admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T13:08:21.816983+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 13:08:25 +00:00
parent df61b9e04a
commit bb37f3795b
30 changed files with 1268 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-229xx/CVE-2022-22942.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-22942",
"sourceIdentifier": "security@vmware.com",
"published": "2023-12-13T09:15:33.890",
"lastModified": "2023-12-13T09:15:33.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer."
},
{
"lang": "es",
"value": "El controlador vmwgfx contiene una vulnerabilidad de escalada de privilegios local que permite a los usuarios sin permisos obtener acceso a archivos abiertos por otros procesos en el sistema a trav\u00e9s de un puntero de \"archivo\" colgante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-356",
"source": "security@vmware.com"
},
{
"url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-148",
"source": "security@vmware.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/01/27/4",
"source": "security@vmware.com"
}
]
}

59
CVE-2023/CVE-2023-312xx/CVE-2023-31210.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31210",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-12-13T09:15:34.080",
"lastModified": "2023-12-13T09:15:34.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries"
},
{
"lang": "es",
"value": "El uso de LD_LIBRARY_PATH controlado por el usuario en el agente en Checkmk 2.2.0p10 hasta 2.2.0p16 permite a un usuario malicioso del sitio Checkmk escalar derechos mediante la inyecci\u00f3n de librer\u00edas maliciosas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/16226",
"source": "security@checkmk.com"
}
]
}

10
CVE-2023/CVE-2023-394xx/CVE-2023-39417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39417",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.870",
"lastModified": "2023-12-11T16:15:42.330",
"lastModified": "2023-12-13T10:15:07.907",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -212,6 +212,14 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7714",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7770",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39417",
"source": "secalert@redhat.com",

59
CVE-2023/CVE-2023-442xx/CVE-2023-44251.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44251",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.280",
"lastModified": "2023-12-13T09:15:34.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGNA ** Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"path traversal\") [CWE-22] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1. hasta 5.1.2 puede permitir que un atacante autenticado lea y elimine archivos arbitrarios del sistema a trav\u00e9s de solicitudes HTTP o HTTP manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-265",
"source": "psirt@fortinet.com"
}
]
}

59
CVE-2023/CVE-2023-442xx/CVE-2023-44252.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44252",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T09:15:34.473",
"lastModified": "2023-12-13T09:15:34.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Una vulnerabilidad de autenticaci\u00f3n incorrecta [CWE-287] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1 a 5.1.2 puede permitir que un atacante autenticado escale sus privilegios a trav\u00e9s de solicitudes HTTP o HTTPs con valores de token JWT manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-061",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44362.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44362",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T12:15:07.363",
"lastModified": "2023-12-13T12:15:07.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/prelude/apsb23-67.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-470xx/CVE-2023-47063.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47063",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:08.443",
"lastModified": "2023-12-13T10:15:08.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.0 (y anteriores) y 27.9 (y anteriores) de Adobe Illustrator se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-470xx/CVE-2023-47074.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47074",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:08.823",
"lastModified": "2023-12-13T10:15:08.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.0 (y anteriores) y 27.9 (y anteriores) de Adobe Illustrator se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-470xx/CVE-2023-47075.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47075",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.160",
"lastModified": "2023-12-13T10:15:09.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 28.0 (y anteriores) y 27.9 (y anteriores) de Adobe Illustrator se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb23-68.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-470xx/CVE-2023-47076.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47076",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.480",
"lastModified": "2023-12-13T10:15:09.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 19.0 (y anteriores) y 17.4.2 (y anteriores) de Adobe InDesign se ven afectadas por una vulnerabilidad de desreferencia de puntero NULL. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para lograr una denegaci\u00f3n de servicio de la aplicaci\u00f3n en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-70.html",
"source": "psirt@adobe.com"
}
]
}

