admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-15T19:00:24.460983+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-15 19:00:28 +00:00
parent 0fb60c1b11
commit cadcf036e7
20 changed files with 1366 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2021/CVE-2021-15xx/CVE-2021-1585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1585",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-07-08T19:15:09.207",
"lastModified": "2023-11-07T03:28:42.423",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T17:14:06.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -115,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:adaptive_security_device_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.16.1",
"matchCriteriaId": "C1273D16-7493-4CF9-BE04-8F3012AD2499"
"versionEndExcluding": "7.18.1.152",
"matchCriteriaId": "2B5529D3-4AC4-4B9D-BF3D-D4E7C3A7C24F"
}
]
}

12
CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1260",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:42.707",
"lastModified": "2023-11-16T00:56:28.813",
"lastModified": "2023-12-15T18:19:05.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"exploitabilityScore": 1.3,
"impactScore": 6.0
},
{

6
CVE-2023/CVE-2023-249xx/CVE-2023-24934.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24934",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-14T22:15:07.433",
"lastModified": "2023-04-21T13:25:32.477",
"lastModified": "2023-12-15T18:14:59.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:microsoft:malware_protection_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.18.2303.8",
"matchCriteriaId": "4AAC547B-FE54-4556-B48A-8C64EECE838F"
"matchCriteriaId": "5CED330B-A74F-464A-8F49-722EA41968A0"
}
]
}

107
CVE-2023/CVE-2023-366xx/CVE-2023-36639.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36639",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:12.900",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:54:15.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,91 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.10",
"matchCriteriaId": "7E1251FE-2B46-46AA-B474-506B0079810D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "4D78C235-F7F5-4611-8467-0CC4F0F69111"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.17",
"matchCriteriaId": "0135464C-532C-430D-A76C-2FCDE4C991D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.15",
"matchCriteriaId": "7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.12",
"matchCriteriaId": "5E99B6E5-7EC3-406C-AFAC-A5E32DE266DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.11",
"matchCriteriaId": "C2573C90-BE6A-4D5D-A223-F09213318909"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "3BA2C6ED-2765-4B56-9B37-10C50BD32C75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC27DCF-F74C-431C-9545-F405D369AF22"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-138",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2023/CVE-2023-40xx/CVE-2023-4016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4016",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-08-02T05:15:09.850",
"lastModified": "2023-08-21T03:15:11.863",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T18:19:03.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -25,12 +25,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
"impactScore": 1.4
},
{
"source": "trellixpsirt@trellix.com",
@ -93,6 +93,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
@ -105,7 +120,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-458xx/CVE-2023-45800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45800",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-12-13T02:15:07.323",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:50:06.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.79",
"versionEndExcluding": "3.8.81.1",
"matchCriteriaId": "A78D52F3-B19F-4BBD-9EE1-613EF89C79F0"
}
]
}
]
}
],
"references": [
{
"url": "https://hanbiro.com/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Product"
]
}
]
}

563
CVE-2023/CVE-2023-458xx/CVE-2023-45801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45801",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-12-13T03:15:48.037",
"lastModified": "2023-12-13T13:35:25.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T17:12:58.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,537 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0402r_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "B2C0DC93-D855-441B-97B0-765557C4D656"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0402r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E59946D2-4CCC-4CF6-BCBE-54370952B438"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0815r_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "A01F63BC-8930-4F50-AE44-61227AB44B13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0815r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3688DD10-080B-46E8-AC6C-6212CB04F76D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1623r_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "3E6D0D7B-2485-45AA-AF95-CDD489EBE759"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1623r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6617F8F4-A549-4331-9AA7-153878FEEC90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0402l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "65D7669D-0E4E-4C16-BB85-DE2DBA4FC4EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0402l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93558F83-5233-442D-9D57-0E2C5D985D64"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0815l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "CB415B8F-2CF9-43F2-896E-B63E506FAE5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0815l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B84D7D-8CF9-461F-B2FE-8AE0F9E2EE20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1623l_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "F0E28491-00AE-4F3F-8630-46DFA2489BCD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1623l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4770AD8B-AD64-4796-8E28-DF0EA167198B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0402e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "735A48B6-E873-4D8C-8E68-1B6C3C3DE25F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0402e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED78E59-9B1D-4160-BEA5-02FD768EAB69"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0815e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "E3247A31-2F0B-4A81-B3FD-5424F2FBE5B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0815e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3B028-2160-4243-8C3B-A0BD319C2638"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1623e_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "C6C82061-DC0F-4B36-88BC-67DE73455797"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1623e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD4EAD0-4B7C-4348-9A03-EA99A1503855"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0402m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "D8DA8F73-00CE-438F-B76C-633BA2706213"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0402m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA60AA7-C91F-45CC-84D6-C882AE70BB91"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0815m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "92B947E3-8AD6-4584-9CF3-5E610DE36094"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0815m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D56601-0F93-4239-85F6-014BDF2B0AB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1623m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "6F2AF606-B36E-4743-818A-1D2B363AE76B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1623m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F486BEEC-C6E8-4385-9506-B5F399C5A996"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0413m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "C177CD4B-4F74-4BF0-867B-067C4E9A3718"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0413m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B580066C-AE1A-49F2-8F2B-C1844FAED8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0823m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "836F8643-8198-4203-89CD-B0B42FFB5E77"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0823m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE2397D-4DCC-4F5B-95F1-C17918ACCA03"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1643m_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "1826A566-5A8B-4D35-BA61-88D634611226"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1643m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAF40E0-4EFE-4C71-90C4-1B36231BC12F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0413s_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "290BD1D1-AA8E-4DEB-A8AD-B75F90076F5E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0413s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091FE885-CE44-4AB9-8084-4A09E67CAEF5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-0823s_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "DB524CC6-B27F-4910-940A-60D9AA1BC173"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-0823s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA238781-FFB4-4861-B370-6E4734AD42AA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nadatel:at-1643s_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "9.9.0",
"matchCriteriaId": "470D1117-329D-43D2-90C1-29673B31555E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nadatel:at-1643s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39DF7FC9-B64C-4153-85B2-D35B6E337F15"
}
]
}
]
}
],
"references": [
{
"url": "http://www.nadatel.com/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-492xx/CVE-2023-49273.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49273",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T19:15:08.087",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:30:22.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
},
{
"lang": "es",
"value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.4, los usuarios con privilegios bajos (Editor, etc.) pueden acceder a algunos endpoints no deseados. Las versiones 8.18.10, 10.8.1 y 12.3.4 contienen un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.18.10",
"matchCriteriaId": "FAFFD03D-00A2-4AA4-A727-FA10CFC1446F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.8.1",
"matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.3.4",
"matchCriteriaId": "AD471553-62B9-4DBB-8DF6-93F7C3A08957"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-492xx/CVE-2023-49278.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49278",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.190",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:33:33.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
},
{
"lang": "es",
"value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.4, se puede utilizar un exploit de fuerza bruta para recopilar nombres de usuario v\u00e1lidos. Las versiones 8.18.10, 10.8.1 y 12.3.4 contienen un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +74,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.18.10",
"matchCriteriaId": "FAFFD03D-00A2-4AA4-A727-FA10CFC1446F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.8.1",
"matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.3.4",
"matchCriteriaId": "AD471553-62B9-4DBB-8DF6-93F7C3A08957"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-492xx/CVE-2023-49279.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49279",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.390",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:36:38.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."
},
{
"lang": "es",
"value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 7.0.0 y anteriores a las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0, un usuario con acceso al backoffice puede cargar archivos SVG que incluyan scripts. Si el usuario puede enga\u00f1ar a otro usuario para que cargue los medios directamente en un navegador, los scripts se pueden ejecutar. Las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0 contienen un parche para este problema. Algunas soluciones est\u00e1n disponibles. Implemente la validaci\u00f3n de archivos del lado del servidor o proporcione todos los medios desde un host diferente (por ejemplo, cdn) al que est\u00e1 alojado Umbraco."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.15.11",
"matchCriteriaId": "F339F5B2-A184-4105-8BC9-D3FD1B793271"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.18.9",
"matchCriteriaId": "185C2350-DA24-42EE-885E-39DAACBFB294"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.7.0",
"matchCriteriaId": "AE39433E-172C-42F4-BD74-31FA96A8FF05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.5.0",
"matchCriteriaId": "7E68D9FA-67C8-456C-926E-36E76A7B77B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.2.0",
"matchCriteriaId": "6842FACF-64C1-40A1-9B7A-ADF855867C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50089.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T17:15:12.780",
"lastModified": "2023-12-15T17:15:12.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

57
CVE-2023/CVE-2023-502xx/CVE-2023-50251.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50251",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T21:15:08.453",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T17:51:25.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue."
