From df61b9e04ab495d9fd636f91f717758eff0a4665 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 13 Dec 2023 09:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-12-13T09:00:27.014102+00:00 --- CVE-2020/CVE-2020-277xx/CVE-2020-27792.json | 4 +- CVE-2022/CVE-2022-274xx/CVE-2022-27488.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36639.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-407xx/CVE-2023-40716.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41673.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41678.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41844.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-455xx/CVE-2023-45587.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-457xx/CVE-2023-45725.json | 36 +++++++++++ CVE-2023/CVE-2023-466xx/CVE-2023-46671.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-466xx/CVE-2023-46675.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-467xx/CVE-2023-46713.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-468xx/CVE-2023-46847.json | 4 +- CVE-2023/CVE-2023-468xx/CVE-2023-46848.json | 6 +- CVE-2023/CVE-2023-472xx/CVE-2023-47262.json | 6 +- CVE-2023/CVE-2023-475xx/CVE-2023-47536.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-487xx/CVE-2023-48782.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-487xx/CVE-2023-48791.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-49xx/CVE-2023-4910.json | 6 +- CVE-2023/CVE-2023-49xx/CVE-2023-4956.json | 6 +- CVE-2023/CVE-2023-50xx/CVE-2023-5090.json | 6 +- CVE-2023/CVE-2023-58xx/CVE-2023-5824.json | 4 +- CVE-2023/CVE-2023-58xx/CVE-2023-5871.json | 6 +- CVE-2023/CVE-2023-62xx/CVE-2023-6238.json | 6 +- CVE-2023/CVE-2023-63xx/CVE-2023-6377.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-63xx/CVE-2023-6394.json | 6 +- CVE-2023/CVE-2023-64xx/CVE-2023-6478.json | 67 +++++++++++++++++++++ README.md | 39 +++++++++--- 28 files changed, 947 insertions(+), 37 deletions(-) create mode 100644 CVE-2022/CVE-2022-274xx/CVE-2022-27488.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36639.json create mode 100644 CVE-2023/CVE-2023-407xx/CVE-2023-40716.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41673.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41678.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41844.json create mode 100644 CVE-2023/CVE-2023-455xx/CVE-2023-45587.json create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45725.json create mode 100644 CVE-2023/CVE-2023-466xx/CVE-2023-46671.json create mode 100644 CVE-2023/CVE-2023-466xx/CVE-2023-46675.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46713.json create mode 100644 CVE-2023/CVE-2023-475xx/CVE-2023-47536.json create mode 100644 CVE-2023/CVE-2023-487xx/CVE-2023-48782.json create mode 100644 CVE-2023/CVE-2023-487xx/CVE-2023-48791.json create mode 100644 CVE-2023/CVE-2023-63xx/CVE-2023-6377.json create mode 100644 CVE-2023/CVE-2023-64xx/CVE-2023-6478.json diff --git a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json index 6bcb97f9f1d..627c56c7808 100644 --- a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json +++ b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json @@ -2,7 +2,7 @@ "id": "CVE-2020-27792", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-19T23:15:08.303", - "lastModified": "2023-12-13T06:15:42.483", + "lastModified": "2023-12-13T07:15:07.520", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-122" } ] } diff --git a/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json b/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json new file mode 100644 index 00000000000..fca5584c4a1 --- /dev/null +++ b/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-27488", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:10.910", + "lastModified": "2023-12-13T07:15:10.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-038", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36639.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36639.json new file mode 100644 index 00000000000..a61f3c2a37d --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36639.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36639", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:12.900", + "lastModified": "2023-12-13T07:15:12.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-138", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json new file mode 100644 index 00000000000..1439c8e2fe1 --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40716.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40716", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:14.223", + "lastModified": "2023-12-13T07:15:14.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] \u00a0in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-22-345", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json new file mode 100644 index 00000000000..3286deb96a2 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41673.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41673", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:15.860", + "lastModified": "2023-12-13T07:15:15.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-270", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json new file mode 100644 index 00000000000..b05e964608a --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41678.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41678", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:17.317", + "lastModified": "2023-12-13T07:15:17.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-196", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json new file mode 100644 index 00000000000..9dd3a72116a --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41844.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41844", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:18.887", + "lastModified": "2023-12-13T07:15:18.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-214", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json new file mode 100644 index 00000000000..8bd507ac0dd --- /dev/null +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45587.