59
CVE-2023/CVE-2023-470xx/CVE-2023-47077.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47077",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-12-13T10:15:09.750",
"lastModified": "2023-12-13T10:15:09.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 19.0 (y anteriores) y 17.4.2 (y anteriores) de Adobe InDesign se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-70.html",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-51xx/CVE-2023-5189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5189",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-14T23:15:12.290",
"lastModified": "2023-11-21T20:05:17.837",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T10:15:10.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -93,6 +93,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7773",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5189",
"source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-57xx/CVE-2023-5764.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5764",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T22:15:22.747",
"lastModified": "2023-12-13T01:50:36.127",
"lastModified": "2023-12-13T10:15:10.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de inyecci\u00f3n de plantilla en Ansible donde las operaciones de creaci\u00f3n de plantillas internas del controlador de un usuario pueden eliminar la designaci\u00f3n insegura de los datos de la plantilla. Este problema podr\u00eda permitir que un atacante utilice un archivo especialmente manipulado para introducir la inyecci\u00f3n de c\u00f3digo al proporcionar datos de plantillas."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7773",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5764",
"source": "secalert@redhat.com"

10
CVE-2023/CVE-2023-58xx/CVE-2023-5868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5868",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.163",
"lastModified": "2023-12-11T16:15:42.763",
"lastModified": "2023-12-13T10:15:10.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -95,6 +95,14 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7714",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7770",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5868",
"source": "secalert@redhat.com"

14
CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5869",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.410",
"lastModified": "2023-12-11T16:15:42.880",
"lastModified": "2023-12-13T10:15:10.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -95,6 +95,18 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7714",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7770",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7771",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5869",
"source": "secalert@redhat.com"

10
CVE-2023/CVE-2023-58xx/CVE-2023-5870.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5870",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-10T18:15:07.643",
"lastModified": "2023-12-11T16:15:42.990",
"lastModified": "2023-12-13T10:15:10.740",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -95,6 +95,14 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7714",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7770",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7772",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5870",
"source": "secalert@redhat.com"

10
CVE-2023/CVE-2023-63xx/CVE-2023-6377.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-13T10:15:10.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en xorg-server. Consultar o cambiar las acciones de los botones XKB, como pasar de un panel t\u00e1ctil a un mouse, puede provocar lecturas y escrituras de memoria fuera de los l\u00edmites. Esto puede permitir una escalada de privilegios local o una posible ejecuci\u00f3n remota de c\u00f3digo en los casos en que est\u00e9 involucrado el reenv\u00edo X11."
}
],
"metrics": {
@ -59,6 +63,10 @@
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"

59
CVE-2023/CVE-2023-63xx/CVE-2023-6379.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6379",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.100",
"lastModified": "2023-12-13T11:15:07.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Alkacon Software Open CMS, que afecta a las versiones 14 y 15 de la plantilla 'Mercury'. Esta vulnerabilidad podr\u00eda permitir que un atacante remoto env\u00ede un payload de JavaScript especialmente manipulado a una v\u00edctima y tome parcialmente el control de su sesi\u00f3n de navegaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-63xx/CVE-2023-6380.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6380",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.630",
"lastModified": "2023-12-13T11:15:07.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de redirecci\u00f3n abierta en el producto Open CMS que afecta a las versiones 14 y 15 de la plantilla 'Mercury'. Un atacante podr\u00eda crear una URL especialmente manipulada y enviarla a un usuario espec\u00edfico para redirigirlo a un sitio malicioso y comprometerlo. La explotaci\u00f3n de esta vulnerabilidad es posible debido al hecho de que no existe una sanitizaci\u00f3n adecuada del par\u00e1metro 'URI'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-63xx/CVE-2023-6381.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6381",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:07.830",
"lastModified": "2023-12-13T11:15:07.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Newsletter Software SuperMailer que afecta a la versi\u00f3n 11.20.0.2204. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo de configuraci\u00f3n malicioso (archivo con extensi\u00f3n SMB) a un usuario a trav\u00e9s de un enlace o un archivo adjunto de correo electr\u00f3nico y persuadir al usuario para que abra el archivo con el software afectado en el sistema local. Un exploit exitoso podr\u00eda permitir al atacante bloquear la aplicaci\u00f3n al intentar cargar el archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/improper-input-validation-newsletter-software-supermailer",
"source": "cve-coordination@incibe.es"
}
]
}