},
{
"lang": "es",
"value": "php-svg-lib es una librer\u00eda de an\u00e1lisis/representaci\u00f3n de archivos SVG. Antes de la versi\u00f3n 0.5.1, al analizar los atributos pasados a una etiqueta \"use\" dentro de un documento svg, un atacante pod\u00eda hacer que el sistema entrara en una recursividad infinita. Dependiendo de la configuraci\u00f3n del sistema y del patr\u00f3n de ataque, esto podr\u00eda agotar la memoria disponible para el proceso en ejecuci\u00f3n y/o para el propio servidor. Un atacante que env\u00eda m\u00faltiples solicitudes a un sistema para representar el payload anterior puede potencialmente causar el agotamiento de los recursos hasta el punto de que el sistema no pueda manejar la solicitud entrante. La versi\u00f3n 0.5.1 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dompdf:php-svg-lib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.1",
"matchCriteriaId": "F1E345BA-6667-40EB-AF3F-E279441B6C90"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-502xx/CVE-2023-50252.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50252",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T21:15:08.670",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T17:50:59.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. "
},
{
"lang": "es",
"value": "php-svg-lib es una librer\u00eda de an\u00e1lisis/representaci\u00f3n de archivos SVG. Antes de la versi\u00f3n 0.5.1, cuando se maneja la etiqueta `` que hace referencia a una etiqueta ``, se fusionan los atributos de la etiqueta `` con la etiqueta ``. El problema surge especialmente cuando el atributo `href` de la etiqueta `` no ha sido sanitizado. Esto puede provocar una lectura de archivo insegura que puede causar una vulnerabilidad de deserializaci\u00f3n PHAR en PHP anterior a la versi\u00f3n 8. La versi\u00f3n 0.5.1 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +74,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dompdf:php-svg-lib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.1",
"matchCriteriaId": "F1E345BA-6667-40EB-AF3F-E279441B6C90"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-509xx/CVE-2023-50917.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50917",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T17:15:12.840",
"lastModified": "2023-12-15T17:15:12.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-509xx/CVE-2023-50918.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50918",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T18:15:07.723",
"lastModified": "2023-12-15T18:15:07.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182",
"source": "cve@mitre.org"
}
]
}

7
CVE-2023/CVE-2023-51xx/CVE-2023-5156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5156",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T16:15:15.613",
"lastModified": "2023-12-10T12:15:06.947",
"vulnStatus": "Modified",
"lastModified": "2023-12-15T18:18:02.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -90,8 +90,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.34",
"versionEndExcluding": "2.39",
"matchCriteriaId": "9B07E72A-FA10-49C2-BBE3-468AF836A462"
"matchCriteriaId": "71609239-5262-473E-ACCE-18AE51AB184E"
}
]
}

72
CVE-2023/CVE-2023-67xx/CVE-2023-6753.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6753",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-13T00:15:07.330",
"lastModified": "2023-12-13T01:50:36.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:39:14.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2."
},
{
"lang": "es",
"value": "Path traversal en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,52 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.2",
"matchCriteriaId": "6B5585E2-CC70-4BED-AA89-B791F081ACFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-67xx/CVE-2023-6759.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6759",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T15:15:08.337",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:02:45.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Thecosy IceCMS 2.0.1 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /WebResource/resource del componente Love Handler afecta a una parte desconocida. La manipulaci\u00f3n conduce a la ejecuci\u00f3n inadecuada de una acci\u00f3n \u00fanica y \u00fanica. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-247887."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BFA839-61F5-4B6F-9A53-5BF6F0DADF20"
