From 26af71ca945459bf2d1e9c99bb9b12036c34bc4e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 14 Dec 2023 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-14T21:00:24.921161+00:00 --- CVE-2009/CVE-2009-41xx/CVE-2009-4123.json | 83 ++++- CVE-2013/CVE-2013-25xx/CVE-2013-2513.json | 73 ++++- CVE-2015/CVE-2015-21xx/CVE-2015-2179.json | 68 +++- CVE-2015/CVE-2015-83xx/CVE-2015-8314.json | 79 ++++- CVE-2018/CVE-2018-161xx/CVE-2018-16153.json | 84 ++++- CVE-2020/CVE-2020-106xx/CVE-2020-10676.json | 91 +++++- CVE-2020/CVE-2020-126xx/CVE-2020-12614.json | 73 ++++- CVE-2020/CVE-2020-283xx/CVE-2020-28369.json | 73 ++++- CVE-2022/CVE-2022-427xx/CVE-2022-42716.json | 20 +- CVE-2022/CVE-2022-445xx/CVE-2022-44543.json | 85 ++++- CVE-2022/CVE-2022-468xx/CVE-2022-46891.json | 14 +- CVE-2023/CVE-2023-249xx/CVE-2023-24922.json | 6 +- CVE-2023/CVE-2023-269xx/CVE-2023-26920.json | 78 ++++- CVE-2023/CVE-2023-356xx/CVE-2023-35619.json | 43 ++- CVE-2023/CVE-2023-356xx/CVE-2023-35628.json | 122 +++++++- CVE-2023/CVE-2023-356xx/CVE-2023-35629.json | 64 +++- CVE-2023/CVE-2023-356xx/CVE-2023-35630.json | 127 +++++++- CVE-2023/CVE-2023-356xx/CVE-2023-35631.json | 62 +++- CVE-2023/CVE-2023-356xx/CVE-2023-35632.json | 93 +++++- CVE-2023/CVE-2023-356xx/CVE-2023-35633.json | 64 +++- CVE-2023/CVE-2023-356xx/CVE-2023-35634.json | 78 ++++- CVE-2023/CVE-2023-356xx/CVE-2023-35635.json | 50 ++- CVE-2023/CVE-2023-356xx/CVE-2023-35636.json | 58 +++- CVE-2023/CVE-2023-366xx/CVE-2023-36696.json | 90 +++++- CVE-2023/CVE-2023-374xx/CVE-2023-37457.json | 59 ++++ CVE-2023/CVE-2023-411xx/CVE-2023-41119.json | 87 +++++- CVE-2023/CVE-2023-411xx/CVE-2023-41120.json | 87 +++++- CVE-2023/CVE-2023-411xx/CVE-2023-41151.json | 20 ++ CVE-2023/CVE-2023-419xx/CVE-2023-41963.json | 327 +++++++++++++++++++- CVE-2023/CVE-2023-458xx/CVE-2023-45894.json | 20 ++ CVE-2023/CVE-2023-462xx/CVE-2023-46281.json | 105 ++++++- CVE-2023/CVE-2023-462xx/CVE-2023-46282.json | 117 ++++++- CVE-2023/CVE-2023-464xx/CVE-2023-46454.json | 79 ++++- CVE-2023/CVE-2023-464xx/CVE-2023-46455.json | 84 ++++- CVE-2023/CVE-2023-46xx/CVE-2023-4694.json | 20 ++ CVE-2023/CVE-2023-483xx/CVE-2023-48313.json | 59 +++- CVE-2023/CVE-2023-484xx/CVE-2023-48427.json | 86 ++++- CVE-2023/CVE-2023-484xx/CVE-2023-48428.json | 64 +++- CVE-2023/CVE-2023-484xx/CVE-2023-48429.json | 64 +++- CVE-2023/CVE-2023-484xx/CVE-2023-48430.json | 84 ++++- CVE-2023/CVE-2023-484xx/CVE-2023-48431.json | 86 ++++- CVE-2023/CVE-2023-491xx/CVE-2023-49140.json | 327 +++++++++++++++++++- CVE-2023/CVE-2023-491xx/CVE-2023-49151.json | 4 +- CVE-2023/CVE-2023-491xx/CVE-2023-49152.json | 4 +- CVE-2023/CVE-2023-491xx/CVE-2023-49157.json | 4 +- CVE-2023/CVE-2023-492xx/CVE-2023-49294.json | 63 ++++ CVE-2023/CVE-2023-495xx/CVE-2023-49583.json | 62 +++- CVE-2023/CVE-2023-497xx/CVE-2023-49786.json | 63 ++++ CVE-2023/CVE-2023-498xx/CVE-2023-49803.json | 62 +++- CVE-2023/CVE-2023-498xx/CVE-2023-49804.json | 63 +++- CVE-2023/CVE-2023-498xx/CVE-2023-49805.json | 71 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49990.json | 69 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49991.json | 69 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49992.json | 69 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49993.json | 69 ++++- CVE-2023/CVE-2023-499xx/CVE-2023-49994.json | 69 ++++- CVE-2023/CVE-2023-500xx/CVE-2023-50017.json | 20 ++ CVE-2023/CVE-2023-502xx/CVE-2023-50269.json | 4 +- CVE-2023/CVE-2023-504xx/CVE-2023-50422.json | 89 +++++- CVE-2023/CVE-2023-504xx/CVE-2023-50471.json | 20 ++ CVE-2023/CVE-2023-504xx/CVE-2023-50472.json | 20 ++ CVE-2023/CVE-2023-504xx/CVE-2023-50495.json | 74 ++++- CVE-2023/CVE-2023-507xx/CVE-2023-50710.json | 4 +- CVE-2023/CVE-2023-507xx/CVE-2023-50713.json | 63 ++++ CVE-2023/CVE-2023-61xx/CVE-2023-6193.json | 67 +++- CVE-2023/CVE-2023-65xx/CVE-2023-6547.json | 69 ++++- CVE-2023/CVE-2023-65xx/CVE-2023-6563.json | 4 +- README.md | 95 +++--- 68 files changed, 4421 insertions(+), 302 deletions(-) create mode 100644 CVE-2023/CVE-2023-374xx/CVE-2023-37457.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41151.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45894.json create mode 100644 CVE-2023/CVE-2023-46xx/CVE-2023-4694.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49294.json create mode 100644 CVE-2023/CVE-2023-497xx/CVE-2023-49786.json create mode 100644 CVE-2023/CVE-2023-500xx/CVE-2023-50017.json create mode 100644 CVE-2023/CVE-2023-504xx/CVE-2023-50471.json create mode 100644 CVE-2023/CVE-2023-504xx/CVE-2023-50472.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50713.json diff --git a/CVE-2009/CVE-2009-41xx/CVE-2009-4123.json b/CVE-2009/CVE-2009-41xx/CVE-2009-4123.json index 10553a7d7b0..dfb28fa2276 100644 --- a/CVE-2009/CVE-2009-41xx/CVE-2009-4123.json +++ b/CVE-2009/CVE-2009-41xx/CVE-2009-4123.json @@ -2,31 +2,100 @@ "id": "CVE-2009-4123", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T16:15:07.407", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:36:27.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation." + }, + { + "lang": "es", + "value": "La gema jruby-openssl anterior a 0.6 para JRuby maneja mal la validaci\u00f3n del certificado SSL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jruby:jruby-openssl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.6", + "matchCriteriaId": "EE19B114-736D-4954-B481-4FDC948A6ABE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2013/CVE-2013-25xx/CVE-2013-2513.json b/CVE-2013/CVE-2013-25xx/CVE-2013-2513.json index ad4169d370b..2acb5fd7ddd 100644 --- a/CVE-2013/CVE-2013-25xx/CVE-2013-2513.json +++ b/CVE-2013/CVE-2013-25xx/CVE-2013-2513.json @@ -2,23 +2,86 @@ "id": "CVE-2013-2513", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T16:15:07.490", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:35:18.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file." + }, + { + "lang": "es", + "value": "La gema flash_tool hasta 0.6.0 para Ruby permite la ejecuci\u00f3n de comandos mediante metacaracteres de shell en el nombre de un archivo descargado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:milboj:flash_tool:*:*:*:*:*:ruby:*:*", + "versionEndIncluding": "0.6.0", + "matchCriteriaId": "748F9BDE-66DE-47F3-B1C4-0DF7F2B20895" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/advisories/GHSA-6325-6g32-7p35", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2015/CVE-2015-21xx/CVE-2015-2179.json b/CVE-2015/CVE-2015-21xx/CVE-2015-2179.json index aeba833d726..15f20a4aaf8 100644 --- a/CVE-2015/CVE-2015-21xx/CVE-2015-2179.json +++ b/CVE-2015/CVE-2015-21xx/CVE-2015-2179.json @@ -2,19 +2,79 @@ "id": "CVE-2015-2179", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.383", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:35:06.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments." + }, + { + "lang": "es", + "value": "xaviershay-dm-rails gem 0.10.3.8 para Ruby permite a los usuarios locales descubrir las credenciales de MySQL enumerando un proceso y sus argumentos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xaviershay-dm-rails_porject:xaviershay-dm-rails:0.10.3.8:*:*:*:*:ruby:*:*", + "matchCriteriaId": "B433654E-4DB3-478F-8703-EDB7F9111EED" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.vapid.dhs.org/advisory.php?v=115", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2015/CVE-2015-83xx/CVE-2015-8314.json b/CVE-2015/CVE-2015-83xx/CVE-2015-8314.json index 123eebd364f..29179e43b12 100644 --- a/CVE-2015/CVE-2015-83xx/CVE-2015-8314.json +++ b/CVE-2015/CVE-2015-83xx/CVE-2015-8314.json @@ -2,27 +2,94 @@ "id": "CVE-2015-8314", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.450", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:34:05.