admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-04T21:00:18.770109+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-04 21:00:22 +00:00
parent f8f16268c3
commit cb66e815b9
26 changed files with 1960 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2022/CVE-2022-416xx/CVE-2022-41678.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-41678",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T16:15:06.840",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:08:39.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0\n\nIn details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia\n\norg.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.\n\nInto deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest is able to invoke\nthrough refection.\n\nAnd then, RCE is able to be achieved via\njdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\n\n1 Call newRecording.\n\n2 Call setConfiguration. And a webshell data hides in it.\n\n3 Call startRecording.\n\n4 Call copyTo method. The webshell will be written to a .jsp file.\n\nThe mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.\nA more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n"
},
{
"lang": "es",
"value": "Una vez que un usuario se autentica en Jolokia, potencialmente puede desencadenar la ejecuci\u00f3n de c\u00f3digo arbitrario. En detalles, en las configuraciones de ActiveMQ, jetty permite que org.jolokia.http.AgentServlet maneje la solicitud a /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest puede crear JmxRequest a trav\u00e9s de JSONObject. Y llamadas a org.jolokia.http.HttpRequestHandler#executeRequest. En pilas de llamadas m\u00e1s profundas, org.jolokia.handler.ExecHandler#doHandleRequest puede invocar mediante reflexi\u00f3n. Y luego, RCE se puede lograr a trav\u00e9s de jdk.management.jfr.FlightRecorderMXBeanImpl que existe en la versi\u00f3n de Java superior a 11. 1 Call newRecording. 2 Call setConfiguration. Y en \u00e9l se esconden datos de un webshell. 3 Call startRecording. 4 Call copyTo method. El webshell se escribir\u00e1 en un archivo .jsp. La mitigaci\u00f3n es restringir (de forma predeterminada) las acciones autorizadas en Jolokia o desactivar Jolokia. Se ha definido una configuraci\u00f3n de Jolokia m\u00e1s restrictiva en la distribuci\u00f3n predeterminada de ActiveMQ. Alentamos a los usuarios a actualizar a la versi\u00f3n de distribuciones ActiveMQ, incluida la configuraci\u00f3n actualizada de Jolokia: 5.16.6, 5.17.4, 5.18.0, 6.0.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,18 +50,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.6",
"matchCriteriaId": "2CD766F1-F0C9-4CFE-85F5-308248C6E44C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.0",
"versionEndExcluding": "5.17.4",
"matchCriteriaId": "B0D4F2D0-6707-47EA-BE24-D1B273EF5122"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-290xx/CVE-2023-29060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29060",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T20:15:07.230",
"lastModified": "2023-11-29T14:18:18.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:20:46.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -50,10 +80,80 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-290xx/CVE-2023-29061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29061",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T21:15:07.257",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:52:25.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -50,10 +80,79 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-290xx/CVE-2023-29062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29062",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T21:15:07.440",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:55:58.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -50,10 +80,79 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-290xx/CVE-2023-29063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29063",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-11-28T21:15:07.613",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:57:56.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -50,10 +80,79 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-340xx/CVE-2023-34053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34053",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-28T09:15:06.960",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:59:51.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.14",
"matchCriteriaId": "3C9B7BEA-AF85-4815-AFC0-0A04240FAD32"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34053",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-340xx/CVE-2023-34054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34054",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-28T09:15:07.147",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:59:30.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.39",
"matchCriteriaId": "BCFB064D-FAE3-4EB7-9B1F-327C9F4244EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.1.13",
"matchCriteriaId": "6C4793FB-0D8F-4B59-A9A7-22CFCA249735"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34054",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-340xx/CVE-2023-34055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34055",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-28T09:15:07.303",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:58:14.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndIncluding": "2.7.17",
"matchCriteriaId": "6706E7D6-A20F-4BEF-9A2D-65C60C32D3A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "9C09D8C7-323F-4EA7-9B2A-7F7278108930"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndIncluding": "3.1.5",
"matchCriteriaId": "A08E05A3-BA33-4797-976D-537BB0AE4D6B"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34055",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-412xx/CVE-2023-41264.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-41264",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T17:15:07.857",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:17:54.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints)."