}
]
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/Icecms.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247887",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247887",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-67xx/CVE-2023-6760.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6760",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-13T16:15:12.210",
"lastModified": "2023-12-13T16:33:21.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-15T18:01:45.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Thecosy IceCMS hasta 2.0.1 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido. La manipulaci\u00f3n conduce a gestionar las sesiones de los usuarios. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247888."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BFA839-61F5-4B6F-9A53-5BF6F0DADF20"
}
]
}
]
}
],
"references": [
{
"url": "http://39.106.130.187/yue/yue.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.247888",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.247888",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-15T17:00:24.874064+00:00
2023-12-15T19:00:24.460983+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-15T16:53:57.570000+00:00
2023-12-15T18:54:15.480000+00:00
```
### Last Data Feed Release
@ -29,69 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233509
233512
```
### CVEs added in the last Commit
Recently added CVEs: `34`
Recently added CVEs: `3`
* [CVE-2023-49181](CVE-2023/CVE-2023-491xx/CVE-2023-49181.json) (`2023-12-15T15:15:09.430`)
* [CVE-2023-49182](CVE-2023/CVE-2023-491xx/CVE-2023-49182.json) (`2023-12-15T15:15:09.620`)
* [CVE-2023-49183](CVE-2023/CVE-2023-491xx/CVE-2023-49183.json) (`2023-12-15T15:15:09.817`)
* [CVE-2023-49184](CVE-2023/CVE-2023-491xx/CVE-2023-49184.json) (`2023-12-15T15:15:10.013`)
* [CVE-2023-49185](CVE-2023/CVE-2023-491xx/CVE-2023-49185.json) (`2023-12-15T15:15:10.207`)
* [CVE-2023-49187](CVE-2023/CVE-2023-491xx/CVE-2023-49187.json) (`2023-12-15T15:15:10.403`)
* [CVE-2023-49188](CVE-2023/CVE-2023-491xx/CVE-2023-49188.json) (`2023-12-15T15:15:10.600`)
* [CVE-2023-3511](CVE-2023/CVE-2023-35xx/CVE-2023-3511.json) (`2023-12-15T16:15:43.053`)
* [CVE-2023-3904](CVE-2023/CVE-2023-39xx/CVE-2023-3904.json) (`2023-12-15T16:15:43.387`)
* [CVE-2023-49159](CVE-2023/CVE-2023-491xx/CVE-2023-49159.json) (`2023-12-15T16:15:43.710`)
* [CVE-2023-49189](CVE-2023/CVE-2023-491xx/CVE-2023-49189.json) (`2023-12-15T16:15:43.913`)
* [CVE-2023-49190](CVE-2023/CVE-2023-491xx/CVE-2023-49190.json) (`2023-12-15T16:15:44.120`)
* [CVE-2023-49191](CVE-2023/CVE-2023-491xx/CVE-2023-49191.json) (`2023-12-15T16:15:44.320`)
* [CVE-2023-49197](CVE-2023/CVE-2023-491xx/CVE-2023-49197.json) (`2023-12-15T16:15:44.510`)
* [CVE-2023-49744](CVE-2023/CVE-2023-497xx/CVE-2023-49744.json) (`2023-12-15T16:15:44.707`)
* [CVE-2023-49747](CVE-2023/CVE-2023-497xx/CVE-2023-49747.json) (`2023-12-15T16:15:44.903`)
* [CVE-2023-49749](CVE-2023/CVE-2023-497xx/CVE-2023-49749.json) (`2023-12-15T16:15:45.090`)
* [CVE-2023-49767](CVE-2023/CVE-2023-497xx/CVE-2023-49767.json) (`2023-12-15T16:15:45.280`)
* [CVE-2023-49823](CVE-2023/CVE-2023-498xx/CVE-2023-49823.json) (`2023-12-15T16:15:45.547`)
* [CVE-2023-49829](CVE-2023/CVE-2023-498xx/CVE-2023-49829.json) (`2023-12-15T16:15:45.740`)
* [CVE-2023-5061](CVE-2023/CVE-2023-50xx/CVE-2023-5061.json) (`2023-12-15T16:15:45.930`)
* [CVE-2023-5310](CVE-2023/CVE-2023-53xx/CVE-2023-5310.json) (`2023-12-15T16:15:46.117`)
* [CVE-2023-5512](CVE-2023/CVE-2023-55xx/CVE-2023-5512.json) (`2023-12-15T16:15:46.300`)
* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2023-12-15T16:15:46.490`)
* [CVE-2023-6680](CVE-2023/CVE-2023-66xx/CVE-2023-6680.json) (`2023-12-15T16:15:46.737`)
