admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-05T17:00:19.012492+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-05 17:00:22 +00:00
parent d0e5bab903
commit c20b079fe8
40 changed files with 1652 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-244xx/CVE-2022-24403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-24403",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-12-05T14:15:07.510",
"lastModified": "2023-12-05T14:15:07.510",
"vulnStatus": "Received",
"lastModified": "2023-12-05T15:27:54.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

105
CVE-2023/CVE-2023-290xx/CVE-2023-29066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29066",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T21:15:08.173",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:07:40.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -50,10 +80,79 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-406xx/CVE-2023-40626.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-40626",
"sourceIdentifier": "security@joomla.org",
"published": "2023-11-29T13:15:07.123",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:52:05.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information."
},
{
"lang": "es",
"value": "El proceso de an\u00e1lisis de archivos de idioma podr\u00eda manipularse para exponer variables de entorno. Las variables de entorno pueden contener informaci\u00f3n sensible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndExcluding": "3.10.14",
"matchCriteriaId": "CD9A8D88-4453-49FE-BD77-74679F9C5A90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.1",
"matchCriteriaId": "31108983-2A8B-4F15-8C45-2AD1DC889607"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomla:joomla\\!:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F36B6E3-B003-4F49-A3D3-C8C17D26B51D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-429xx/CVE-2023-42916.json
View File

@ -2,16 +2,28 @@
"id": "CVE-2023-42916",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.223",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:15:07.640",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1."
},
{
"lang": "es",
"value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 17.1.2 y iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. El procesamiento de contenido web puede revelar informaci\u00f3n confidencial. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado en versiones de iOS anteriores a iOS 16.7.1."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214031",
"source": "product-security@apple.com"

16
CVE-2023/CVE-2023-429xx/CVE-2023-42917.json
View File

@ -2,16 +2,28 @@
"id": "CVE-2023-42917",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-11-30T23:15:07.280",
"lastModified": "2023-12-01T02:28:42.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:15:07.720",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-12-04",
"cisaActionDue": "2023-12-25",
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1."
},
{
"lang": "es",
"value": "Se solucion\u00f3 una vulnerabilidad de corrupci\u00f3n de memoria con un bloqueo mejorado. Este problema se solucion\u00f3 en iOS 17.1.2 y iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado en versiones de iOS anteriores a iOS 16.7.1."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214031",
"source": "product-security@apple.com"

55
CVE-2023/CVE-2023-442xx/CVE-2023-44297.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44297",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-05T16:15:07.097",
"lastModified": "2023-12-05T16:15:07.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1234"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44298.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44298",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-05T16:15:07.333",
"lastModified": "2023-12-05T16:15:07.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1234"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability",
"source": "security_alert@emc.com"
}
]
}

