admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-21T15:00:17.177583+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-21 15:00:20 +00:00
parent 7d2f2b0069
commit f608d3a524
21 changed files with 534 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-214xx/CVE-2023-21416.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-21416",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-11-21T07:15:08.890",
"lastModified": "2023-11-21T07:15:08.890",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n\n"
},
{
"lang": "es",
"value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX din\u00e1micaoverlay.cgi era vulnerable a un ataque de Denegaci\u00f3n de Servicio que permit\u00eda a un atacante bloquear el acceso a la p\u00e1gina de configuraci\u00f3n superpuesta en la interfaz web del dispositivo Axis. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador; sin embargo, el impacto es igual. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-214xx/CVE-2023-21417.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-21417",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-11-21T07:15:09.283",
"lastModified": "2023-11-21T07:15:09.283",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program,\n\nhas found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges.\n Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n\n\n\n"
},
{
"lang": "es",
"value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX enableoverlayimage.cgi era vulnerable a ataques de path traversal que permiten la eliminaci\u00f3n de archivos/carpetas. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con las cuentas de servicio del operador y se limita a archivos que no pertenecen al sistema en comparaci\u00f3n con los privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-214xx/CVE-2023-21418.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-21418",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-11-21T07:15:09.583",
"lastModified": "2023-11-21T07:15:09.583",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n\n\n\n"
},
{
"lang": "es",
"value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX irissetup.cgi era vulnerable a ataques de path traversal que permit\u00edan la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con las cuentas de servicio del operador y se limita a archivos que no pertenecen al sistema en comparaci\u00f3n con los privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

4
CVE-2023/CVE-2023-288xx/CVE-2023-28802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28802",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-11-21T11:15:08.633",
"lastModified": "2023-11-21T11:15:08.633",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-358xx/CVE-2023-35887.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35887",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-10T16:15:53.050",
"lastModified": "2023-07-21T19:23:22.143",
"lastModified": "2023-11-21T14:38:55.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,10 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.10.0",
"matchCriteriaId": "FACA622E-E960-457C-9D9B-11D782E806F3"
"versionEndExcluding": "2.9.3",
"matchCriteriaId": "6975BA01-F3B2-4A87-8BC6-74109C5BA3B0"
}
]
}

8
CVE-2023/CVE-2023-41xx/CVE-2023-4149.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4149",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-11-21T07:15:10.093",
"lastModified": "2023-11-21T07:15:10.093",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la administraci\u00f3n basada en web permite a un atacante remoto no autenticado inyectar comandos arbitrarios del sistema y obtener control total del sistema. Esos comandos se ejecutan con privilegios de root. La vulnerabilidad se encuentra en el manejo de solicitudes de usuario de la administraci\u00f3n basada en web."
}
],
"metrics": {

71
CVE-2023/CVE-2023-428xx/CVE-2023-42813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.473",
"lastModified": "2023-11-14T19:15:31.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T14:00:57.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nirmata:kyverno:1.11.0:-:*:*:*:go:*:*",
"matchCriteriaId": "60D64C55-D7D4-4EAC-8A8F-2611CABBECDA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/pull/8428",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-wc3x-5rfv-hh5v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-428xx/CVE-2023-42814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42814",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.730",
"lastModified": "2023-11-14T19:15:31.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T14:00:52.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nirmata:kyverno:1.11.0:-:*:*:*:go:*:*",
"matchCriteriaId": "60D64C55-D7D4-4EAC-8A8F-2611CABBECDA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/pull/8428",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-9g37-h7p2-2c6r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-428xx/CVE-2023-42815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.940",
"lastModified": "2023-11-14T19:15:31.243",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T13:51:52.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nirmata:kyverno:1.11.0:-:*:*:*:go:*:*",
"matchCriteriaId": "60D64C55-D7D4-4EAC-8A8F-2611CABBECDA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/pull/8428",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-428xx/CVE-2023-42816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42816",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:08.127",
"lastModified": "2023-11-14T19:15:31.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T13:55:36.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nirmata:kyverno:1.11.0:-:*:*:*:go:*:*",
"matchCriteriaId": "60D64C55-D7D4-4EAC-8A8F-2611CABBECDA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/pull/8428",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-435xx/CVE-2023-43590.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43590",
"sourceIdentifier": "security@zoom.us",
"published": "2023-11-15T00:15:09.050",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T13:58:05.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.\n"
},
{
"lang": "es",
"value": "El seguimiento de enlaces en Zoom Rooms para macOS anteriores a la versi\u00f3n 5.16.0 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-439xx/CVE-2023-43979.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43979",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T01:15:07.760",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-21T14:07:31.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que ETS Soft ybc_blog anterior a v4.4.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente Ybc_blogBlogModuleFrontController::getPosts()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestahero:ybc_blog:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "4.4.0",
"matchCriteriaId": "5597A3AA-5DB6-49AC-8E3B-F245453CA8F9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/14/ybc_blog.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-44xx/CVE-2023-4424.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4424",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-11-21T07:15:10.557",
"lastModified": "2023-11-21T07:15:10.557",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device."
},
{
"lang": "es",
"value": "Un dispositivo BLE malicioso puede provocar un desbordamiento del b\u00fafer al enviar un paquete publicitario con formato incorrecto al dispositivo BLE utilizando Zephyr OS, lo que provoca DoS o un posible RCE en el dispositivo BLE v\u00edctima."
}
],
"metrics": {