10
CVE-2023/CVE-2023-64xx/CVE-2023-6478.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6478",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-13T10:15:10.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en xorg-server. Una solicitud especialmente manipulada a RRChangeProviderProperty o RRChangeOutputProperty puede desencadenar un desbordamiento de enteros que puede provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."
}
],
"metrics": {
@ -59,6 +63,10 @@
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"

24
CVE-2023/CVE-2023-65xx/CVE-2023-6534.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6534",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.680",
"lastModified": "2023-12-13T09:15:34.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. \u00a0This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall."
},
{
"lang": "es",
"value": "En las versiones de FreeBSD 14.0-RELEASE anteriores a 14-RELEASE-p2, FreeBSD 13.2-RELEASE anteriores a 13.2-RELEASE-p7 y FreeBSD 12.4-RELEASE anteriores a 12.4-RELEASE-p9, el filtro de paquetes pf(4) valida incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un actor malintencionado ejecute un ataque de denegaci\u00f3n de servicio contra hosts detr\u00e1s del firewall."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc",
"source": "secteam@freebsd.org"
}
]
}

24
CVE-2023/CVE-2023-66xx/CVE-2023-6660.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6660",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.730",
"lastModified": "2023-12-13T09:15:34.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication.\n\nThe bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network.\n\nNote that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem."
},
{
"lang": "es",
"value": "Cuando un programa que se ejecuta en un sistema afectado agrega datos a un archivo a trav\u00e9s de un montaje de NFS client, el error puede provocar que el NFS client no pueda copiar los datos que se van a escribir, pero proceda como si la operaci\u00f3n de copia se hubiera realizado correctamente. Esto significa que los datos que se van a escribir se reemplazan con cualquier dato que haya estado previamente en el b\u00fafer de paquetes. Por lo tanto, un usuario sin privilegios con acceso a un sistema afectado puede abusar del error para provocar la divulgaci\u00f3n de informaci\u00f3n confidencial. En particular, la filtraci\u00f3n se limita a datos previamente almacenados en mbufs, que se utilizan para la transmisi\u00f3n y recepci\u00f3n de la red, y para ciertos tipos de comunicaci\u00f3n entre procesos. El error tambi\u00e9n puede ser provocado involuntariamente por aplicaciones del sistema, en cuyo caso los datos escritos por la aplicaci\u00f3n en un montaje NFS pueden estar da\u00f1ados. Los datos corruptos se escriben a trav\u00e9s de la red en el servidor NFS y, por lo tanto, tambi\u00e9n son susceptibles de ser espiados por otros hosts de la red. Tenga en cuenta que el error existe s\u00f3lo en el NFS client; la versi\u00f3n y la implementaci\u00f3n del servidor no tienen ning\u00fan efecto sobre si un sistema determinado se ve afectado por el problema."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:18.nfsclient.asc",
"source": "secteam@freebsd.org"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6718.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6718",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T09:15:34.780",
"lastModified": "2023-12-13T09:15:34.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Repox, que permite a un usuario remoto enviar una solicitud POST especialmente manipulada, debido a la falta de cualquier m\u00e9todo de autenticaci\u00f3n, lo que resulta en la alteraci\u00f3n o creaci\u00f3n de usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6719.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6719",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.070",
"lastModified": "2023-12-13T10:15:11.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad XSS en Repox, que permite a un atacante comprometer las interacciones entre un usuario y la aplicaci\u00f3n vulnerable, y puede ser explotada por un tercero enviando un payload de JavaScript especialmente manipulado a un usuario, y as\u00ed obtener control total de su sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6720.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6720",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.403",
"lastModified": "2023-12-13T10:15:11.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad XSS almacenada en Repox, que permite a un atacante local almacenar un payload de JavaScript especialmente manipulado en el servidor, debido a la falta de una sanitizaci\u00f3n adecuada de los elementos de campo, lo que permite al atacante activar el payload malicioso cuando se carga la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6721.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6721",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:11.793",
"lastModified": "2023-12-13T10:15:11.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad XEE en Repox, que permite a un atacante remoto interferir con el procesamiento de datos XML de la aplicaci\u00f3n en la funci\u00f3n de carga de archivos, lo que resulta en una interacci\u00f3n entre el atacante y el sistema de archivos del servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6722.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6722",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T10:15:12.150",
"lastModified": "2023-12-13T10:15:12.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files..."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de path traversal en Repox, que permite a un atacante leer archivos arbitrarios en el servidor en ejecuci\u00f3n, lo que resulta en la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante podr\u00eda acceder a archivos como c\u00f3digo o datos de la aplicaci\u00f3n, credenciales de backend, archivos del sistema operativo..."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-67xx/CVE-2023-6723.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6723",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-13T11:15:08.040",
"lastModified": "2023-12-13T11:15:08.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de carga de archivos sin restricciones en Repbox, que permite a un atacante cargar archivos maliciosos a trav\u00e9s de la funci\u00f3n transforamationfileupload, debido a la falta de controles adecuados de validaci\u00f3n del tipo de archivo, lo que resulta en un compromiso total del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox",
"source": "cve-coordination@incibe.es"
}
]
}