},
{
"lang": "es",
"value": "Netwrix Usercube anterior a 6.0.215, en ciertas instalaciones locales mal configuradas, permite omitir la autenticaci\u00f3n en los endpoints de implementaci\u00f3n, lo que lleva a una escalada de privilegios. Esto solo ocurre si la configuraci\u00f3n omite los campos restSettings.AuthorizedClientId y restSettings.AuthorizedSecret requeridos (para los endpoints POST /api/Deployment/ExportConfiguration y POST /api/Deployment)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netwrix:usercube:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.215",
"matchCriteriaId": "33CD5527-85B1-4F81-8775-FA10F76F8016"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netwrix.com/identity_governance_and_administration_solution.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.synacktiv.com/advisories/usercube-netwrix-multiple-vulnerabilities",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-420xx/CVE-2023-42004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42004",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-28T11:15:07.220",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:46:40.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,14 +70,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_guardium:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEB866D-1959-41C9-858F-24C05D20E332"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_guardium:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9329F08-2AA4-4126-9A7F-1EEBB25A6C1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F327AB-9F53-402C-9BFA-F66F20A83B40"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265262",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7069241",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-425xx/CVE-2023-42502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42502",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T17:15:07.907",
"lastModified": "2023-11-30T09:15:07.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:01:54.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "B7CD7B20-D07E-4327-AA44-37ABCBA3E656"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45286.json
View File

@ -2,31 +2,102 @@
"id": "CVE-2023-45286",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-28T17:15:08.280",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:01:33.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body."
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en go-resty puede dar como resultado la divulgaci\u00f3n del cuerpo de la solicitud HTTP entre solicitudes. Esta condici\u00f3n se puede desencadenar llamando a sync.Pool.Put con el mismo *bytes.Buffer m\u00e1s de una vez, cuando los reintentos de solicitud est\u00e1n habilitados y se produce un reintento. La llamada a sync.Pool.Get devolver\u00e1 un bytes.Buffer al que no se le ha llamado bytes.Buffer.Reset. Este b\u00fafer sucio contendr\u00e1 el cuerpo de la solicitud HTTP de una solicitud no relacionada, y go-resty le agregar\u00e1 el cuerpo de la solicitud HTTP actual, enviando dos cuerpos en una solicitud. El sync.Pool en cuesti\u00f3n se define a nivel de paquete, por lo que un servidor completamente ajeno podr\u00eda recibir el cuerpo de la solicitud."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resty_project:resty:*:*:*:*:*:go:*:*",
"versionEndExcluding": "2.10.0",
"matchCriteriaId": "FCDCB97E-2E1F-415F-893C-3C4F3EC538E4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/go-resty/resty/issues/739",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/go-resty/resty/issues/743",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/go-resty/resty/pull/745",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2328",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-455xx/CVE-2023-45539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45539",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T20:15:07.817",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:32:37.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial o tener otro impacto no especificado tras una mala interpretaci\u00f3n de una regla path_end, como enrutar index.html#.png a un servidor est\u00e1tico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.2",
"matchCriteriaId": "7AF854C8-A9F6-4C2B-BB89-AD9B8A9F866C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

140
CVE-2023/CVE-2023-465xx/CVE-2023-46589.json
View File

@ -2,19 +2,56 @@
"id": "CVE-2023-46589",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T16:15:06.943",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:11:01.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M11\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M10, desde 10.1.0-M1 hasta 10.1.15, desde 9.0.0-M1 hasta 9.0.82 y desde 8.5.0 hasta 8.5 .95 no analiz\u00f3 correctamente los encabezados de las colas HTTP. Un encabezado de avance que exceda el l\u00edmite de tama\u00f1o del encabezado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que generar\u00eda la posibilidad de contrabando de solicitudes cuando se encuentre detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M11 en adelante, 10.1.16 en adelante, 9.0.83 en adelante o 8.5.96 en adelante, que solucionan el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -23,14 +60,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.96",
"matchCriteriaId": "867B2A31-53D8-4B64-8B39-E80A30218ADD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.83",
"matchCriteriaId": "D2DE147C-CBD1-456B-BD13-30BD0FDF3AB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.16",