* [CVE-2023-50089](CVE-2023/CVE-2023-500xx/CVE-2023-50089.json) (`2023-12-15T17:15:12.780`)
* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2023-12-15T17:15:12.840`)
* [CVE-2023-50918](CVE-2023/CVE-2023-509xx/CVE-2023-50918.json) (`2023-12-15T18:15:07.723`)
### CVEs modified in the last Commit
Recently modified CVEs: `47`
Recently modified CVEs: `16`
* [CVE-2023-35642](CVE-2023/CVE-2023-356xx/CVE-2023-35642.json) (`2023-12-15T15:09:31.000`)
* [CVE-2023-35643](CVE-2023/CVE-2023-356xx/CVE-2023-35643.json) (`2023-12-15T15:09:45.080`)
* [CVE-2023-35644](CVE-2023/CVE-2023-356xx/CVE-2023-35644.json) (`2023-12-15T15:10:04.680`)
* [CVE-2023-4932](CVE-2023/CVE-2023-49xx/CVE-2023-4932.json) (`2023-12-15T15:11:06.570`)
* [CVE-2023-4958](CVE-2023/CVE-2023-49xx/CVE-2023-4958.json) (`2023-12-15T15:24:03.380`)
* [CVE-2023-46116](CVE-2023/CVE-2023-461xx/CVE-2023-46116.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-48765](CVE-2023/CVE-2023-487xx/CVE-2023-48765.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49160](CVE-2023/CVE-2023-491xx/CVE-2023-49160.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49165](CVE-2023/CVE-2023-491xx/CVE-2023-49165.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-50870](CVE-2023/CVE-2023-508xx/CVE-2023-50870.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-50871](CVE-2023/CVE-2023-508xx/CVE-2023-50871.json) (`2023-12-15T15:26:42.177`)
* [CVE-2023-49583](CVE-2023/CVE-2023-495xx/CVE-2023-49583.json) (`2023-12-15T15:28:14.160`)
* [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2023-12-15T15:42:12.763`)
* [CVE-2023-38431](CVE-2023/CVE-2023-384xx/CVE-2023-38431.json) (`2023-12-15T15:46:35.903`)
* [CVE-2023-38428](CVE-2023/CVE-2023-384xx/CVE-2023-38428.json) (`2023-12-15T15:47:05.687`)
* [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2023-12-15T15:47:16.727`)
* [CVE-2023-2163](CVE-2023/CVE-2023-21xx/CVE-2023-2163.json) (`2023-12-15T15:48:16.843`)
* [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2023-12-15T15:55:59.337`)
* [CVE-2023-47271](CVE-2023/CVE-2023-472xx/CVE-2023-47271.json) (`2023-12-15T16:15:43.587`)
* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-15T16:15:45.467`)
* [CVE-2023-28465](CVE-2023/CVE-2023-284xx/CVE-2023-28465.json) (`2023-12-15T16:35:16.623`)
* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-15T16:53:04.417`)
* [CVE-2023-50422](CVE-2023/CVE-2023-504xx/CVE-2023-50422.json) (`2023-12-15T16:53:13.697`)
* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-15T16:53:22.867`)
* [CVE-2023-20275](CVE-2023/CVE-2023-202xx/CVE-2023-20275.json) (`2023-12-15T16:53:57.570`)
* [CVE-2021-1585](CVE-2021/CVE-2021-15xx/CVE-2021-1585.json) (`2023-12-15T17:14:06.997`)
* [CVE-2023-45801](CVE-2023/CVE-2023-458xx/CVE-2023-45801.json) (`2023-12-15T17:12:58.397`)
* [CVE-2023-50252](CVE-2023/CVE-2023-502xx/CVE-2023-50252.json) (`2023-12-15T17:50:59.207`)
* [CVE-2023-50251](CVE-2023/CVE-2023-502xx/CVE-2023-50251.json) (`2023-12-15T17:51:25.283`)
* [CVE-2023-6760](CVE-2023/CVE-2023-67xx/CVE-2023-6760.json) (`2023-12-15T18:01:45.383`)
* [CVE-2023-6759](CVE-2023/CVE-2023-67xx/CVE-2023-6759.json) (`2023-12-15T18:02:45.423`)
* [CVE-2023-24934](CVE-2023/CVE-2023-249xx/CVE-2023-24934.json) (`2023-12-15T18:14:59.947`)
* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-12-15T18:18:02.487`)
* [CVE-2023-4016](CVE-2023/CVE-2023-40xx/CVE-2023-4016.json) (`2023-12-15T18:19:03.787`)
* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-12-15T18:19:05.587`)
* [CVE-2023-49273](CVE-2023/CVE-2023-492xx/CVE-2023-49273.json) (`2023-12-15T18:30:22.630`)
* [CVE-2023-49278](CVE-2023/CVE-2023-492xx/CVE-2023-49278.json) (`2023-12-15T18:33:33.317`)
* [CVE-2023-49279](CVE-2023/CVE-2023-492xx/CVE-2023-49279.json) (`2023-12-15T18:36:38.653`)
* [CVE-2023-6753](CVE-2023/CVE-2023-67xx/CVE-2023-6753.json) (`2023-12-15T18:39:14.077`)
* [CVE-2023-45800](CVE-2023/CVE-2023-458xx/CVE-2023-45800.json) (`2023-12-15T18:50:06.017`)
* [CVE-2023-36639](CVE-2023/CVE-2023-366xx/CVE-2023-36639.json) (`2023-12-15T18:54:15.480`)
## Download and Usage