admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-13T09:00:27.014102+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-13 09:00:30 +00:00
parent 1a0cd3a524
commit df61b9e04a
28 changed files with 947 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-277xx/CVE-2020-27792.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-27792",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-08-19T23:15:08.303",
"lastModified": "2023-12-13T06:15:42.483",
"lastModified": "2023-12-13T07:15:07.520",
"vulnStatus": "Modified",
"descriptions": [
{
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-122"
}
]
}

55
CVE-2022/CVE-2022-274xx/CVE-2022-27488.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-27488",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:10.910",
"lastModified": "2023-12-13T07:15:10.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-038",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36639.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36639",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:12.900",
"lastModified": "2023-12-13T07:15:12.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-138",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-407xx/CVE-2023-40716.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40716",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:14.223",
"lastModified": "2023-12-13T07:15:14.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] \u00a0in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-345",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41673.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41673",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:15.860",
"lastModified": "2023-12-13T07:15:15.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-270",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41678.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41678",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:17.317",
"lastModified": "2023-12-13T07:15:17.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-196",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41844.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41844",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:18.887",
"lastModified": "2023-12-13T07:15:18.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-214",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45587.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45587",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:20.363",
"lastModified": "2023-12-13T07:15:20.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-360",
"source": "psirt@fortinet.com"
}
]
}

36
CVE-2023/CVE-2023-457xx/CVE-2023-45725.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-45725",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-13T08:15:50.190",
"lastModified": "2023-12-13T08:15:50.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-466xx/CVE-2023-46671.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46671",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:22.013",
"lastModified": "2023-12-13T07:15:22.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149",
"source": "bressers@elastic.co"
}
]
}

55
CVE-2023/CVE-2023-466xx/CVE-2023-46675.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46675",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-13T07:15:23.077",
"lastModified": "2023-12-13T07:15:23.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2",
"source": "bressers@elastic.co"
}
]
}

55
CVE-2023/CVE-2023-467xx/CVE-2023-46713.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46713",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:24.547",
"lastModified": "2023-12-13T07:15:24.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-256",
"source": "psirt@fortinet.com"
}
]
}

4
CVE-2023/CVE-2023-468xx/CVE-2023-46847.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46847",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.023",
"lastModified": "2023-11-30T22:15:08.707",
"lastModified": "2023-12-13T08:15:50.407",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-120"
}
]
}

6
CVE-2023/CVE-2023-468xx/CVE-2023-46848.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46848",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.117",
"lastModified": "2023-11-13T20:03:23.447",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:50.683",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-681"
}
]
}

6
CVE-2023/CVE-2023-472xx/CVE-2023-47262.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-47262",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T16:15:27.613",
"lastModified": "2023-11-20T17:07:54.130",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T07:15:26.120",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port."
"value": "The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit."
},
{
"lang": "es",

55
CVE-2023/CVE-2023-475xx/CVE-2023-47536.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47536",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T08:15:50.920",
"lastModified": "2023-12-13T08:15:50.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-432",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48782.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48782",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:27.480",
"lastModified": "2023-12-13T07:15:27.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-450",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48791",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:28.980",
"lastModified": "2023-12-13T07:15:28.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-425",
"source": "psirt@fortinet.com"
}
]
}

6
CVE-2023/CVE-2023-49xx/CVE-2023-4910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4910",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T13:15:10.033",
"lastModified": "2023-11-14T17:53:11.690",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:51.190",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-525"
"value": "CWE-668"
}
]
}

6
CVE-2023/CVE-2023-49xx/CVE-2023-4956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4956",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-07T20:15:08.970",
"lastModified": "2023-11-15T15:40:02.737",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:51.330",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-451"
"value": "CWE-1021"
}
]
}

6
CVE-2023/CVE-2023-50xx/CVE-2023-5090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5090",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T11:15:09.670",
"lastModified": "2023-11-14T17:01:37.363",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:51.483",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-703"
"value": "CWE-755"
}
]
}

4
CVE-2023/CVE-2023-58xx/CVE-2023-5824.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5824",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.270",
"lastModified": "2023-12-12T05:15:07.970",
"lastModified": "2023-12-13T08:15:51.617",
"vulnStatus": "Modified",
"descriptions": [
{
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-755"
}
]
}