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45587", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:20.363", + "lastModified": "2023-12-13T07:15:20.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-360", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45725.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45725.json new file mode 100644 index 00000000000..224bcc6546f --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45725.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-45725", + "sourceIdentifier": "security@apache.org", + "published": "2023-12-13T08:15:50.190", + "lastModified": "2023-12-13T08:15:50.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.\n\nThese design document functions are:\n * \u00a0 list\n * \u00a0 show\n * \u00a0 rewrite\n * \u00a0 update\n\nAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.\n\nFor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46671.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46671.json new file mode 100644 index 00000000000..7ef77f9e140 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46671.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46671", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-12-13T07:15:22.013", + "lastModified": "2023-12-13T07:15:22.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46675.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46675.json new file mode 100644 index 00000000000..30456e60c8b --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46675.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46675", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-12-13T07:15:23.077", + "lastModified": "2023-12-13T07:15:23.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46713.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46713.json new file mode 100644 index 00000000000..a92e70fc541 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46713.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46713", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:24.547", + "lastModified": "2023-12-13T07:15:24.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-117" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-256", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json index 5203bb38711..19ef340d84c 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46847", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-03T08:15:08.023", - "lastModified": "2023-11-30T22:15:08.707", + "lastModified": "2023-12-13T08:15:50.407", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-122" + "value": "CWE-120" } ] } diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json index 9090af0096a..6c6d879c412 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46848", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-03T08:15:08.117", - "lastModified": "2023-11-13T20:03:23.447", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:50.683", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-681" } ] } diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json index eaab1020e56..1be1494b3eb 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json @@ -2,12 +2,12 @@ "id": "CVE-2023-47262", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T16:15:27.613", - "lastModified": "2023-11-20T17:07:54.130", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T07:15:26.120", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port." + "value": "The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47536.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47536.json new file mode 100644 index 00000000000..5d491fa0f93 --- /dev/null +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47536.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47536", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T08:15:50.920", + "lastModified": "2023-12-13T08:15:50.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-432", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json new file mode 100644 index 00000000000..71d9455e264 --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48782.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48782", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:27.480", + "lastModified": "2023-12-13T07:15:27.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-450", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json new file mode 100644 index 00000000000..4389bb0f74c --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48791.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48791", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-12-13T07:15:28.980", + "lastModified": "2023-12-13T07:15:28.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-425", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json index 85276a42f19..40d89f79fe3 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4910", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T13:15:10.033", - "lastModified": "2023-11-14T17:53:11.690", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:51.190", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-525" + "value": "CWE-668" } ] } diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4956.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4956.json index 7bb61b32ad6..dd79241d10c 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4956.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4956.