8
CVE-2023/CVE-2023-458xx/CVE-2023-45886.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-21T06:15:42.450",
"lastModified": "2023-11-21T06:15:42.450",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute."
},
{
"lang": "es",
"value": "BGP daemon (bgpd) en IP Infusion ZebOS hasta 7.10.6 permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio enviando mensajes de actualizaci\u00f3n de BGP manipulados que contienen un atributo con formato incorrecto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-469xx/CVE-2023-46935.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46935",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-21T07:15:09.967",
"lastModified": "2023-11-21T07:15:09.967",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users."
},
{
"lang": "es",
"value": "eyoucms v1.6.4 es vulnerable a Cross Site Scripting (XSS), lo que puede conducir al robo de informaci\u00f3n confidencial de los usuarios que han iniciado sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-55xx/CVE-2023-5553.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5553",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-11-21T07:15:11.180",
"lastModified": "2023-11-21T07:15:11.180",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n"
},
{
"lang": "es",
"value": "Durante el modelado de amenazas interno en Axis Security Development Model (ASDM), se encontr\u00f3 una falla en la protecci\u00f3n contra manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) en el sistema operativo AXIS, lo que lo hace vulnerable a un ataque sofisticado para eludir esta protecci\u00f3n. Hasta donde sabe Axis, no se conocen explotaciones de esta vulnerabilidad en este momento. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-55xx/CVE-2023-5598.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5598",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-11-21T10:15:07.900",
"lastModified": "2023-11-21T10:15:07.900",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site Scripting (XSS) vulnerabilities\u00c2\u00a0affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
},
{
"lang": "es",
"value": "Vulnerabilidades de Cross-site Scripting (XSS) Almacenadas que afectan a 3DSwym en 3DSwymer desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2023x permiten a un atacante ejecutar c\u00f3digo script arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-55xx/CVE-2023-5599.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5599",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-11-21T10:15:08.210",
"lastModified": "2023-11-21T10:15:08.210",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-site Scripting (XSS) Almacenada que afecta a 3DDashboard en 3DSwymer desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2023x permite a un atacante ejecutar c\u00f3digo scritp arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5776.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5776",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-21T09:15:07.467",
"lastModified": "2023-11-21T09:15:07.467",
"vulnStatus": "Received",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Post Meta Data Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.2.1 incluida. Esto se debe a que falta la validaci\u00f3n nonce en las funciones pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta y pmdm_wp_delete_user_meta. Esto hace posible que atacantes no autenticados eliminen usuarios, t\u00e9rminos y publicaciones meta arbitrarios a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

55
CVE-2023/CVE-2023-62xx/CVE-2023-6235.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6235",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-21T13:15:07.343",
"lastModified": "2023-11-21T14:08:14.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\\Users\\user\\AppData\\Local\\Microsoft\\WindowsApps\\ directory, which could lead to the execution and persistence of arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display",
"source": "cve-coordination@incibe.es"
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-21T13:00:18.592076+00:00
2023-11-21T15:00:17.177583+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-21T11:15:09.537000+00:00
2023-11-21T14:38:55.627000+00:00
```
### Last Data Feed Release
@ -29,23 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231204
231205
```
### CVEs added in the last Commit
Recently added CVEs: `1`
* [CVE-2023-28802](CVE-2023/CVE-2023-288xx/CVE-2023-28802.json) (`2023-11-21T11:15:08.633`)
* [CVE-2023-6235](CVE-2023/CVE-2023-62xx/CVE-2023-6235.json) (`2023-11-21T13:15:07.343`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `19`
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-21T11:15:09.253`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-21T11:15:09.420`)
* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-21T11:15:09.537`)
* [CVE-2023-42815](CVE-2023/CVE-2023-428xx/CVE-2023-42815.json) (`2023-11-21T13:51:52.103`)
* [CVE-2023-42816](CVE-2023/CVE-2023-428xx/CVE-2023-42816.json) (`2023-11-21T13:55:36.270`)
* [CVE-2023-43590](CVE-2023/CVE-2023-435xx/CVE-2023-43590.json) (`2023-11-21T13:58:05.920`)
* [CVE-2023-42814](CVE-2023/CVE-2023-428xx/CVE-2023-42814.json) (`2023-11-21T14:00:52.860`)
* [CVE-2023-42813](CVE-2023/CVE-2023-428xx/CVE-2023-42813.json) (`2023-11-21T14:00:57.717`)
* [CVE-2023-43979](CVE-2023/CVE-2023-439xx/CVE-2023-43979.json) (`2023-11-21T14:07:31.363`)
* [CVE-2023-45886](CVE-2023/CVE-2023-458xx/CVE-2023-45886.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-21416](CVE-2023/CVE-2023-214xx/CVE-2023-21416.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-21417](CVE-2023/CVE-2023-214xx/CVE-2023-21417.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-21418](CVE-2023/CVE-2023-214xx/CVE-2023-21418.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-46935](CVE-2023/CVE-2023-469xx/CVE-2023-46935.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-4149](CVE-2023/CVE-2023-41xx/CVE-2023-4149.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-4424](CVE-2023/CVE-2023-44xx/CVE-2023-4424.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-5553](CVE-2023/CVE-2023-55xx/CVE-2023-5553.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-5776](CVE-2023/CVE-2023-57xx/CVE-2023-5776.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-5598](CVE-2023/CVE-2023-55xx/CVE-2023-5598.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-5599](CVE-2023/CVE-2023-55xx/CVE-2023-5599.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-28802](CVE-2023/CVE-2023-288xx/CVE-2023-28802.json) (`2023-11-21T14:08:14.160`)
* [CVE-2023-35887](CVE-2023/CVE-2023-358xx/CVE-2023-35887.json) (`2023-11-21T14:38:55.627`)
## Download and Usage