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access." + }, + { + "lang": "es", + "value": "Devise gem anterior a 3.5.4 para Ruby maneja mal las cookies Recordarme para las sesiones, lo que puede permitir que un adversario obtenga acceso persistente no autorizado a la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heartcombo:devise:*:*:*:*:*:ruby:*:*", + "versionEndExcluding": "3.5.4", + "matchCriteriaId": "693703F3-9D16-4FB7-930F-0FD309D1D3F4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://rubysec.com/advisories/CVE-2015-8314/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2018/CVE-2018-161xx/CVE-2018-16153.json b/CVE-2018/CVE-2018-161xx/CVE-2018-16153.json index cb1e755c09d..798797c4f6d 100644 --- a/CVE-2018/CVE-2018-161xx/CVE-2018-16153.json +++ b/CVE-2018/CVE-2018-161xx/CVE-2018-16153.json @@ -2,31 +2,101 @@ "id": "CVE-2018-16153", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.517", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:30:45.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Apereo Opencast 4.x a 10.x antes de 10.6. Env\u00eda credenciales de resumen del sistema durante los intentos de autenticaci\u00f3n a servicios externos arbitrarios en algunas situaciones." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "10.6", + "matchCriteriaId": "8AB1096F-E6FE-4478-B7EE-9A9672C041D9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://docs.opencast.org/r/10.x/admin/#changelog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/advisories/GHSA-hcxx-mp6g-6gr9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.apereo.org/projects/opencast/news", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-106xx/CVE-2020-10676.json b/CVE-2020/CVE-2020-106xx/CVE-2020-10676.json index 9fd9e3ccb7f..3bfd5efd4bd 100644 --- a/CVE-2020/CVE-2020-106xx/CVE-2020-10676.json +++ b/CVE-2020/CVE-2020-106xx/CVE-2020-10676.json @@ -2,31 +2,108 @@ "id": "CVE-2020-10676", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.580", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:43:09.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project." + }, + { + "lang": "es", + "value": "En Rancher 2.x anterior a 2.6.13 y 2.7.x anterior a 2.7.4, una verificaci\u00f3n de autorizaci\u00f3n aplicada incorrectamente permite a los usuarios que tienen cierto acceso a un espacio de nombres mover ese espacio de nombres a un proyecto diferente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.6.13", + "matchCriteriaId": "75BBD6AD-2585-4F51-BDB7-72963821FC3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.4", + "matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://forums.rancher.com/c/announcements", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/advisories/GHSA-8vhc-hwhc-cpj4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/rancher/rancher/releases/tag/v2.6.13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/rancher/rancher/releases/tag/v2.7.4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-126xx/CVE-2020-12614.json b/CVE-2020/CVE-2020-126xx/CVE-2020-12614.json index 9ac76537027..a15e02e87e1 100644 --- a/CVE-2020/CVE-2020-126xx/CVE-2020-12614.json +++ b/CVE-2020/CVE-2020-126xx/CVE-2020-12614.json @@ -2,23 +2,86 @@ "id": "CVE-2020-12614", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.363", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:24:55.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Si se seleccionan los criterios del editor, se define el nombre de un editor que debe estar presente en el certificado (y tambi\u00e9n requiere que el certificado sea v\u00e1lido). Si un token Agregar administrador est\u00e1 protegido por este criterio, un actor malintencionado puede aprovecharlo para lograr la elevaci\u00f3n de privilegios de usuario est\u00e1ndar a administrador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.6", + "matchCriteriaId": "9E9A81CC-3192-447F-97C9-7913C5410962" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-283xx/CVE-2020-28369.json b/CVE-2020/CVE-2020-283xx/CVE-2020-28369.json index a8e1de34db9..e1a74dc13ac 100644 --- a/CVE-2020/CVE-2020-283xx/CVE-2020-28369.json +++ b/CVE-2020/CVE-2020-283xx/CVE-2020-28369.json @@ -2,23 +2,86 @@ "id": "CVE-2020-28369", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.450", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:22:08.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp." + }, + { + "lang": "es", + "value": "En BeyondTrust Privilege Management para Windows (tambi\u00e9n conocido como PMfW) hasta 5.7, una instalaci\u00f3n de SISTEMA hace que Cryptbase.dll se cargue desde la ubicaci\u00f3n de escritura del usuario %WINDIR%\\Temp." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.7", + "matchCriteriaId": "653794F5-3E2F-455F-8788-72885B8BD698" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.beyondtrust.com/privilege-management/windows-mac", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-427xx/CVE-2022-42716.json b/CVE-2022/CVE-2022-427xx/CVE-2022-42716.json index c4e2423e301..ff99c848440 100644 --- a/CVE-2022/CVE-2022-427xx/CVE-2022-42716.json +++ b/CVE-2022/CVE-2022-427xx/CVE-2022-42716.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42716", "sourceIdentifier": "cve@mitre.org", "published": "2022-12-12T20:15:10.713", - "lastModified": "2023-03-01T15:08:26.957", + "lastModified": "2023-12-14T20:02:26.400", "vulnStatus": "Analyzed", "descriptions": [ { @@ -53,26 +53,12 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", - "versionStartIncluding": "r1p0", - "versionEndIncluding": "r40p0", - "matchCriteriaId": "48F069A5-6E3A-4E30-A69A-CCA50D66E8B0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*", - "versionStartIncluding": "r4p0", - "versionEndIncluding": "r32p0", - "matchCriteriaId": "66BA8ABE-5D0E-45DF-892D-57C9C246CA10" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", - "versionStartIncluding": "r19p0", + "versionStartIncluding": "r29p0", "versionEndIncluding": "r40p0", - "matchCriteriaId": "E6BB9E6B-1620-486F-98C5-397292AA1EB4" + "matchCriteriaId": "EA28D70F-8D10-4352-BA08-E09ABBD533C5" } ] } diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44543.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44543.json index 0f74bce2c68..4aae651f09c 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44543.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44543.json @@ -2,23 +2,98 @@ "id": "CVE-2022-44543", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.663", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:42:42.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled." + }, + { + "lang": "es", + "value": "La extensi\u00f3n femanager anterior a 5.5.2, 6.x anterior a 6.3.3 y 7.x anterior a 7.0.1 para TYPO3 permite la creaci\u00f3n de usuarios frontend en grupos restringidos (si hay un campo de grupo de usuarios en el formulario de registro). Esto ocurre porque el mecanismo de protecci\u00f3n usergroup.inList no se maneja correctamente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*", + "versionEndExcluding": "5.5.2", + "matchCriteriaId": "E0EAE8E8-47BE-4D35-BE8C-530CC4668BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.3.3", + "matchCriteriaId": "93866A98-CFC8-4CFB-B227-CA98ADEA8FEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:in2code:femanager:7.0.0:*:*:*:*:typo3:*:*", + "matchCriteriaId": "ADE46436-77C4-4E8E-A3DF-1C26D55B8F69" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://typo3.org/help/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46891.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46891.json index f7427965ac9..fbae8d59e18 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46891.