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4956", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-07T20:15:08.970", - "lastModified": "2023-11-15T15:40:02.737", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:51.330", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-451" + "value": "CWE-1021" } ] } diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json index 12d9e6e57e3..37c172787ab 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5090", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-06T11:15:09.670", - "lastModified": "2023-11-14T17:01:37.363", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:51.483", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-703" + "value": "CWE-755" } ] } diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json index 87198324427..79a644bf246 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5824", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-03T08:15:08.270", - "lastModified": "2023-12-12T05:15:07.970", + "lastModified": "2023-12-13T08:15:51.617", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-755" } ] } diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5871.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5871.json index abb0bcbe1ae..2ad0ebb846d 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5871.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5871.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5871", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-27T12:15:07.940", - "lastModified": "2023-12-11T19:33:57.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:52.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-671" } ] } diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json index c7b0b05c9f2..4775f321466 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6238", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-21T21:15:09.273", - "lastModified": "2023-11-29T02:31:23.327", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:52.337", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-120" } ] } diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6377.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6377.json new file mode 100644 index 00000000000..ecfbfff55dc --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6377.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-6377", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-13T07:15:30.030", + "lastModified": "2023-12-13T07:15:30.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6377", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253291", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json index 201d837c20d..080b8fc568a 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6394.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6394", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-09T02:15:06.747", - "lastModified": "2023-12-12T22:35:02.730", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-13T08:15:52.493", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-696" + "value": "CWE-862" } ] } diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6478.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6478.json new file mode 100644 index 00000000000..97a3b09e468 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6478.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-6478", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-13T07:15:31.213", + "lastModified": "2023-12-13T07:15:31.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6478", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b925af2d09a..0f640d81200 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-13T07:00:18.442059+00:00 +2023-12-13T09:00:27.014102+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-13T06:15:42.483000+00:00 +2023-12-13T08:15:52.493000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232938 +232954 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `16` +* [CVE-2022-27488](CVE-2022/CVE-2022-274xx/CVE-2022-27488.json) (`2023-12-13T07:15:10.910`) +* [CVE-2023-36639](CVE-2023/CVE-2023-366xx/CVE-2023-36639.json) (`2023-12-13T07:15:12.900`) +* [CVE-2023-40716](CVE-2023/CVE-2023-407xx/CVE-2023-40716.json) (`2023-12-13T07:15:14.223`) +* [CVE-2023-41673](CVE-2023/CVE-2023-416xx/CVE-2023-41673.json) (`2023-12-13T07:15:15.860`) +* [CVE-2023-41678](CVE-2023/CVE-2023-416xx/CVE-2023-41678.json) (`2023-12-13T07:15:17.317`) +* [CVE-2023-41844](CVE-2023/CVE-2023-418xx/CVE-2023-41844.json) (`2023-12-13T07:15:18.887`) +* [CVE-2023-45587](CVE-2023/CVE-2023-455xx/CVE-2023-45587.json) (`2023-12-13T07:15:20.363`) +* [CVE-2023-46671](CVE-2023/CVE-2023-466xx/CVE-2023-46671.json) (`2023-12-13T07:15:22.013`) +* [CVE-2023-46675](CVE-2023/CVE-2023-466xx/CVE-2023-46675.json) (`2023-12-13T07:15:23.077`) +* [CVE-2023-46713](CVE-2023/CVE-2023-467xx/CVE-2023-46713.json) (`2023-12-13T07:15:24.547`) +* [CVE-2023-48782](CVE-2023/CVE-2023-487xx/CVE-2023-48782.json) (`2023-12-13T07:15:27.480`) +* [CVE-2023-48791](CVE-2023/CVE-2023-487xx/CVE-2023-48791.json) (`2023-12-13T07:15:28.980`) +* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-13T07:15:30.030`) +* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-13T07:15:31.213`) +* [CVE-2023-45725](CVE-2023/CVE-2023-457xx/CVE-2023-45725.json) (`2023-12-13T08:15:50.190`) +* [CVE-2023-47536](CVE-2023/CVE-2023-475xx/CVE-2023-47536.json) (`2023-12-13T08:15:50.920`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `11` -* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-13T06:15:42.483`) -* [CVE-2022-33324](CVE-2022/CVE-2022-333xx/CVE-2022-33324.json) (`2023-12-13T05:15:07.773`) +* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-13T07:15:07.520`) +* [CVE-2023-47262](CVE-2023/CVE-2023-472xx/CVE-2023-47262.json) (`2023-12-13T07:15:26.120`) +* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-12-13T08:15:50.407`) +* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-12-13T08:15:50.683`) +* [CVE-2023-4910](CVE-2023/CVE-2023-49xx/CVE-2023-4910.json) (`2023-12-13T08:15:51.190`) +* [CVE-2023-4956](CVE-2023/CVE-2023-49xx/CVE-2023-4956.json) (`2023-12-13T08:15:51.330`) +* [CVE-2023-5090](CVE-2023/CVE-2023-50xx/CVE-2023-5090.json) (`2023-12-13T08:15:51.483`) +* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-12-13T08:15:51.617`) +* [CVE-2023-5871](CVE-2023/CVE-2023-58xx/CVE-2023-5871.json) (`2023-12-13T08:15:52.103`) +* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2023-12-13T08:15:52.337`) +* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-13T08:15:52.493`) ## Download and Usage