admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-05T00:55:18.356104+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-05 00:55:22 +00:00
parent 6e69013a9d
commit ac68486f17
81 changed files with 2364 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2022/CVE-2022-464xx/CVE-2022-46480.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-46480",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:07.460",
"lastModified": "2023-12-05T00:15:07.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range."
}
],
"metrics": {},
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21162.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21162",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.217",
"lastModified": "2023-12-05T00:15:07.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21163.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21163",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.377",
"lastModified": "2023-12-05T00:15:07.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21164.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21164",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.430",
"lastModified": "2023-12-05T00:15:07.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21166.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21166",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.477",
"lastModified": "2023-12-05T00:15:07.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21215.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21215",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.523",
"lastModified": "2023-12-05T00:15:07.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21216.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21216",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.570",
"lastModified": "2023-12-05T00:15:07.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21217.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21217",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.617",
"lastModified": "2023-12-05T00:15:07.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21218.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21218",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.667",
"lastModified": "2023-12-05T00:15:07.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21227.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21227",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.720",
"lastModified": "2023-12-05T00:15:07.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21228.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21228",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.767",
"lastModified": "2023-12-05T00:15:07.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-212xx/CVE-2023-21263.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21263",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.813",
"lastModified": "2023-12-05T00:15:07.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

13
CVE-2023/CVE-2023-213xx/CVE-2023-21394.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-21394",
"sourceIdentifier": "security@android.com",
"published": "2023-10-30T18:15:09.813",
"lastModified": "2023-11-02T20:38:00.393",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-04T23:15:22.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
"value": "In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
@ -70,11 +70,8 @@
],
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14",
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-214xx/CVE-2023-21401.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21401",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:22.970",
"lastModified": "2023-12-05T00:15:07.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-214xx/CVE-2023-21402.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21402",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.027",
"lastModified": "2023-12-05T00:15:08.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-214xx/CVE-2023-21403.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21403",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.070",
"lastModified": "2023-12-05T00:15:08.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24046.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24046",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.123",
"lastModified": "2023-12-04T23:15:23.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24047.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24047",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.173",
"lastModified": "2023-12-04T23:15:23.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24048.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.220",
"lastModified": "2023-12-04T23:15:23.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24049.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24049",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.263",
"lastModified": "2023-12-04T23:15:23.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24050.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24050",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.320",
"lastModified": "2023-12-04T23:15:23.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24051.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.367",
"lastModified": "2023-12-04T23:15:23.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-240xx/CVE-2023-24052.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.410",
"lastModified": "2023-12-04T23:15:23.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password."
}
],
"metrics": {},
"references": [
{
"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-269xx/CVE-2023-26941.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-26941",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.110",
"lastModified": "2023-12-05T00:15:08.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original."
}
],
"metrics": {},
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-269xx/CVE-2023-26942.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-26942",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.163",
"lastModified": "2023-12-05T00:15:08.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original."
}
],
"metrics": {},
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-269xx/CVE-2023-26943.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-26943",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T00:15:08.227",
"lastModified": "2023-12-05T00:15:08.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original."
}
],
"metrics": {},
"references": [
{
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35668.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35668",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.460",
"lastModified": "2023-12-04T23:15:23.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-356xx/CVE-2023-35690.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35690",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.507",
"lastModified": "2023-12-05T00:15:08.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is elevation of privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40073.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40073",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.553",
"lastModified": "2023-12-04T23:15:23.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40074.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40074",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.607",
"lastModified": "2023-12-04T23:15:23.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40075.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40075",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.660",
"lastModified": "2023-12-04T23:15:23.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40076.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40076",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.713",
"lastModified": "2023-12-04T23:15:23.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40077.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40077",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.760",
"lastModified": "2023-12-04T23:15:23.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40078.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40078",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.807",
"lastModified": "2023-12-04T23:15:23.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40079.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40079",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.857",
"lastModified": "2023-12-04T23:15:23.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40080.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40080",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.913",
"lastModified": "2023-12-04T23:15:23.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40081.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40081",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:23.973",
"lastModified": "2023-12-04T23:15:23.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40082.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40082",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.023",
"lastModified": "2023-12-04T23:15:24.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40083.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40083",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.073",
"lastModified": "2023-12-04T23:15:24.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40084.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40084",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.130",
"lastModified": "2023-12-04T23:15:24.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40087.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40087",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.177",
"lastModified": "2023-12-04T23:15:24.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40088.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40088",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.230",
"lastModified": "2023-12-04T23:15:24.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40089.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40089",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.283",
"lastModified": "2023-12-04T23:15:24.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40090.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40090",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.337",
"lastModified": "2023-12-04T23:15:24.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40091.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40091",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.387",
"lastModified": "2023-12-04T23:15:24.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40092.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40092",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.440",
"lastModified": "2023-12-04T23:15:24.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40094.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40094",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.493",
"lastModified": "2023-12-04T23:15:24.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40095.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40095",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.547",
"lastModified": "2023-12-04T23:15:24.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40096.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40096",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.600",
"lastModified": "2023-12-04T23:15:24.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40097.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40097",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.657",
"lastModified": "2023-12-04T23:15:24.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-400xx/CVE-2023-40098.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40098",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.707",
"lastModified": "2023-12-04T23:15:24.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-401xx/CVE-2023-40103.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40103",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:24.757",
"lastModified": "2023-12-04T23:15:24.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