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46891.json @@ -2,7 +2,7 @@ "id": "CVE-2022-46891", "sourceIdentifier": "cve@mitre.org", "published": "2023-01-17T08:15:10.453", - "lastModified": "2023-01-24T21:43:36.747", + "lastModified": "2023-12-14T20:03:01.073", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,24 +55,24 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding": "r1p0", "versionEndIncluding": "r40p0", - "matchCriteriaId": "8B9AAAAC-2DEC-4408-A029-A7C4113BFF54" + "matchCriteriaId": "48F069A5-6E3A-4E30-A69A-CCA50D66E8B0" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding": "r13p0", "versionEndIncluding": "r32p0", - "matchCriteriaId": "3810F654-D958-48A0-956E-054B23488785" + "matchCriteriaId": "48B2F411-CC76-4D35-98DB-1CC997C36F84" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding": "r19p0", "versionEndIncluding": "r40p0", - "matchCriteriaId": "8DE4A4E3-FC1B-4FD2-974F-8ED8D76943C9" + "matchCriteriaId": "E6BB9E6B-1620-486F-98C5-397292AA1EB4" } ] } diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24922.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24922.json index 5935ff43957..73e516b0c48 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24922.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24922.json @@ -2,12 +2,12 @@ "id": "CVE-2023-24922", "sourceIdentifier": "secure@microsoft.com", "published": "2023-03-14T17:15:19.233", - "lastModified": "2023-04-28T15:02:47.330", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T19:15:14.667", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Dynamics 365 Information Disclosure Vulnerability" + "value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26920.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26920.json index 34e5dc800cd..30579f366d2 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26920.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26920.json @@ -2,27 +2,93 @@ "id": "CVE-2023-26920", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T17:15:07.720", - "lastModified": "2023-12-12T17:22:30.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:41:19.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution." + }, + { + "lang": "es", + "value": "fast-xml-parser anterior a 4.1.2 permite __proto__ para Prototype Pollution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:naturalintelligence:fast_xml_parser:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.2", + "matchCriteriaId": "94905D51-E4A0-4FAF-A3BC-98F8A0F87DCB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/advisories/GHSA-793h-6f7r-6qvm", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35619.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35619.json index 78234016be4..1d42981cf65 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35619.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35619.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35619", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:16.913", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:39:57.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Outlook for Mac Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Outlook para Mac" } ], "metrics": { @@ -34,10 +38,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", + "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35628.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35628.json index cd225010857..89ba00142f2 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35628.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35628.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35628", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.807", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:48:31.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows MSHTML Platform Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la plataforma Windows MSHTML" } ], "metrics": { @@ -34,10 +38,122 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6529", + "matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5206", + "matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3803", + "matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3803", + "matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35629.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35629.json index c20afbcaeda..df6d58f8c32 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35629.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35629.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35629", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:17.990", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:47:46.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador de dispositivo Microsoft USBHUB 3.0" } ], "metrics": { @@ -34,10 +38,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35629", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35630.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35630.json index 3ede2baa07f..1c30d77f785 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35630.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35630.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35630", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:18.183", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:46:37.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Internet Connection Sharing (ICS) Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de conexi\u00f3n compartida a Internet (ICS)" } ], "metrics": { @@ -34,10 +38,127 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6529", + "matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5206", + "matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3803", + "matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3803", + "matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35631.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35631.json index 7a891575949..1c5c415ecef 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35631.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35631.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35631", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:18.360", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:46:22.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Win32k Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k" } ], "metrics": { @@ -34,10 +38,62 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35632.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35632.json index 0052fb1e552..6e68fd681db 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35632.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35632.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35632", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:18.547", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:46:02.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Controlador de funci\u00f3n auxiliar de Windows para la vulnerabilidad de elevaci\u00f3n de privilegios de WinSock" } ], "metrics": { @@ -34,10 +38,93 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6529", + "matchCriteriaId": "1B72F8B2-FE1A-44FC-8534-66B016C3C3DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5206", + "matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3803", + "matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3803", + "matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35633.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35633.json index f5cb980f579..2be14e01552 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35633.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35633.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35633", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:18.760", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:45:09.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Kernel Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows" } ], "metrics": { @@ -34,10 +38,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20345", + "matchCriteriaId": "0FA29853-AA80-4D69-B5B2-09C29B73964A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35634.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35634.json index e2ccec2a77c..505f7395b48 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35634.