admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T03:00:25.072289+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 03:00:28 +00:00
parent adfb404fb4
commit b7abdbfa81
19 changed files with 994 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
CVE-2023/CVE-2023-273xx/CVE-2023-27319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27319",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-12-21T22:15:13.100",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:24:18.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap_mediator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7",
"matchCriteriaId": "6BEE61FA-9FF3-465B-BB09-342A5BDE9F38"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0011/",
"source": "security-alert@netapp.com"
"source": "security-alert@netapp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41776.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41776",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:42.993",
"lastModified": "2024-01-03T02:15:42.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404",
"source": "psirt@zte.com.cn"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41779.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41779",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.217",
"lastModified": "2024-01-03T02:15:43.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404",
"source": "psirt@zte.com.cn"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41780.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41780",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.403",
"lastModified": "2024-01-03T02:15:43.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404",
"source": "psirt@zte.com.cn"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41783.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41783",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-03T02:15:43.573",
"lastModified": "2024-01-03T02:15:43.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404",
"source": "psirt@zte.com.cn"
}
]
}

109
CVE-2023/CVE-2023-42xx/CVE-2023-4255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4255",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T16:15:10.017",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:30:35.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de escritura fuera de los l\u00edmites en el manejo de retroceso de la funci\u00f3n checkType() en etc.c dentro de la aplicaci\u00f3n W3M. Esta vulnerabilidad se activa al proporcionar un archivo HTML especialmente manipulado al binario w3m. La explotaci\u00f3n de este fallo podr\u00eda provocar fallos en la aplicaci\u00f3n, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,22 +80,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230121-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A31CA22-C625-4E9C-9C57-CCDBC9E9B99A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230121-2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2BDFFC-F30D-47CE-B32E-E4C1713ACF1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230129:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9F94C4-C1FC-4CD9-B5B4-E745E4B3BCBC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tats/w3m/issues/268",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/tats/w3m/pull/273",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

94
CVE-2023/CVE-2023-42xx/CVE-2023-4256.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4256",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T16:15:10.400",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:51:33.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack."
},
{
"lang": "es",
"value": "Dentro de tcprewrite de tcpreplay, se ha identificado una vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n tcpedit_dlt_cleanup() dentro de plugins/dlt_plugins.c. Esta vulnerabilidad se puede explotar proporcionando un archivo espec\u00edficamente manipulado al binario tcprewrite. Este fallo permite a un atacante local iniciar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:tcpreplay:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7272A798-456E-43CC-A8D2-33FF2AE16FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:tcpreplay:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92890213-A6DC-469D-869E-B65DC1634190"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/appneta/tcpreplay/issues/813",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-431xx/CVE-2023-43116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T10:15:11.110",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:41:10.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,75 @@
"value": "Vulnerabilidad de seguimiento de enlace simb\u00f3lico en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario buildkite-agent cambiar la propiedad de directorios arbitrarios a trav\u00e9s de la variable PIPELINE_PATH en el script fix-buildkite-agent-builds-permissions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*",
"versionEndExcluding": "5.22.5",
"matchCriteriaId": "A8FF71D5-3524-473F-AEA4-7E4EDC329058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.7.1",
"matchCriteriaId": "43C89DCC-F88A-4E4C-926F-184889E4A36C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-437xx/CVE-2023-43741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43741",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T10:15:11.173",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:33:51.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,75 @@
"value": "Una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de time-of-check-time-of-use en Buildkite Elastic CI para versiones de AWS anteriores a 6.7.1 y 5.22.5 permite al usuario de buildkite-agent omitir una verificaci\u00f3n de enlace simb\u00f3lico para la variable PIPELINE_PATH en el script -buildkite-agent-build-permissions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*",
"versionEndExcluding": "5.22.5",
"matchCriteriaId": "A8FF71D5-3524-473F-AEA4-7E4EDC329058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.7.1",
"matchCriteriaId": "43C89DCC-F88A-4E4C-926F-184889E4A36C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-482xx/CVE-2023-48298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48298",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T23:15:09.047",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:23:30.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.3",
"versionEndIncluding": "23.3.17.13",
"matchCriteriaId": "BA3ACE71-E086-4AE4-99EE-42AD774EED64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.8",
"versionEndIncluding": "23.8.7.24",
"matchCriteriaId": "A32881DE-F775-4AC0-A88D-9BC7885D116E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.9",
"versionEndIncluding": "23.9.5.29",
"matchCriteriaId": "65BDEEEB-BC9D-4AA5-BE72-D0C67A88A3FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.10",
"versionEndIncluding": "23.10.4.25",
"matchCriteriaId": "2CAC16B5-C710-4F5F-9E65-27E260D110A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.9",
"versionEndIncluding": "23.9.2.47475",
"matchCriteriaId": "3D2CD6AA-64F5-4D44-B0CA-69A1F4416E16"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-493xx/CVE-2023-49391.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-49391",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T11:15:07.517",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T02:17:23.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en free5GC versi\u00f3n 3.3.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio (DoS) en el componente AMF a trav\u00e9s de un mensaje NGAP manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free5gc:free5gc:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89BA8BA8-E366-48F9-930A-91ED1442AAFE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/497",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50345.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50345",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:43.757",
"lastModified": "2024-01-03T02:15:43.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50346.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50346",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:43.913",
"lastModified": "2024-01-03T02:15:43.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50348.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50348",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.070",
"lastModified": "2024-01-03T02:15:44.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50350.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50350",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.227",
"lastModified": "2024-01-03T02:15:44.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50351.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50351",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T02:15:44.387",
"lastModified": "2024-01-03T02:15:44.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