66
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-13T09:00:27.014102+00:00
2023-12-13T13:08:21.816983+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-13T08:15:52.493000+00:00
2023-12-13T12:15:07.363000+00:00
```
### Last Data Feed Release
@ -29,46 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232954
232975
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `21`
* [CVE-2022-27488](CVE-2022/CVE-2022-274xx/CVE-2022-27488.json) (`2023-12-13T07:15:10.910`)
* [CVE-2023-36639](CVE-2023/CVE-2023-366xx/CVE-2023-36639.json) (`2023-12-13T07:15:12.900`)
* [CVE-2023-40716](CVE-2023/CVE-2023-407xx/CVE-2023-40716.json) (`2023-12-13T07:15:14.223`)
* [CVE-2023-41673](CVE-2023/CVE-2023-416xx/CVE-2023-41673.json) (`2023-12-13T07:15:15.860`)
* [CVE-2023-41678](CVE-2023/CVE-2023-416xx/CVE-2023-41678.json) (`2023-12-13T07:15:17.317`)
* [CVE-2023-41844](CVE-2023/CVE-2023-418xx/CVE-2023-41844.json) (`2023-12-13T07:15:18.887`)
* [CVE-2023-45587](CVE-2023/CVE-2023-455xx/CVE-2023-45587.json) (`2023-12-13T07:15:20.363`)
* [CVE-2023-46671](CVE-2023/CVE-2023-466xx/CVE-2023-46671.json) (`2023-12-13T07:15:22.013`)
* [CVE-2023-46675](CVE-2023/CVE-2023-466xx/CVE-2023-46675.json) (`2023-12-13T07:15:23.077`)
* [CVE-2023-46713](CVE-2023/CVE-2023-467xx/CVE-2023-46713.json) (`2023-12-13T07:15:24.547`)
* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-13T07:15:27.480`)
* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-13T07:15:28.980`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T07:15:30.030`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T07:15:31.213`)
* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-13T08:15:50.190`)
* [CVE-2023-47536](CVE-2023/CVE-2023-475xx/CVE-2023-47536.json) (`2023-12-13T08:15:50.920`)
* [CVE-2022-22942](CVE-2022/CVE-2022-229xx/CVE-2022-22942.json) (`2023-12-13T09:15:33.890`)
* [CVE-2023-31210](CVE-2023/CVE-2023-312xx/CVE-2023-31210.json) (`2023-12-13T09:15:34.080`)
* [CVE-2023-44251](CVE-2023/CVE-2023-442xx/CVE-2023-44251.json) (`2023-12-13T09:15:34.280`)
* [CVE-2023-44252](CVE-2023/CVE-2023-442xx/CVE-2023-44252.json) (`2023-12-13T09:15:34.473`)
* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-13T09:15:34.680`)
* [CVE-2023-6660](CVE-2023/CVE-2023-66xx/CVE-2023-6660.json) (`2023-12-13T09:15:34.730`)
* [CVE-2023-6718](CVE-2023/CVE-2023-67xx/CVE-2023-6718.json) (`2023-12-13T09:15:34.780`)
* [CVE-2023-47063](CVE-2023/CVE-2023-470xx/CVE-2023-47063.json) (`2023-12-13T10:15:08.443`)
* [CVE-2023-47074](CVE-2023/CVE-2023-470xx/CVE-2023-47074.json) (`2023-12-13T10:15:08.823`)