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35634.json @@ -2,19 +2,43 @@ "id": "CVE-2023-35634", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:18.937", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:44:58.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Bluetooth Driver Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador Bluetooth de Windows" } ], "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -34,10 +58,56 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35635.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35635.json index fa6748bdae7..0bf5e803ad3 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35635.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35635.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35635", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:19.107", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:42:38.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Kernel Denial of Service Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio del kernel de Windows" } ], "metrics": { @@ -34,10 +38,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35636.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35636.json index 0cf021aebee..d5e22ac3166 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35636.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35636.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35636", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:19.277", - "lastModified": "2023-12-12T18:58:44.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:42:06.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Outlook Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Outlook" } ], "metrics": { @@ -34,10 +38,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*", + "matchCriteriaId": "DC9D0A78-9F16-41E0-910E-E93269DB9B30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", + "matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36696.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36696.json index b71bb2e3fa3..2efec3153ee 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36696.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36696.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36696", "sourceIdentifier": "secure@microsoft.com", "published": "2023-12-12T18:15:22.690", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:47:25.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del minifiltro de archivos en la nube de Windows" } ], "metrics": { @@ -34,10 +38,90 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5206", + "matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3803", + "matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3803", + "matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2652", + "matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2861", + "matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.2861", + "matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.584", + "matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json new file mode 100644 index 00000000000..9250e572f1b --- /dev/null +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37457.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37457", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T20:15:52.260", + "lastModified": "2023-12-14T20:15:52.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41119.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41119.json index dfd3fad898c..2709ac166b2 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41119.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41119.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41119", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T07:15:45.387", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:48:44.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.21.32", + "matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.16.20", + "matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.12.17", + "matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.9.0", + "matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "15.4.0", + "matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.enterprisedb.com/docs/security/advisories/cve202341119/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41120.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41120.json index 149b4b21205..63c08d447c1 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41120.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41120.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41120", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T07:15:45.860", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:54:24.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.21.32", + "matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.16.20", + "matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.12.17", + "matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.9.0", + "matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "15.4.0", + "matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.enterprisedb.com/docs/security/advisories/cve202341120/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41151.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41151.json new file mode 100644 index 00000000000..b76ff834477 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41151.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41151", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T19:15:16.193", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41963.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41963.json index 0908f1a0d6c..a2502242da5 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41963.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41963.json @@ -2,23 +2,340 @@ "id": "CVE-2023-41963", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-12T10:15:10.253", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:41:34.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el servicio FTP de la serie HMI GC-A2. Si un atacante remoto no autenticado env\u00eda paquetes especialmente manipulados a puertos espec\u00edficos, puede producirse una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "91C6BFC0-2629-40E6-9560-F4CCF247FF86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E58817AE-FC2B-4196-A09D-7BF15368373F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "2F462AD0-21AD-4FBD-98F9-2BD920135243" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24w-c\\(w\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "CAC9C7A9-D352-4DC6-AD86-09C9D73D010F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3F78EB-466C-4E82-83CA-07BD6F04FFF0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26w-c\\(w\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD63E1F9-5446-4EAD-9B1E-F13FF8777A90" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7B6FAC57-BE6E-4278-9BD9-3752EACA1276" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7D3772C-2354-47F9-B240-13D83BE15918" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DE3DC5A5-FFA1-44E9-BE37-17BBFC521BBD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D13B24-686E-4276-9225-2D72216FB295" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "EA028275-6BCB-4E72-8C9D-EDE94ADAFC8C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*", + "matchCriteriaId": "943F5C5F-FFE8-42FC-ACFD-ADA72E9998C7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "080F664B-552A-4E18-B0B5-E1D747DDACAA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43F132BC-7E89-4350-A126-9E4DCECA056A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "72440455-A361-4C9A-B8D3-62E0158ACD5D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6513442-366F-4C44-BA69-A8FFC3A4DD5B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1C474BB0-2ACC-4B2D-9F32-4106C71157D3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D2F9BBA-89AE-4B8D-9889-C4D4C05F6CB8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4B478A37-3780-436D-893F-C0375EEA3EC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1530E0C4-B18C-4C5D-AE8F-F76844F30273" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jvn.jp/en/jp/JVN34145838/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json new file mode 100644 index 00000000000..be609fb75cd --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45894.