6
CVE-2023/CVE-2023-404xx/CVE-2023-40458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40458",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-11-29T23:15:20.367",
"lastModified": "2023-11-30T13:39:19.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T23:15:24.800",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -52,7 +52,7 @@
],
"references": [
{
"url": "https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs",
"source": "security@sierrawireless.com"
}
]

55
CVE-2023/CVE-2023-404xx/CVE-2023-40459.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40459",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:24.933",
"lastModified": "2023-12-04T23:15:24.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

59
CVE-2023/CVE-2023-404xx/CVE-2023-40460.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40460",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:25.180",
"lastModified": "2023-12-04T23:15:25.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nvalidate uploaded\nfile names and types, which could potentially allow\n\n\n\nan authenticated\nuser to perform client-side script execution within\n\n\n\nACEManager, altering\nthe device functionality until the device is\n\n\n\nrestarted.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs",
"source": "security@sierrawireless.com"
}
]
}

55
CVE-2023/CVE-2023-404xx/CVE-2023-40461.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40461",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:25.397",
"lastModified": "2023-12-04T23:15:25.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier allows an\n\n\n\nauthenticated user\nwith Administrator privileges to access a file\n\n\n\nupload field which\ndoes not fully validate the file name, creating a\n\n\n\nStored Cross-Site\nScripting condition.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

55
CVE-2023/CVE-2023-404xx/CVE-2023-40462.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40462",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:25.603",
"lastModified": "2023-12-04T23:15:25.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

55
CVE-2023/CVE-2023-404xx/CVE-2023-40463.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40463",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:25.830",
"lastModified": "2023-12-04T23:15:25.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nWhen configured in\ndebugging mode by an authenticated user with\n\n\n\nadministrative\nprivileges, ALEOS 4.16 and earlier store the SHA512\n\n\n\nhash of the common\nroot password for that version in a directory\n\n\n\naccessible to a user\nwith root privileges or equivalent access.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

55
CVE-2023/CVE-2023-404xx/CVE-2023-40464.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40464",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:26.040",
"lastModified": "2023-12-04T23:15:26.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\n\n\n\nSSL certificate and\nprivate key. An attacker with access to these items\n\n\n\ncould potentially\nperform a man in the middle attack between the\n\n\n\nACEManager client\nand ACEManager server.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

59
CVE-2023/CVE-2023-404xx/CVE-2023-40465.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40465",
"sourceIdentifier": "security@sierrawireless.com",
"published": "2023-12-04T23:15:26.247",
"lastModified": "2023-12-04T23:15:26.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@sierrawireless.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"source": "security@sierrawireless.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45773.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45773",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.440",
"lastModified": "2023-12-04T23:15:26.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45774.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45774",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.483",
"lastModified": "2023-12-04T23:15:26.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45775.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45775",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.530",
"lastModified": "2023-12-04T23:15:26.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45776.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45776",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.577",
"lastModified": "2023-12-04T23:15:26.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45777.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45777",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.623",
"lastModified": "2023-12-04T23:15:26.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45779.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45779",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.673",
"lastModified": "2023-12-04T23:15:26.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-457xx/CVE-2023-45781.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45781",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.717",
"lastModified": "2023-12-04T23:15:26.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com"
}
]
}

59
CVE-2023/CVE-2023-491xx/CVE-2023-49103.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2023-49103",
"sourceIdentifier": "cve@mitre.org",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-21T22:15:08.277",
"lastModified": "2023-12-02T00:22:46.933",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-05T00:15:08.323",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-11-30",
"cisaActionDue": "2023-12-21",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -21,28 +21,8 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
@ -59,6 +39,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -99,18 +99,11 @@
"references": [
{
"url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
"source": "secure@microsoft.com"
},
{
"url": "https://owncloud.org/security",
"source": "cve@mitre.org",
"tags": [
"Product"
]
"source": "secure@microsoft.com"
}
]
}