"matchCriteriaId": "7CF88558-277F-4539-9B17-486E2ABE360C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-469xx/CVE-2023-46944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46944",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T22:15:06.937",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:39:27.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Un problema en GitKraken GitLens anterior a v.14.0.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en el componente de confianza del espacio de trabajo de Visual Studio Codes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitkraken:gitlens:*:*:*:*:*:visual_studio_code:*:*",
"versionEndExcluding": "14.0.0",
"matchCriteriaId": "19941443-90FE-46A6-B057-14792318CFAA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gitkraken/vscode-gitlens/commit/ee2a0c42a92d33059a39fd15fbbd5dd3d5ab6440",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

156
CVE-2023/CVE-2023-481xx/CVE-2023-48121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T19:15:07.340",
"lastModified": "2023-11-29T14:18:18.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:25:28.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,159 @@
"value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Direct Connection Module en Ezviz CS-C6N-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-CV310-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C6CN-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C3N-xxx anterior a v5.3.x compilaci\u00f3n 20230401 permite a atacantes remotos obtener informaci\u00f3n confidencial enviando mensajes manipulados a los dispositivos afectados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E67D11-B412-4EBB-BF79-EAE8BE4721C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "748FC543-B134-4B4D-B4D2-E14060C1A64B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9181568-193B-4BF7-9A11-B7A031065934"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E27881-67A5-4AA3-A6A3-D533BC51BD66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "733F085E-29B9-44C6-834F-9B13B95AECDB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9288594-76DC-4212-91AE-6A59F1F10310"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "264CF01C-CF57-457B-8433-B2CFD6CF25DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/911",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-488xx/CVE-2023-48848.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-48848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T17:15:08.417",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:05:42.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura de archivos arbitraria en ureport v2.2.9 permite a un atacante remoto leer archivos arbitrariamente en el servidor insertando una ruta manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ureport_project:ureport:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "10CADB94-5E0B-48FD-8430-516DAF5FD34C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/h00klod0er/ureport2-vuln/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

73
CVE-2023/CVE-2023-490xx/CVE-2023-49062.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-49062",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-11-28T16:15:07.023",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:46:20.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn\u2019t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f"
},
{
"lang": "es",
"value": "Katran podr\u00eda revelar memoria del kernel no inicializada como parte de un encabezado IP. El problema estaba presente en la encapsulaci\u00f3n IPv4 y en la generaci\u00f3n de paquetes ICMP (v4) Too Big. Despu\u00e9s de una llamada a bpf_xdp_adjust_head, el c\u00f3digo Katran no inicializ\u00f3 el campo de identificaci\u00f3n para el encabezado IPv4, lo que result\u00f3 en la escritura del contenido de la memoria del kernel en ese campo del encabezado IP. El problema afect\u00f3 a todas las versiones de Katran antes del commit 6a03106ac1eab39d0303662963589ecb2374c97f"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:katran:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-11-15",
"matchCriteriaId": "C62809AA-C0F4-4F93-B42B-431F9A0A1762"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/facebookincubator/katran/commit/6a03106ac1eab39d0303662963589ecb2374c97f",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.facebook.com/security/advisories/cve-2023-49062",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-493xx/CVE-2023-49313.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-49313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T15:15:07.710",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:04:54.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n dylib en XMachOViewer 0.04 permite a los atacantes comprometer la integridad. Al explotar esto, se puede inyectar c\u00f3digo no autorizado en los procesos del producto, lo que podr\u00eda provocar control remoto y acceso no autorizado a datos confidenciales del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:horsicq:xmachoviewer:0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "99A89E1A-DCB9-4D35-898E-87F336B22772"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/horsicq/XMachOViewer",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/louiselalanne/CVE-2023-49313",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-493xx/CVE-2023-49314.json
View File

@ -2,35 +2,118 @@
"id": "CVE-2023-49314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T15:15:07.770",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:02:47.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack."