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45894", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T20:15:52.687", + "lastModified": "2023-12-14T20:15:52.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Oracle-Security/CVEs/blob/main/Parallels%20Remote%20Server/readme.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json index f53caca8bba..4bf47b8798f 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46281", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.653", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:22:25.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones < V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +70,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1", + "matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "15", + "matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndExcluding": "16", + "matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16", + "versionEndExcluding": "17", + "matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "versionEndExcluding": "18", + "matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*", + "matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", + "matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*", + "matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json index dd6f62c6339..e267b6a6baf 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json @@ -2,19 +2,43 @@ "id": "CVE-2023-46282", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.870", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:28:47.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en:\nOpcenter Quality (todas las versiones), \nSIMATIC PCS neo (todas las versiones < V4.1), \nSINUMERIK Integrate RunMyHMI /Automotive (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V14 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V15.1 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), \nTotally Integrated Automation Portal (TIA Portal) ) V18 (Todas las versiones " } ], "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -46,10 +80,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:opcenter_quality:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D9D89CD-FDA5-42F0-8161-3752C8AED7F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1", + "matchCriteriaId": "96D49ACA-BF2E-4C89-8168-E4A95D5B22AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinumerik_integrate_runmyhmi_\\/automotive:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D882C3C8-EFE7-4DB6-B3E7-6152D7FEB74C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "15", + "matchCriteriaId": "29E53F22-9086-40A2-85E0-20B58EC1E4BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndExcluding": "16", + "matchCriteriaId": "3F86DBB7-A5C7-43C4-8B64-0B67C90B79A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16", + "versionEndExcluding": "17", + "matchCriteriaId": "B0BCF747-13ED-4AE7-9BE7-37858573AF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "versionEndExcluding": "18", + "matchCriteriaId": "C83587B9-53E2-4B2F-9FE4-5DDD232571F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:-:*:*:*:*:*:*:*", + "matchCriteriaId": "085B0B91-40DE-4328-A28C-1C920A6440D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", + "matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:update_1:*:*:*:*:*:*", + "matchCriteriaId": "6A09C712-871D-4A81-A630-33BC5DF49FE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46454.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46454.json index 9f60fb24baa..9b47eddfd40 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46454.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46454.json @@ -2,19 +2,90 @@ "id": "CVE-2023-46454", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.680", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:33:14.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality." + }, + { + "lang": "es", + "value": "En los routers GL.iNET GL-AR300M con firmware v4.3.7, es posible inyectar comandos de shell arbitrarios a trav\u00e9s de un nombre de paquete manipulado en la funcionalidad de informaci\u00f3n del paquete." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46455.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46455.json index 9eb7c985fdc..070eb5fe6e9 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46455.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46455.json @@ -2,23 +2,97 @@ "id": "CVE-2023-46455", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.743", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:02:29.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality." + }, + { + "lang": "es", + "value": "En los routers GL.iNET GL-AR300M con firmware v4.3.7 es posible escribir archivos arbitrarios mediante un ataque de path traversal en la funcionalidad de carga de archivos del cliente OpenVPN." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.gl-inet.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4694.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4694.json new file mode 100644 index 00000000000..c8f2503f206 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4694.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-4694", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-12-14T19:15:16.243", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_9823639-9823677-16/hpsbpi03894", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48313.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48313.json index fbe5e70c5a8..670465211f4 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48313.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48313.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48313", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-12T18:15:22.933", - "lastModified": "2023-12-12T18:58:37.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:55:34.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue." + }, + { + "lang": "es", + "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 10.0.0 y antes de las versiones 10.8.1 y 12.3.4, Umbraco contiene una vulnerabilidad de Cross-Site Scripting (XSS) que permite a los atacantes introducir contenido malicioso en un sitio web o aplicaci\u00f3n. Las versiones 10.8.1 y 12.3.4 contienen un parche para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.8.1", + "matchCriteriaId": "03FE24B3-A0E4-4235-B990-51E9B6F877F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.3.4", + "matchCriteriaId": "AD471553-62B9-4DBB-8DF6-93F7C3A08957" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48427.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48427.json index 326151b8132..ab9a52320db 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48427.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48427.json @@ -2,19 +2,43 @@ "id": "CVE-2023-48427", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.677", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:07:17.