63
CVE-2023/CVE-2023-492xx/CVE-2023-49280.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49280",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:26.767",
"lastModified": "2023-12-04T23:15:26.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view.\nThis vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won't be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It's possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki-contrib/application-changerequest/commit/ff0f5368ea04f0e4aa7b33821c707dc68a8c5ca8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-2fr7-cc7p-p45q",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/CRAPP-302",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49284.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49284",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:08.737",
"lastModified": "2023-12-05T00:15:08.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \\UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-492xx/CVE-2023-49285.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-49285",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.007",
"lastModified": "2023-12-04T23:15:27.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch",
"source": "security-advisories@github.com"
},
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-492xx/CVE-2023-49286.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-49286",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.243",
"lastModified": "2023-12-04T23:15:27.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-253"
},
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-492xx/CVE-2023-49288.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49288",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.477",
"lastModified": "2023-12-04T23:15:27.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-492xx/CVE-2023-49289.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-49289",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:08.967",
"lastModified": "2023-12-05T00:15:08.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp",
"source": "security-advisories@github.com"
},
{
"url": "https://www.nuget.org/packages/AjaxNetProfessional/",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-492xx/CVE-2023-49290.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49290",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.190",
"lastModified": "2023-12-05T00:15:09.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/lestrrat-go/jwx/commit/64f2a229b8e18605f47361d292b526bdc4aee01c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-492xx/CVE-2023-49291.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-49291",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.403",
"lastModified": "2023-12-05T00:15:09.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-492xx/CVE-2023-49292.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-49292",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-05T00:15:09.627",
"lastModified": "2023-12-05T00:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ecies/go/releases/tag/v2.0.8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-492xx/CVE-2023-49293.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49293",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.730",
"lastModified": "2023-12-04T23:15:27.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (`<script type=\"module\">...</script>`), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`. Only apps using `appType: 'custom'` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren't exposed to the attacker. This issue has been addressed in vite@5.0.5, vite@4.5.1, and vite@4.4.12. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-58xx/CVE-2023-5808.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5808",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-05T00:15:09.840",
"lastModified": "2023-12-05T00:15:09.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://support.hitachivantara.com/",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

