Auto-Update: 2023-11-17T13:00:17.764570+00:00

CVE-2020/CVE-2020-114xx/CVE-2020-11447.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2020-11447",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-17T12:15:06.967",
+  "lastModified": "2023-11-17T12:15:06.967",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://0xem.ma/posts/HH3K-CVE/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2020/CVE-2020-114xx/CVE-2020-11448.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2020-11448",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-17T12:15:07.030",
+  "lastModified": "2023-11-17T12:15:07.030",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://0xem.ma/posts/HH3K-CVE/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47066.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47066",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:07.293",
+  "lastModified": "2023-11-17T11:15:07.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47067.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47067",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:07.793",
+  "lastModified": "2023-11-17T11:15:07.793",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47068.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47068",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:07.997",
+  "lastModified": "2023-11-17T11:15:07.997",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47069.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47069",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:08.200",
+  "lastModified": "2023-11-17T11:15:08.200",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47070.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47070",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:08.457",
+  "lastModified": "2023-11-17T11:15:08.457",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47071.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47071",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:08.660",
+  "lastModified": "2023-11-17T11:15:08.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47072.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47072",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:08.867",
+  "lastModified": "2023-11-17T11:15:08.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-824"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47073.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47073",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2023-11-17T11:15:09.060",
+  "lastModified": "2023-11-17T11:15:09.060",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-17T11:00:17.975657+00:00
+2023-11-17T13:00:17.764570+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-17T10:15:08.167000+00:00
+2023-11-17T12:15:07.030000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,18 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-231038
+231048
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `10`
 
-* [CVE-2023-44325](CVE-2023/CVE-2023-443xx/CVE-2023-44325.json) (`2023-11-17T09:15:23.053`)
-* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-17T09:15:23.407`)
-* [CVE-2023-47757](CVE-2023/CVE-2023-477xx/CVE-2023-47757.json) (`2023-11-17T09:15:23.590`)
-* [CVE-2023-5444](CVE-2023/CVE-2023-54xx/CVE-2023-5444.json) (`2023-11-17T10:15:07.723`)
-* [CVE-2023-5445](CVE-2023/CVE-2023-54xx/CVE-2023-5445.json) (`2023-11-17T10:15:08.167`)
+* [CVE-2020-11447](CVE-2020/CVE-2020-114xx/CVE-2020-11447.json) (`2023-11-17T12:15:06.967`)
+* [CVE-2020-11448](CVE-2020/CVE-2020-114xx/CVE-2020-11448.json) (`2023-11-17T12:15:07.030`)
+* [CVE-2023-47066](CVE-2023/CVE-2023-470xx/CVE-2023-47066.json) (`2023-11-17T11:15:07.293`)
+* [CVE-2023-47067](CVE-2023/CVE-2023-470xx/CVE-2023-47067.json) (`2023-11-17T11:15:07.793`)
+* [CVE-2023-47068](CVE-2023/CVE-2023-470xx/CVE-2023-47068.json) (`2023-11-17T11:15:07.997`)
+* [CVE-2023-47069](CVE-2023/CVE-2023-470xx/CVE-2023-47069.json) (`2023-11-17T11:15:08.200`)
+* [CVE-2023-47070](CVE-2023/CVE-2023-470xx/CVE-2023-47070.json) (`2023-11-17T11:15:08.457`)
+* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-11-17T11:15:08.660`)
+* [CVE-2023-47072](CVE-2023/CVE-2023-470xx/CVE-2023-47072.json) (`2023-11-17T11:15:08.867`)
+* [CVE-2023-47073](CVE-2023/CVE-2023-470xx/CVE-2023-47073.json) (`2023-11-17T11:15:09.060`)
 
 
 ### CVEs modified in the last Commit