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). Los productos afectados no validan correctamente el certificado del servidor UMC configurado. Esto podr\u00eda permitir a un atacante interceptar las credenciales que se env\u00edan al servidor UMC, as\u00ed como manipular las respuestas, lo que podr\u00eda permitirle al atacante escalar privilegios." } ], "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,64 @@ "value": "CWE-295" } ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0", + "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", + "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", + "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351" + } + ] + } + ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48428.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48428.json index 50159eeec8f..574c4519319 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48428.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48428.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48428", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.873", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:38:27.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). El mecanismo de configuraci\u00f3n de radio de los productos afectados no verifica correctamente los certificados cargados. Un administrador malintencionado podr\u00eda cargar un certificado manipulado, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio o podr\u00eda emitir comandos a nivel del sistema." } ], "metrics": { @@ -36,7 +40,7 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +48,64 @@ "value": "CWE-78" } ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0", + "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", + "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", + "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351" + } + ] + } + ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48429.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48429.json index 674b45d82b7..3c8f604d5ca 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48429.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48429.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48429", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:15.083", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:37:51.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). La interfaz de usuario web de los dispositivos afectados no comprueba la longitud de los par\u00e1metros en determinadas condiciones. Esto permite que un administrador malintencionado bloquee el servidor enviando una solicitud manipulada al servidor. El servidor se reiniciar\u00e1 autom\u00e1ticamente." } ], "metrics": { @@ -36,8 +40,18 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +60,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0", + "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", + "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", + "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48430.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48430.json index bfb69bf41bb..53f2f170143 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48430.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48430.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48430", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:15.433", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:37:28.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). La API REST de los dispositivos afectados no comprueba la longitud de los par\u00e1metros en determinadas condiciones. Esto permite que un administrador malintencionado bloquee el servidor enviando una solicitud manipulada a la API. El servidor se reiniciar\u00e1 autom\u00e1ticamente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0", + "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", + "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", + "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48431.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48431.json index d2afdb36386..e6831084b18 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48431.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48431.json @@ -2,19 +2,43 @@ "id": "CVE-2023-48431", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:15.777", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:37:00.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427)." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). El software afectado no valida correctamente la respuesta recibida por un servidor UMC. Un atacante puede utilizar esto para bloquear el software afectado proporcionando y configurando un servidor UMC malicioso o manipulando el tr\u00e1fico desde un servidor UMC leg\u00edtimo (es decir, aprovechando CVE-2023-48427)." } ], "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,64 @@ "value": "CWE-754" } ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0", + "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", + "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*", + "matchCriteriaId": "A6BEA71C-CA81-4B5D-A688-2B21E62DC351" + } + ] + } + ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49140.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49140.json index ad375bd8128..94ed7c2f3ac 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49140.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49140.json @@ -2,23 +2,340 @@ "id": "CVE-2023-49140", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-12T10:15:10.320", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:50:01.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el servicio de enlace complejo de la serie HMI GC-A2. Si un atacante remoto no autenticado env\u00eda paquetes especialmente manipulados a puertos espec\u00edficos, puede producirse una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a22w-cw_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "91C6BFC0-2629-40E6-9560-F4CCF247FF86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a22w-cw:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E58817AE-FC2B-4196-A09D-7BF15368373F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "2F462AD0-21AD-4FBD-98F9-2BD920135243" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24w-c\\(w\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "CAC9C7A9-D352-4DC6-AD86-09C9D73D010F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26w-c\\(w\\)_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3F78EB-466C-4E82-83CA-07BD6F04FFF0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26w-c\\(w\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD63E1F9-5446-4EAD-9B1E-F13FF8777A90" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "7B6FAC57-BE6E-4278-9BD9-3752EACA1276" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7D3772C-2354-47F9-B240-13D83BE15918" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a24-m_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DE3DC5A5-FFA1-44E9-BE37-17BBFC521BBD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a24-m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D13B24-686E-4276-9225-2D72216FB295" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a25_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "EA028275-6BCB-4E72-8C9D-EDE94ADAFC8C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a25:-:*:*:*:*:*:*:*", + "matchCriteriaId": "943F5C5F-FFE8-42FC-ACFD-ADA72E9998C7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "080F664B-552A-4E18-B0B5-E1D747DDACAA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43F132BC-7E89-4350-A126-9E4DCECA056A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a26-j2_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "72440455-A361-4C9A-B8D3-62E0158ACD5D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a26-j2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6513442-366F-4C44-BA69-A8FFC3A4DD5B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a27-c_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1C474BB0-2ACC-4B2D-9F32-4106C71157D3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a27-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D2F9BBA-89AE-4B8D-9889-C4D4C05F6CB8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jtekt:gc-a28-c_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4B478A37-3780-436D-893F-C0375EEA3EC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jtekt:gc-a28-c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1530E0C4-B18C-4C5D-AE8F-F76844F30273" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jvn.jp/en/jp/JVN34145838/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.electronics.jtekt.co.jp/en/topics/202312116562/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json index 1879fe8a6ba..90fa3d2037d 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49151.