6
CVE-2023/CVE-2023-58xx/CVE-2023-5871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5871",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-27T12:15:07.940",
"lastModified": "2023-12-11T19:33:57.477",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:52.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-671"
}
]
}

6
CVE-2023/CVE-2023-62xx/CVE-2023-6238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6238",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-21T21:15:09.273",
"lastModified": "2023-11-29T02:31:23.327",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:52.337",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-120"
}
]
}

67
CVE-2023/CVE-2023-63xx/CVE-2023-6377.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-6377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:30.030",
"lastModified": "2023-12-13T07:15:30.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6377",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253291",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-63xx/CVE-2023-6394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6394",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-09T02:15:06.747",
"lastModified": "2023-12-12T22:35:02.730",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-13T08:15:52.493",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-696"
"value": "CWE-862"
}
]
}

67
CVE-2023/CVE-2023-64xx/CVE-2023-6478.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-6478",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-13T07:15:31.213",
"lastModified": "2023-12-13T07:15:31.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6478",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html",
"source": "secalert@redhat.com"
}
]
}

39
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-13T07:00:18.442059+00:00
2023-12-13T09:00:27.014102+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-13T06:15:42.483000+00:00
2023-12-13T08:15:52.493000+00:00
```
### Last Data Feed Release
@ -29,21 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232938
232954
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `16`
* [CVE-2022-27488](CVE-2022/CVE-2022-274xx/CVE-2022-27488.json) (`2023-12-13T07:15:10.910`)
* [CVE-2023-36639](CVE-2023/CVE-2023-366xx/CVE-2023-36639.json) (`2023-12-13T07:15:12.900`)
* [CVE-2023-40716](CVE-2023/CVE-2023-407xx/CVE-2023-40716.json) (`2023-12-13T07:15:14.223`)
* [CVE-2023-41673](CVE-2023/CVE-2023-416xx/CVE-2023-41673.json) (`2023-12-13T07:15:15.860`)
* [CVE-2023-41678](CVE-2023/CVE-2023-416xx/CVE-2023-41678.json) (`2023-12-13T07:15:17.317`)
* [CVE-2023-41844](CVE-2023/CVE-2023-418xx/CVE-2023-41844.json) (`2023-12-13T07:15:18.887`)
* [CVE-2023-45587](CVE-2023/CVE-2023-455xx/CVE-2023-45587.json) (`2023-12-13T07:15:20.363`)
* [CVE-2023-46671](CVE-2023/CVE-2023-466xx/CVE-2023-46671.json) (`2023-12-13T07:15:22.013`)
* [CVE-2023-46675](CVE-2023/CVE-2023-466xx/CVE-2023-46675.json) (`2023-12-13T07:15:23.077`)
* [CVE-2023-46713](CVE-2023/CVE-2023-467xx/CVE-2023-46713.json) (`2023-12-13T07:15:24.547`)
* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-13T07:15:27.480`)
* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-13T07:15:28.980`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T07:15:30.030`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T07:15:31.213`)
* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-13T08:15:50.190`)
* [CVE-2023-47536](CVE-2023/CVE-2023-475xx/CVE-2023-47536.json) (`2023-12-13T08:15:50.920`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `11`
* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-13T06:15:42.483`)
* [CVE-2022-33324](CVE-2022/CVE-2022-333xx/CVE-2022-33324.json) (`2023-12-13T05:15:07.773`)
* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-13T07:15:07.520`)
* [CVE-2023-47262](CVE-2023/CVE-2023-472xx/CVE-2023-47262.json) (`2023-12-13T07:15:26.120`)
* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-12-13T08:15:50.407`)
* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-12-13T08:15:50.683`)
* [CVE-2023-4910](CVE-2023/CVE-2023-49xx/CVE-2023-4910.json) (`2023-12-13T08:15:51.190`)
* [CVE-2023-4956](CVE-2023/CVE-2023-49xx/CVE-2023-4956.json) (`2023-12-13T08:15:51.330`)
* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-12-13T08:15:51.483`)
* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-12-13T08:15:51.617`)
* [CVE-2023-5871](CVE-2023/CVE-2023-58xx/CVE-2023-5871.json) (`2023-12-13T08:15:52.103`)
* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2023-12-13T08:15:52.337`)
* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-13T08:15:52.493`)
## Download and Usage