ataques XXE porque no utiliza la opci\u00f3n no_xxe de XML::Twig."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/4",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a",
"source": "cve@mitre.org"

15
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-18T11:00:24.450741+00:00
2024-01-18T13:00:24.492725+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-18T09:15:07.960000+00:00
2024-01-18T12:15:08.110000+00:00
```
### Last Data Feed Release
@ -29,20 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236286
236288
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2024-0580](CVE-2024/CVE-2024-05xx/CVE-2024-0580.json) (`2024-01-18T09:15:07.960`)
* [CVE-2023-51463](CVE-2023/CVE-2023-514xx/CVE-2023-51463.json) (`2024-01-18T11:15:08.173`)
* [CVE-2023-51464](CVE-2023/CVE-2023-514xx/CVE-2023-51464.json) (`2024-01-18T11:15:08.827`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-18T12:15:07.947`)
* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T12:15:08.110`)
## Download and Usage