68
CVE-2023/CVE-2023-488xx/CVE-2023-48880.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48880",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.167",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-05T16:38:50.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar script web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Nombre del men\u00fa en /login.php?m=admin&c=Index&a= changeTableVal&_ajax=1&lang=cn."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyoucms:eyoucms:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E52879A-3ABB-441B-B6A9-A91E6C700778"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/weng-xianhu/eyoucms/issues/52",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-488xx/CVE-2023-48881.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-48881",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.217",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-05T16:41:54.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar scripts o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo T\u00edtulo del campo en /login.php?m=admin&c=Field&a= arctype_add&_ajax=1&lang=cn."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyoucms:eyoucms:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E52879A-3ABB-441B-B6A9-A91E6C700778"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/weng-xianhu/eyoucms/issues/53",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-488xx/CVE-2023-48882.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-48882",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-29T16:15:07.270",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-05T16:45:50.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Propiedades del documento en /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&idioma=cn."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyoucms:eyoucms:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E52879A-3ABB-441B-B6A9-A91E6C700778"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/weng-xianhu/eyoucms/issues/54",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-490xx/CVE-2023-49090.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49090",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T15:15:08.900",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T16:25:58.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5."
},
{
"lang": "es",
"value": "CarrierWave es una soluci\u00f3n para carga de archivos para Rails, Sinatra y otros frameworks web Ruby. CarrierWave tiene una vulnerabilidad de omisi\u00f3n de lista permitida de tipo de contenido, que posiblemente conduzca a XSS. La validaci\u00f3n en `allowlisted_content_type?` determina los permisos de tipo de contenido realizando una coincidencia parcial. Si al argumento `content_type` de `allowlisted_content_type?` se le pasa un valor creado por el atacante, se permitir\u00e1n los tipos de contenido no incluidos en `content_type_allowlist`. Este problema se solucion\u00f3 en las versiones 2.2.5 y 3.0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.2.5",
"matchCriteriaId": "24759284-5E91-43AE-80B4-ED77679DAE19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.5",
"matchCriteriaId": "E3FB153B-EC7F-411D-89EF-99633A3D4784"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49372.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.773",
"lastModified": "2023-12-05T15:27:54.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20present%20at%20the%20new%20location%20of%20the%20rotation%20image.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49373.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.820",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49374.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.867",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49375.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.913",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20CSRF%20in%20the%20modification%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49376.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:07.963",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Delete%20existing%20CSRF%20in%20label%20management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49377.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.010",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Modification%20of%20CSRF%20in%20Label%20Management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49378.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.057",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20creation%20location%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49379.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49379",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.100",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20new%20location%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49380.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49380",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.150",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20friendship%20link.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49381.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.207",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20modification%20point%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49382.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.253",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20the%20custom%20table.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49383.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49383",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.307",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/cms/blob/main/Added%20CSRF%20in%20Label%20Management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49395.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49395",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.360",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20in%20the%20column%20management%20modification%20section.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49396.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49396",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.417",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20newly%20added%20section%20of%20column%20management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49397.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49397",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.470",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20change%20of%20column%20management%20status.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-493xx/CVE-2023-49398.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49398",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.513",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20column%20management.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-494xx/CVE-2023-49446.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.560",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20newly%20added%20navigation%20management%20area.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-494xx/CVE-2023-49447.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.610",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20navigation%20management%20modification%20location.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-494xx/CVE-2023-49448.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-05T15:15:08.653",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20navigation%20management.md",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-496xx/CVE-2023-49652.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-49652",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-11-29T14:15:07.460",
"lastModified": "2023-11-29T15:15:09.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T16:06:16.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1."
},
{
"lang": "es",
"value": "Las comprobaciones de permisos incorrectas en el complemento Jenkins Google Compute Engine 4.550.vb_327fca_3db_11 y versiones anteriores permiten a atacantes con permiso global de Elemento/Configuraci\u00f3n (aunque carecen del permiso de Elemento/Configuraci\u00f3n en cualquier trabajo en particular) enumerar las ID de las credenciales almacenadas en Jenkins y conectarse a Google Cloud Platform utiliza ID de credenciales especificadas por el atacante obtenidas mediante otro m\u00e9todo, para obtener informaci\u00f3n sobre proyectos existentes. Esta soluci\u00f3n se ha actualizado a 4.3.17.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:google_compute_engine:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "4.3.17.1",
"matchCriteriaId": "3B4690EE-51E5-4556-907B-4C9274D9AC48"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-2835",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-496xx/CVE-2023-49653.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-49653",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-11-29T14:15:07.527",
"lastModified": "2023-11-29T15:15:09.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T16:11:28.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to."
},
{
"lang": "es",
"value": "Jenkins Jira Plugin 3.11 y versiones anteriores no establecen el contexto apropiado para la b\u00fasqueda de credenciales, lo que permite a los atacantes con permiso Elemento/Configurar acceder y capturar credenciales a las que no tienen derecho."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jira:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.11",
"matchCriteriaId": "9C76F400-F7A8-4BE9-AB72-1BEB2FEDD52E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3225",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-60xx/CVE-2023-6070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6070",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-29T09:15:21.877",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:11:13.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.6.8",
"matchCriteriaId": "491EC555-A038-43F6-A6AB-E455B6402EC1"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6180.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6180",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2023-12-05T15:15:08.703",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://github.com/cloudflare/boring/security/advisories/GHSA-pjrj-h4fg-6gm4",
"source": "cna@cloudflare.com"
}
]
}