* [CVE-2023-47075](CVE-2023/CVE-2023-470xx/CVE-2023-47075.json) (`2023-12-13T10:15:09.160`)
* [CVE-2023-47076](CVE-2023/CVE-2023-470xx/CVE-2023-47076.json) (`2023-12-13T10:15:09.480`)
* [CVE-2023-47077](CVE-2023/CVE-2023-470xx/CVE-2023-47077.json) (`2023-12-13T10:15:09.750`)
* [CVE-2023-6719](CVE-2023/CVE-2023-67xx/CVE-2023-6719.json) (`2023-12-13T10:15:11.070`)
* [CVE-2023-6720](CVE-2023/CVE-2023-67xx/CVE-2023-6720.json) (`2023-12-13T10:15:11.403`)
* [CVE-2023-6721](CVE-2023/CVE-2023-67xx/CVE-2023-6721.json) (`2023-12-13T10:15:11.793`)
* [CVE-2023-6722](CVE-2023/CVE-2023-67xx/CVE-2023-6722.json) (`2023-12-13T10:15:12.150`)
* [CVE-2023-6379](CVE-2023/CVE-2023-63xx/CVE-2023-6379.json) (`2023-12-13T11:15:07.100`)
* [CVE-2023-6380](CVE-2023/CVE-2023-63xx/CVE-2023-6380.json) (`2023-12-13T11:15:07.630`)
* [CVE-2023-6381](CVE-2023/CVE-2023-63xx/CVE-2023-6381.json) (`2023-12-13T11:15:07.830`)
* [CVE-2023-6723](CVE-2023/CVE-2023-67xx/CVE-2023-6723.json) (`2023-12-13T11:15:08.040`)
* [CVE-2023-44362](CVE-2023/CVE-2023-443xx/CVE-2023-44362.json) (`2023-12-13T12:15:07.363`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `8`
* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-13T07:15:07.520`)
* [CVE-2023-47262](CVE-2023/CVE-2023-472xx/CVE-2023-47262.json) (`2023-12-13T07:15:26.120`)
* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-12-13T08:15:50.407`)
* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-12-13T08:15:50.683`)
* [CVE-2023-4910](CVE-2023/CVE-2023-49xx/CVE-2023-4910.json) (`2023-12-13T08:15:51.190`)
* [CVE-2023-4956](CVE-2023/CVE-2023-49xx/CVE-2023-4956.json) (`2023-12-13T08:15:51.330`)
* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-12-13T08:15:51.483`)
* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-12-13T08:15:51.617`)
* [CVE-2023-5871](CVE-2023/CVE-2023-58xx/CVE-2023-5871.json) (`2023-12-13T08:15:52.103`)
* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2023-12-13T08:15:52.337`)
* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-13T08:15:52.493`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-13T10:15:07.907`)
* [CVE-2023-5189](CVE-2023/CVE-2023-51xx/CVE-2023-5189.json) (`2023-12-13T10:15:10.110`)
* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-13T10:15:10.293`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2023-12-13T10:15:10.390`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-13T10:15:10.600`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2023-12-13T10:15:10.740`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T10:15:10.867`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T10:15:10.963`)
## Download and Usage