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49151", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T18:15:44.450", - "lastModified": "2023-12-14T18:15:44.450", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json index 5dda37e11d7..8b5f3ad7aaf 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49152.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49152", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T18:15:44.683", - "lastModified": "2023-12-14T18:15:44.683", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json index d892c84c6a6..2d011ef07c4 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49157.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49157", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T18:15:44.877", - "lastModified": "2023-12-14T18:15:44.877", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json new file mode 100644 index 00000000000..039605b8046 --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49294.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-49294", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T20:15:52.730", + "lastModified": "2023-12-14T20:15:52.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49583.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49583.json index 860229cc85c..98353bef1a3 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49583.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49583.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49583", "sourceIdentifier": "cna@sap.com", "published": "2023-12-12T02:15:07.920", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:36:00.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,22 +70,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.6.0", + "matchCriteriaId": "25DBD412-2F7D-45F1-B7C4-8A4237BD602E" + } + ] + } + ] + } + ], "references": [ { "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://me.sap.com/notes/3411067", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.npmjs.com/package/@sap/xssec", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json new file mode 100644 index 00000000000..57248aee0d8 --- /dev/null +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49786.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-49786", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T20:15:52.927", + "lastModified": "2023-12-14T20:15:52.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49803.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49803.json index 624cfb0ea1a..649bbc00986 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49803.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49803.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49803", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-11T23:15:07.620", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:03:24.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:koajs:cross-origin_resource_sharing_for_koa:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "5.0.0", + "matchCriteriaId": "6F956DDB-4F42-4714-B81A-29394B3F5E3B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/koajs/cors/commit/f31dac99f5355c41e7d4dd3c4a80c5f154941a11", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/koajs/cors/security/advisories/GHSA-qxrj-hx23-xp82", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49804.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49804.json index 081dab12777..916ecaf46ac 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49804.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49804", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-11T23:15:07.840", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:59:50.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.23.9", + "matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49805.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49805.json index 6b3b5a8f929..60faf8580dc 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49805.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49805", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-11T23:15:08.057", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:48:34.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.23.9", + "matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49990.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49990.json index 179869cbe5d..5f61016418b 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49990.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49990.json @@ -2,19 +2,80 @@ "id": "CVE-2023-49990", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T14:15:07.553", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:20:05.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n SetUpPhonemeTable en synthdata.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", + "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1824", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49991.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49991.json index b3c08d2ead9..e841f155446 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49991.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49991.json @@ -2,19 +2,80 @@ "id": "CVE-2023-49991", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T14:15:07.600", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:19:27.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene un desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n CountVowelPosition en synthdata.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", + "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1825", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49992.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49992.json index d8fc1a9e3f4..365168fe9c7 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49992.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49992.json @@ -2,19 +2,80 @@ "id": "CVE-2023-49992", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T14:15:07.653", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:18:58.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene un desbordamiento del b\u00fafer mediante la funci\u00f3n RemoveEnding en diccionario.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", + "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1827", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49993.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49993.json index 99bad34a585..ee690a19e79 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49993.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49993.json @@ -2,19 +2,80 @@ "id": "CVE-2023-49993", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T14:15:07.700", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:18:23.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev conten\u00eda un desbordamiento del b\u00fafer mediante la funci\u00f3n ReadClause en readclause.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", + "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1826", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49994.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49994.json index 9fe14491db1..bac76254e09 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49994.