59
CVE-2023/CVE-2023-59xx/CVE-2023-5944.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5944",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-12-04T23:15:27.940",
"lastModified": "2023-12-04T23:15:27.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDelta Electronics\u00a0DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://diastudio.deltaww.com/home/downloads?sec=download#catalog",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-04T23:00:18.346086+00:00
2023-12-05T00:55:18.356104+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-04T22:15:08.337000+00:00
2023-12-05T00:15:09.840000+00:00
```
### Last Data Feed Release
@ -29,39 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232163
232240
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `77`
* [CVE-2023-47106](CVE-2023/CVE-2023-471xx/CVE-2023-47106.json) (`2023-12-04T21:15:33.600`)
* [CVE-2023-47124](CVE-2023/CVE-2023-471xx/CVE-2023-47124.json) (`2023-12-04T21:15:33.850`)
* [CVE-2023-47633](CVE-2023/CVE-2023-476xx/CVE-2023-47633.json) (`2023-12-04T21:15:34.063`)
* [CVE-2023-49080](CVE-2023/CVE-2023-490xx/CVE-2023-49080.json) (`2023-12-04T21:15:34.273`)
* [CVE-2023-4460](CVE-2023/CVE-2023-44xx/CVE-2023-4460.json) (`2023-12-04T22:15:07.557`)
* [CVE-2023-5105](CVE-2023/CVE-2023-51xx/CVE-2023-5105.json) (`2023-12-04T22:15:07.620`)
* [CVE-2023-5108](CVE-2023/CVE-2023-51xx/CVE-2023-5108.json) (`2023-12-04T22:15:07.667`)
* [CVE-2023-5137](CVE-2023/CVE-2023-51xx/CVE-2023-5137.json) (`2023-12-04T22:15:07.713`)
* [CVE-2023-5141](CVE-2023/CVE-2023-51xx/CVE-2023-5141.json) (`2023-12-04T22:15:07.767`)
* [CVE-2023-5210](CVE-2023/CVE-2023-52xx/CVE-2023-5210.json) (`2023-12-04T22:15:07.813`)
* [CVE-2023-5762](CVE-2023/CVE-2023-57xx/CVE-2023-5762.json) (`2023-12-04T22:15:07.867`)
* [CVE-2023-5809](CVE-2023/CVE-2023-58xx/CVE-2023-5809.json) (`2023-12-04T22:15:07.920`)
* [CVE-2023-5874](CVE-2023/CVE-2023-58xx/CVE-2023-5874.json) (`2023-12-04T22:15:07.970`)
* [CVE-2023-5884](CVE-2023/CVE-2023-58xx/CVE-2023-5884.json) (`2023-12-04T22:15:08.020`)
* [CVE-2023-5951](CVE-2023/CVE-2023-59xx/CVE-2023-5951.json) (`2023-12-04T22:15:08.063`)
* [CVE-2023-5952](CVE-2023/CVE-2023-59xx/CVE-2023-5952.json) (`2023-12-04T22:15:08.117`)
* [CVE-2023-5953](CVE-2023/CVE-2023-59xx/CVE-2023-5953.json) (`2023-12-04T22:15:08.170`)
* [CVE-2023-5979](CVE-2023/CVE-2023-59xx/CVE-2023-5979.json) (`2023-12-04T22:15:08.220`)
* [CVE-2023-5990](CVE-2023/CVE-2023-59xx/CVE-2023-5990.json) (`2023-12-04T22:15:08.293`)
* [CVE-2023-6063](CVE-2023/CVE-2023-60xx/CVE-2023-6063.json) (`2023-12-04T22:15:08.337`)
* [CVE-2023-5944](CVE-2023/CVE-2023-59xx/CVE-2023-5944.json) (`2023-12-04T23:15:27.940`)
* [CVE-2023-21162](CVE-2023/CVE-2023-211xx/CVE-2023-21162.json) (`2023-12-04T23:15:22.217`)
* [CVE-2023-21163](CVE-2023/CVE-2023-211xx/CVE-2023-21163.json) (`2023-12-04T23:15:22.377`)
* [CVE-2023-21164](CVE-2023/CVE-2023-211xx/CVE-2023-21164.json) (`2023-12-04T23:15:22.430`)
* [CVE-2023-21166](CVE-2023/CVE-2023-211xx/CVE-2023-21166.json) (`2023-12-04T23:15:22.477`)
* [CVE-2023-21215](CVE-2023/CVE-2023-212xx/CVE-2023-21215.json) (`2023-12-04T23:15:22.523`)
* [CVE-2023-21216](CVE-2023/CVE-2023-212xx/CVE-2023-21216.json) (`2023-12-04T23:15:22.570`)
* [CVE-2023-21217](CVE-2023/CVE-2023-212xx/CVE-2023-21217.json) (`2023-12-04T23:15:22.617`)
* [CVE-2023-21218](CVE-2023/CVE-2023-212xx/CVE-2023-21218.json) (`2023-12-04T23:15:22.667`)
* [CVE-2023-21227](CVE-2023/CVE-2023-212xx/CVE-2023-21227.json) (`2023-12-04T23:15:22.720`)
* [CVE-2023-21228](CVE-2023/CVE-2023-212xx/CVE-2023-21228.json) (`2023-12-04T23:15:22.767`)
* [CVE-2023-21263](CVE-2023/CVE-2023-212xx/CVE-2023-21263.json) (`2023-12-04T23:15:22.813`)
* [CVE-2023-21401](CVE-2023/CVE-2023-214xx/CVE-2023-21401.json) (`2023-12-04T23:15:22.970`)
* [CVE-2023-21402](CVE-2023/CVE-2023-214xx/CVE-2023-21402.json) (`2023-12-04T23:15:23.027`)
* [CVE-2023-21403](CVE-2023/CVE-2023-214xx/CVE-2023-21403.json) (`2023-12-04T23:15:23.070`)
* [CVE-2023-26941](CVE-2023/CVE-2023-269xx/CVE-2023-26941.json) (`2023-12-05T00:15:08.110`)
* [CVE-2023-26942](CVE-2023/CVE-2023-269xx/CVE-2023-26942.json) (`2023-12-05T00:15:08.163`)
* [CVE-2023-26943](CVE-2023/CVE-2023-269xx/CVE-2023-26943.json) (`2023-12-05T00:15:08.227`)
* [CVE-2023-35690](CVE-2023/CVE-2023-356xx/CVE-2023-35690.json) (`2023-12-04T23:15:23.507`)
* [CVE-2023-49284](CVE-2023/CVE-2023-492xx/CVE-2023-49284.json) (`2023-12-05T00:15:08.737`)
* [CVE-2023-49289](CVE-2023/CVE-2023-492xx/CVE-2023-49289.json) (`2023-12-05T00:15:08.967`)
* [CVE-2023-49290](CVE-2023/CVE-2023-492xx/CVE-2023-49290.json) (`2023-12-05T00:15:09.190`)
* [CVE-2023-49291](CVE-2023/CVE-2023-492xx/CVE-2023-49291.json) (`2023-12-05T00:15:09.403`)
* [CVE-2023-49292](CVE-2023/CVE-2023-492xx/CVE-2023-49292.json) (`2023-12-05T00:15:09.627`)
* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-05T00:15:09.840`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `3`
* [CVE-2023-21394](CVE-2023/CVE-2023-213xx/CVE-2023-21394.json) (`2023-12-04T23:15:22.860`)
* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-12-04T23:15:24.800`)
* [CVE-2023-49103](CVE-2023/CVE-2023-491xx/CVE-2023-49103.json) (`2023-12-05T00:15:08.323`)
## Download and Usage