6
CVE-2023/CVE-2023-70xx/CVE-2023-7024.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-7024",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-21T23:15:11.213",
"lastModified": "2023-12-27T20:48:22.690",
"lastModified": "2024-01-03T02:00:01.237",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-02",
"cisaActionDue": "2024-01-23",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Google Chromium WebRTC Heap Buffer Overflow Vulnerability",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-71xx/CVE-2023-7101.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-7101",
"sourceIdentifier": "mandiant-cve@google.com",
"published": "2023-12-24T22:15:07.983",
"lastModified": "2023-12-31T03:15:46.600",
"lastModified": "2024-01-03T02:00:01.237",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2024-01-02",
"cisaActionDue": "2024-01-23",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Spreadsheet::ParseExcel Remote Code Execution Vulnerability",
"descriptions": [
{
"lang": "en",

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-03T00:55:25.751953+00:00
2024-01-03T03:00:25.072289+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-03T00:15:09.203000+00:00
2024-01-03T02:51:33.450000+00:00
```
### Last Data Feed Release
@ -23,36 +23,43 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-02T01:00:28.239068+00:00
2024-01-03T01:00:28.248961+00:00
```
### Total Number of included CVEs
```plain
234733
234742
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `9`
* [CVE-2023-48418](CVE-2023/CVE-2023-484xx/CVE-2023-48418.json) (`2024-01-02T23:15:11.000`)
* [CVE-2023-49549](CVE-2023/CVE-2023-495xx/CVE-2023-49549.json) (`2024-01-02T23:15:12.107`)
* [CVE-2023-49550](CVE-2023/CVE-2023-495xx/CVE-2023-49550.json) (`2024-01-02T23:15:12.167`)
* [CVE-2023-49551](CVE-2023/CVE-2023-495xx/CVE-2023-49551.json) (`2024-01-02T23:15:12.233`)
* [CVE-2023-49552](CVE-2023/CVE-2023-495xx/CVE-2023-49552.json) (`2024-01-02T23:15:12.290`)
* [CVE-2023-49553](CVE-2023/CVE-2023-495xx/CVE-2023-49553.json) (`2024-01-02T23:15:12.333`)
* [CVE-2023-49554](CVE-2023/CVE-2023-495xx/CVE-2023-49554.json) (`2024-01-03T00:15:08.987`)
* [CVE-2023-49555](CVE-2023/CVE-2023-495xx/CVE-2023-49555.json) (`2024-01-03T00:15:09.047`)
* [CVE-2023-49556](CVE-2023/CVE-2023-495xx/CVE-2023-49556.json) (`2024-01-03T00:15:09.090`)
* [CVE-2023-49557](CVE-2023/CVE-2023-495xx/CVE-2023-49557.json) (`2024-01-03T00:15:09.147`)
* [CVE-2023-49558](CVE-2023/CVE-2023-495xx/CVE-2023-49558.json) (`2024-01-03T00:15:09.203`)
* [CVE-2023-41776](CVE-2023/CVE-2023-417xx/CVE-2023-41776.json) (`2024-01-03T02:15:42.993`)
* [CVE-2023-41779](CVE-2023/CVE-2023-417xx/CVE-2023-41779.json) (`2024-01-03T02:15:43.217`)
* [CVE-2023-41780](CVE-2023/CVE-2023-417xx/CVE-2023-41780.json) (`2024-01-03T02:15:43.403`)
* [CVE-2023-41783](CVE-2023/CVE-2023-417xx/CVE-2023-41783.json) (`2024-01-03T02:15:43.573`)
* [CVE-2023-50345](CVE-2023/CVE-2023-503xx/CVE-2023-50345.json) (`2024-01-03T02:15:43.757`)
* [CVE-2023-50346](CVE-2023/CVE-2023-503xx/CVE-2023-50346.json) (`2024-01-03T02:15:43.913`)
* [CVE-2023-50348](CVE-2023/CVE-2023-503xx/CVE-2023-50348.json) (`2024-01-03T02:15:44.070`)
* [CVE-2023-50350](CVE-2023/CVE-2023-503xx/CVE-2023-50350.json) (`2024-01-03T02:15:44.227`)
* [CVE-2023-50351](CVE-2023/CVE-2023-503xx/CVE-2023-50351.json) (`2024-01-03T02:15:44.387`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `9`
* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2024-01-03T02:00:01.237`)
* [CVE-2023-7101](CVE-2023/CVE-2023-71xx/CVE-2023-7101.json) (`2024-01-03T02:00:01.237`)
* [CVE-2023-49391](CVE-2023/CVE-2023-493xx/CVE-2023-49391.json) (`2024-01-03T02:17:23.870`)
* [CVE-2023-48298](CVE-2023/CVE-2023-482xx/CVE-2023-48298.json) (`2024-01-03T02:23:30.487`)
* [CVE-2023-27319](CVE-2023/CVE-2023-273xx/CVE-2023-27319.json) (`2024-01-03T02:24:18.600`)
* [CVE-2023-4255](CVE-2023/CVE-2023-42xx/CVE-2023-4255.json) (`2024-01-03T02:30:35.597`)
* [CVE-2023-43741](CVE-2023/CVE-2023-437xx/CVE-2023-43741.json) (`2024-01-03T02:33:51.573`)
* [CVE-2023-43116](CVE-2023/CVE-2023-431xx/CVE-2023-43116.json) (`2024-01-03T02:41:10.107`)
* [CVE-2023-4256](CVE-2023/CVE-2023-42xx/CVE-2023-4256.json) (`2024-01-03T02:51:33.450`)
## Download and Usage