95
CVE-2023/CVE-2023-62xx/CVE-2023-6217.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6217",
"sourceIdentifier": "security@progress.com",
"published": "2023-11-29T17:15:07.373",
"lastModified": "2023-11-29T20:53:05.993",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T16:55:45.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7),\u00a0a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.\u00a0 \n\nAn attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim\u2019s browser.\n"
},
{
"lang": "es",
"value": "En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), se identific\u00f3 una vulnerabilidad de cross-site scripting (XSS) reflejada cuando MOVEit Gateway se utiliza junto con MOVEit Transfer. Un atacante podr\u00eda crear un payload malicioso dirigida al sistema que comprende una implementaci\u00f3n de MOVEit Gateway y MOVEit Transfer. Si un usuario de MOVEit interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1.0",
"matchCriteriaId": "9A99606D-C2F1-40F0-B682-8AF3A1214ED7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.0.0",
"versionEndExcluding": "2022.0.9",
"matchCriteriaId": "6985BD08-92E5-48EA-BB76-B85186F067EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.10",
"matchCriteriaId": "7753AA60-D5C5-47A7-AE71-0ED05DE24930"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.0.7",
"matchCriteriaId": "A01A6CCA-73BC-45BE-858A-24EEA00B81EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.1.0",
"versionEndExcluding": "2023.1.2",
"matchCriteriaId": "7B7FB41C-AC16-4A5F-9C0D-CEF3E87084CF"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

105
CVE-2023/CVE-2023-63xx/CVE-2023-6348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6348",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.403",
"lastModified": "2023-12-01T19:15:08.077",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-05T15:30:32.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "Type Confusion en Spellcheck en Google Chrome anterior a 119.0.6045.199 permit\u00eda a un atacante remoto que hab\u00eda comprometido el proceso de renderizado explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.199",
"matchCriteriaId": "8C6C57F9-2AF1-46DE-866C-A0AE86591008"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1491459",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5569",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

116
CVE-2023/CVE-2023-63xx/CVE-2023-6351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6351",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.497",
"lastModified": "2023-12-01T19:15:08.180",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-05T15:40:08.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Use after free en libavif en Google Chrome anterior a 119.0.6045.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de un archivo avif manipulado. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.199",
"matchCriteriaId": "8C6C57F9-2AF1-46DE-866C-A0AE86591008"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1501770",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5569",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-63xx/CVE-2023-6357.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6357",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-05T15:15:08.983",
"lastModified": "2023-12-05T15:27:51.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-066",
"source": "info@cert.vde.com"
}
]
}