},
{
"lang": "es",
"value": "Asana Desktop 2.1.0 en macOS permite la inyecci\u00f3n de c\u00f3digo gracias a Electron Fuses espec\u00edficos. Existe una protecci\u00f3n inadecuada contra la inyecci\u00f3n de c\u00f3digo a trav\u00e9s de configuraciones como RunAsNode y EnableNodeCliInspectArguments y, por lo tanto, se puede utilizar r3ggi/electroniz3r para realizar un ataque."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asana:desktop:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E24DCAF-4DF5-4EFD-B838-BEEA57FAE468"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://asana.com/pt/download",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/electron/fuses",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/louiselalanne/CVE-2023-49314",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/r3ggi/electroniz3r",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
}
]
}

108
CVE-2023/CVE-2023-59xx/CVE-2023-5981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5981",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-28T12:15:07.040",
"lastModified": "2023-11-28T14:15:07.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:40:21.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,86 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5981",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-61xx/CVE-2023-6150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6150",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-28T10:15:07.397",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:56:53.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eskom:e-belediye:*:*:*:*:*:*:*:*",
"versionEndExcluding": "105",
"matchCriteriaId": "E8A616C3-ECA8-4D72-8279-08835A3704FE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0664",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-61xx/CVE-2023-6151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6151",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-28T10:15:07.610",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:56:17.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eskom:e-belediye:*:*:*:*:*:*:*:*",
"versionEndExcluding": "105",
"matchCriteriaId": "E8A616C3-ECA8-4D72-8279-08835A3704FE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0664",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-62xx/CVE-2023-6201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6201",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-28T12:15:07.443",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:29:50.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:univera:panorama:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0",
"matchCriteriaId": "AE8CA235-8CB3-4DFC-9B3B-A84546BACA8F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0665",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-62xx/CVE-2023-6239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6239",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-28T14:15:07.697",
"lastModified": "2023-11-30T16:15:11.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T19:06:20.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -50,10 +80,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.11",
"versionEndExcluding": "23.11.13168.7",
"matchCriteriaId": "B408AD46-F3C1-4147-BFF2-49AC79E16427"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:m-files_server:23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E287ED-BA4E-4D59-8C0A-BAB5BD37AF82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:m-files_server:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E279BB5-D202-4D95-BDE6-586BE204B101"
}
]
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239/",
"source": "security@m-files.com"
"source": "security@m-files.com",
"tags": [
"Broken Link"
]
}
]
}

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-04T19:00:18.495838+00:00
2023-12-04T21:00:18.770109+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-04T18:58:39.287000+00:00
2023-12-04T19:59:51.297000+00:00
```
### Last Data Feed Release
@ -34,41 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `0`
* [CVE-2023-48910](CVE-2023/CVE-2023-489xx/CVE-2023-48910.json) (`2023-12-04T17:15:07.137`)
* [CVE-2023-48967](CVE-2023/CVE-2023-489xx/CVE-2023-48967.json) (`2023-12-04T17:15:07.190`)
### CVEs modified in the last Commit
Recently modified CVEs: `43`
Recently modified CVEs: `25`