62
CVE-2023/CVE-2023-63xx/CVE-2023-6378.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6378",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-11-29T12:15:07.543",
"lastModified": "2023-11-29T14:18:05.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-05T15:45:43.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de serializaci\u00f3n en el componente receptor de inicio de sesi\u00f3n de la versi\u00f3n 1.4.11 permite a un atacante montar un ataque de Denegaci\u00f3n de Servicio mediante el env\u00edo de datos envenenados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -34,10 +58,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qos:logback:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E6386F1A-27F7-430A-AE05-5CE8BA3BEC07"
}
]
}
]
}
],
"references": [
{
"url": "https://logback.qos.ch/news.html#1.3.12",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Release Notes"
]
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-05T15:01:03.233992+00:00
2023-12-05T17:00:19.012492+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-05T14:59:07.577000+00:00
2023-12-05T16:55:45.377000+00:00
```
### Last Data Feed Release
@ -29,45 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232333
232356
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `23`
* [CVE-2022-24403](CVE-2022/CVE-2022-244xx/CVE-2022-24403.json) (`2023-12-05T14:15:07.510`)
* [CVE-2023-49373](CVE-2023/CVE-2023-493xx/CVE-2023-49373.json) (`2023-12-05T15:15:07.820`)
* [CVE-2023-49374](CVE-2023/CVE-2023-493xx/CVE-2023-49374.json) (`2023-12-05T15:15:07.867`)
* [CVE-2023-49375](CVE-2023/CVE-2023-493xx/CVE-2023-49375.json) (`2023-12-05T15:15:07.913`)
* [CVE-2023-49376](CVE-2023/CVE-2023-493xx/CVE-2023-49376.json) (`2023-12-05T15:15:07.963`)
* [CVE-2023-49377](CVE-2023/CVE-2023-493xx/CVE-2023-49377.json) (`2023-12-05T15:15:08.010`)
* [CVE-2023-49378](CVE-2023/CVE-2023-493xx/CVE-2023-49378.json) (`2023-12-05T15:15:08.057`)
* [CVE-2023-49379](CVE-2023/CVE-2023-493xx/CVE-2023-49379.json) (`2023-12-05T15:15:08.100`)
* [CVE-2023-49380](CVE-2023/CVE-2023-493xx/CVE-2023-49380.json) (`2023-12-05T15:15:08.150`)
* [CVE-2023-49381](CVE-2023/CVE-2023-493xx/CVE-2023-49381.json) (`2023-12-05T15:15:08.207`)
* [CVE-2023-49382](CVE-2023/CVE-2023-493xx/CVE-2023-49382.json) (`2023-12-05T15:15:08.253`)
* [CVE-2023-49383](CVE-2023/CVE-2023-493xx/CVE-2023-49383.json) (`2023-12-05T15:15:08.307`)
* [CVE-2023-49395](CVE-2023/CVE-2023-493xx/CVE-2023-49395.json) (`2023-12-05T15:15:08.360`)
* [CVE-2023-49396](CVE-2023/CVE-2023-493xx/CVE-2023-49396.json) (`2023-12-05T15:15:08.417`)
* [CVE-2023-49397](CVE-2023/CVE-2023-493xx/CVE-2023-49397.json) (`2023-12-05T15:15:08.470`)
* [CVE-2023-49398](CVE-2023/CVE-2023-493xx/CVE-2023-49398.json) (`2023-12-05T15:15:08.513`)
* [CVE-2023-49446](CVE-2023/CVE-2023-494xx/CVE-2023-49446.json) (`2023-12-05T15:15:08.560`)
* [CVE-2023-49447](CVE-2023/CVE-2023-494xx/CVE-2023-49447.json) (`2023-12-05T15:15:08.610`)
* [CVE-2023-49448](CVE-2023/CVE-2023-494xx/CVE-2023-49448.json) (`2023-12-05T15:15:08.653`)
* [CVE-2023-6180](CVE-2023/CVE-2023-61xx/CVE-2023-6180.json) (`2023-12-05T15:15:08.703`)
* [CVE-2023-6357](CVE-2023/CVE-2023-63xx/CVE-2023-6357.json) (`2023-12-05T15:15:08.983`)
* [CVE-2023-49372](CVE-2023/CVE-2023-493xx/CVE-2023-49372.json) (`2023-12-05T15:15:07.773`)
* [CVE-2023-44297](CVE-2023/CVE-2023-442xx/CVE-2023-44297.json) (`2023-12-05T16:15:07.097`)
* [CVE-2023-44298](CVE-2023/CVE-2023-442xx/CVE-2023-44298.json) (`2023-12-05T16:15:07.333`)
### CVEs modified in the last Commit
Recently modified CVEs: `203`
Recently modified CVEs: `16`
* [CVE-2023-37572](CVE-2023/CVE-2023-375xx/CVE-2023-37572.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-39248](CVE-2023/CVE-2023-392xx/CVE-2023-39248.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-44288](CVE-2023/CVE-2023-442xx/CVE-2023-44288.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-44295](CVE-2023/CVE-2023-442xx/CVE-2023-44295.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-43472](CVE-2023/CVE-2023-434xx/CVE-2023-43472.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-49070](CVE-2023/CVE-2023-490xx/CVE-2023-49070.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-5188](CVE-2023/CVE-2023-51xx/CVE-2023-5188.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-6269](CVE-2023/CVE-2023-62xx/CVE-2023-6269.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-41835](CVE-2023/CVE-2023-418xx/CVE-2023-41835.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-43608](CVE-2023/CVE-2023-436xx/CVE-2023-43608.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-43628](CVE-2023/CVE-2023-436xx/CVE-2023-43628.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-45838](CVE-2023/CVE-2023-458xx/CVE-2023-45838.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-45839](CVE-2023/CVE-2023-458xx/CVE-2023-45839.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-45840](CVE-2023/CVE-2023-458xx/CVE-2023-45840.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-45841](CVE-2023/CVE-2023-458xx/CVE-2023-45841.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-45842](CVE-2023/CVE-2023-458xx/CVE-2023-45842.json) (`2023-12-05T13:51:04.540`)
* [CVE-2023-49674](CVE-2023/CVE-2023-496xx/CVE-2023-49674.json) (`2023-12-05T14:05:54.363`)
* [CVE-2023-46887](CVE-2023/CVE-2023-468xx/CVE-2023-46887.json) (`2023-12-05T14:19:33.893`)
* [CVE-2023-47462](CVE-2023/CVE-2023-474xx/CVE-2023-47462.json) (`2023-12-05T14:26:20.953`)
* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-12-05T14:44:26.333`)
* [CVE-2023-29062](CVE-2023/CVE-2023-290xx/CVE-2023-29062.json) (`2023-12-05T14:44:47.873`)
* [CVE-2023-29063](CVE-2023/CVE-2023-290xx/CVE-2023-29063.json) (`2023-12-05T14:45:30.123`)
* [CVE-2023-29061](CVE-2023/CVE-2023-290xx/CVE-2023-29061.json) (`2023-12-05T14:45:46.417`)
* [CVE-2023-29064](CVE-2023/CVE-2023-290xx/CVE-2023-29064.json) (`2023-12-05T14:54:35.220`)
* [CVE-2023-29065](CVE-2023/CVE-2023-290xx/CVE-2023-29065.json) (`2023-12-05T14:59:07.577`)
* [CVE-2022-24403](CVE-2022/CVE-2022-244xx/CVE-2022-24403.json) (`2023-12-05T15:27:54.807`)
* [CVE-2023-29066](CVE-2023/CVE-2023-290xx/CVE-2023-29066.json) (`2023-12-05T15:07:40.170`)
* [CVE-2023-6070](CVE-2023/CVE-2023-60xx/CVE-2023-6070.json) (`2023-12-05T15:11:13.197`)
* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-05T15:15:07.640`)
* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-05T15:15:07.720`)
* [CVE-2023-6348](CVE-2023/CVE-2023-63xx/CVE-2023-6348.json) (`2023-12-05T15:30:32.840`)
* [CVE-2023-6351](CVE-2023/CVE-2023-63xx/CVE-2023-6351.json) (`2023-12-05T15:40:08.297`)
* [CVE-2023-6378](CVE-2023/CVE-2023-63xx/CVE-2023-6378.json) (`2023-12-05T15:45:43.517`)
* [CVE-2023-40626](CVE-2023/CVE-2023-406xx/CVE-2023-40626.json) (`2023-12-05T15:52:05.227`)
* [CVE-2023-49652](CVE-2023/CVE-2023-496xx/CVE-2023-49652.json) (`2023-12-05T16:06:16.127`)
* [CVE-2023-49653](CVE-2023/CVE-2023-496xx/CVE-2023-49653.json) (`2023-12-05T16:11:28.913`)
* [CVE-2023-49090](CVE-2023/CVE-2023-490xx/CVE-2023-49090.json) (`2023-12-05T16:25:58.023`)
* [CVE-2023-48880](CVE-2023/CVE-2023-488xx/CVE-2023-48880.json) (`2023-12-05T16:38:50.380`)
* [CVE-2023-48881](CVE-2023/CVE-2023-488xx/CVE-2023-48881.json) (`2023-12-05T16:41:54.707`)
* [CVE-2023-48882](CVE-2023/CVE-2023-488xx/CVE-2023-48882.json) (`2023-12-05T16:45:50.737`)
* [CVE-2023-6217](CVE-2023/CVE-2023-62xx/CVE-2023-6217.json) (`2023-12-05T16:55:45.377`)
## Download and Usage