* [CVE-2023-5797](CVE-2023/CVE-2023-57xx/CVE-2023-5797.json) (`2023-12-04T18:01:55.800`)
* [CVE-2023-5650](CVE-2023/CVE-2023-56xx/CVE-2023-5650.json) (`2023-12-04T18:02:41.510`)
* [CVE-2023-4398](CVE-2023/CVE-2023-43xx/CVE-2023-4398.json) (`2023-12-04T18:04:39.363`)
* [CVE-2023-4397](CVE-2023/CVE-2023-43xx/CVE-2023-4397.json) (`2023-12-04T18:05:04.100`)
* [CVE-2023-37926](CVE-2023/CVE-2023-379xx/CVE-2023-37926.json) (`2023-12-04T18:08:43.703`)
* [CVE-2023-37925](CVE-2023/CVE-2023-379xx/CVE-2023-37925.json) (`2023-12-04T18:09:07.153`)
* [CVE-2023-35139](CVE-2023/CVE-2023-351xx/CVE-2023-35139.json) (`2023-12-04T18:09:27.617`)
* [CVE-2023-35136](CVE-2023/CVE-2023-351xx/CVE-2023-35136.json) (`2023-12-04T18:09:37.583`)
* [CVE-2023-48034](CVE-2023/CVE-2023-480xx/CVE-2023-48034.json) (`2023-12-04T18:11:26.057`)
* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-12-04T18:30:56.670`)
* [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-04T18:31:04.347`)
* [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-04T18:31:26.617`)
* [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-04T18:32:03.803`)
* [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-04T18:32:49.137`)
* [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-04T18:33:10.530`)
* [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-04T18:33:32.667`)
* [CVE-2023-43015](CVE-2023/CVE-2023-430xx/CVE-2023-43015.json) (`2023-12-04T18:33:42.547`)
* [CVE-2023-38268](CVE-2023/CVE-2023-382xx/CVE-2023-38268.json) (`2023-12-04T18:33:51.837`)
* [CVE-2023-42504](CVE-2023/CVE-2023-425xx/CVE-2023-42504.json) (`2023-12-04T18:44:20.847`)
* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-12-04T18:46:54.517`)
* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-12-04T18:50:46.923`)
* [CVE-2023-40056](CVE-2023/CVE-2023-400xx/CVE-2023-40056.json) (`2023-12-04T18:51:22.073`)
* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-12-04T18:57:35.040`)
* [CVE-2023-6226](CVE-2023/CVE-2023-62xx/CVE-2023-6226.json) (`2023-12-04T18:58:04.080`)
* [CVE-2023-42505](CVE-2023/CVE-2023-425xx/CVE-2023-42505.json) (`2023-12-04T18:58:39.287`)
* [CVE-2022-41678](CVE-2022/CVE-2022-416xx/CVE-2022-41678.json) (`2023-12-04T19:08:39.233`)
* [CVE-2023-45286](CVE-2023/CVE-2023-452xx/CVE-2023-45286.json) (`2023-12-04T19:01:33.467`)
* [CVE-2023-42502](CVE-2023/CVE-2023-425xx/CVE-2023-42502.json) (`2023-12-04T19:01:54.147`)
* [CVE-2023-49314](CVE-2023/CVE-2023-493xx/CVE-2023-49314.json) (`2023-12-04T19:02:47.373`)
* [CVE-2023-49313](CVE-2023/CVE-2023-493xx/CVE-2023-49313.json) (`2023-12-04T19:04:54.647`)
* [CVE-2023-48848](CVE-2023/CVE-2023-488xx/CVE-2023-48848.json) (`2023-12-04T19:05:42.390`)
* [CVE-2023-6239](CVE-2023/CVE-2023-62xx/CVE-2023-6239.json) (`2023-12-04T19:06:20.213`)
* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-12-04T19:11:01.663`)
* [CVE-2023-41264](CVE-2023/CVE-2023-412xx/CVE-2023-41264.json) (`2023-12-04T19:17:54.180`)
* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-12-04T19:20:46.467`)
* [CVE-2023-48121](CVE-2023/CVE-2023-481xx/CVE-2023-48121.json) (`2023-12-04T19:25:28.723`)
* [CVE-2023-6201](CVE-2023/CVE-2023-62xx/CVE-2023-6201.json) (`2023-12-04T19:29:50.227`)
* [CVE-2023-45539](CVE-2023/CVE-2023-455xx/CVE-2023-45539.json) (`2023-12-04T19:32:37.217`)
* [CVE-2023-46944](CVE-2023/CVE-2023-469xx/CVE-2023-46944.json) (`2023-12-04T19:39:27.447`)
* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2023-12-04T19:40:21.277`)
* [CVE-2023-49062](CVE-2023/CVE-2023-490xx/CVE-2023-49062.json) (`2023-12-04T19:46:20.953`)
* [CVE-2023-42004](CVE-2023/CVE-2023-420xx/CVE-2023-42004.json) (`2023-12-04T19:46:40.343`)
* [CVE-2023-29061](CVE-2023/CVE-2023-290xx/CVE-2023-29061.json) (`2023-12-04T19:52:25.550`)
* [CVE-2023-29062](CVE-2023/CVE-2023-290xx/CVE-2023-29062.json) (`2023-12-04T19:55:58.290`)
* [CVE-2023-6151](CVE-2023/CVE-2023-61xx/CVE-2023-6151.json) (`2023-12-04T19:56:17.810`)
* [CVE-2023-6150](CVE-2023/CVE-2023-61xx/CVE-2023-6150.json) (`2023-12-04T19:56:53.050`)
* [CVE-2023-29063](CVE-2023/CVE-2023-290xx/CVE-2023-29063.json) (`2023-12-04T19:57:56.117`)
* [CVE-2023-34055](CVE-2023/CVE-2023-340xx/CVE-2023-34055.json) (`2023-12-04T19:58:14.227`)
* [CVE-2023-34054](CVE-2023/CVE-2023-340xx/CVE-2023-34054.json) (`2023-12-04T19:59:30.713`)
* [CVE-2023-34053](CVE-2023/CVE-2023-340xx/CVE-2023-34053.json) (`2023-12-04T19:59:51.297`)
## Download and Usage