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49994.json @@ -2,19 +2,80 @@ "id": "CVE-2023-49994", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T14:15:07.750", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:09:14.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene una excepci\u00f3n de punto flotante a trav\u00e9s de la funci\u00f3n PeaksToHarmspect en wavegen.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", + "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1823", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json new file mode 100644 index 00000000000..e7dc02e0711 --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50017", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T19:15:16.297", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json index f84170db479..055a2c535a6 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50269", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T18:15:45.070", - "lastModified": "2023-12-14T18:15:45.070", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50422.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50422.json index 5edbf620433..2b39c0d39f9 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50422.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50422.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50422", "sourceIdentifier": "cna@sap.com", "published": "2023-12-12T02:15:08.587", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:04:59.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -50,38 +70,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.17.0", + "matchCriteriaId": "C15B0C1E-C64B-4F01-8465-24BD6DB6A0BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:btp_security_services_integration_library:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.3.0", + "matchCriteriaId": "9B846878-8BDA-4364-B1FC-928B6F92C869" + } + ] + } + ] + } + ], "references": [ { "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/SAP/cloud-security-services-integration-library/", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://me.sap.com/notes/3411067", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Product" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json new file mode 100644 index 00000000000..cf45c152a8d --- /dev/null +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50471.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50471", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T20:15:53.130", + "lastModified": "2023-12-14T20:15:53.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DaveGamble/cJSON/issues/802", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json new file mode 100644 index 00000000000..11b011c3ea2 --- /dev/null +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50472.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50472", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T20:15:53.180", + "lastModified": "2023-12-14T20:15:53.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DaveGamble/cJSON/issues/803", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json index eec4a8d7b8a..0a4e5eda90c 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json @@ -2,23 +2,87 @@ "id": "CVE-2023-50495", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.867", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:37:40.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry()." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que NCurse v6.4-20230418 conten\u00eda un error de segmentaci\u00f3n a trav\u00e9s del componente _nc_wrap_entry()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:invisible-island:ncurse:6.4-20230418:*:*:*:*:*:*:*", + "matchCriteriaId": "4796E807-08B7-46FD-9BD1-EF727BE6BB58" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json index 391ff3c0101..9be207086b7 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50710", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T18:15:45.270", - "lastModified": "2023-12-14T18:15:45.270", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50713.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50713.json new file mode 100644 index 00000000000..938000a4290 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50713.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50713", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-14T19:15:16.340", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users.\n\nThis has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1220" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/specklesystems/speckle-server/commit/3689e1cd58ec4f06abee836af34889d6ce474571", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/specklesystems/speckle-server/releases/tag/2.17.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/specklesystems/speckle-server/security/advisories/GHSA-xpf3-5q5x-3qwh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6193.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6193.json index 09bd8bb79b7..e308605c8fa 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6193.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6193.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6193", "sourceIdentifier": "cna@cloudflare.com", "published": "2023-12-12T14:15:07.797", - "lastModified": "2023-12-12T15:52:06.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T20:19:39.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\nQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \nQuiche versions greater than 0.19.0 address this problem." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que quiche v. 0.15.0 a 0.19.0 era vulnerable a colas ilimitadas de mensajes de validaci\u00f3n de ruta, lo que podr\u00eda provocar un consumo excesivo de recursos. La validaci\u00f3n de ruta QUIC (RFC 9000 Secci\u00f3n 8.2) requiere que el destinatario de una trama PATH_CHALLENGE responda enviando una PATH_RESPONSE. Un atacante remoto no autenticado puede explotar la vulnerabilidad enviando tramas PATH_CHALLENGE y manipulando la conexi\u00f3n (por ejemplo, restringiendo el tama\u00f1o de la ventana de congesti\u00f3n del par) de modo que las tramas PATH_RESPONSE s\u00f3lo puedan enviarse a una velocidad m\u00e1s lenta de la que se reciben; lo que lleva al almacenamiento de datos de validaci\u00f3n de ruta en una cola ilimitada. Las versiones de Quiche superiores a 0.19.0 solucionan este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@cloudflare.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "cna@cloudflare.com", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cloudflare:quiche:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.15.0", + "versionEndIncluding": "0.19.0", + "matchCriteriaId": "754F9BC1-68D8-4071-A987-42FFCD3AE06D" + } + ] + } + ] + } + ], "references": [ { "url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2", - "source": "cna@cloudflare.com" + "source": "cna@cloudflare.com", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm", - "source": "cna@cloudflare.com" + "source": "cna@cloudflare.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6547.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6547.json index 1142f71e386..2b4e280b29c 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6547.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6547.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6547", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-12-12T09:15:09.857", - "lastModified": "2023-12-12T13:43:48.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-14T19:31:10.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.\u00a0\n\n" + }, + { + "lang": "es", + "value": "Mattermost no valida la membres\u00eda del equipo cuando un usuario intenta acceder a un playbook, lo que permite que un usuario con permisos para un playbook pero sin permisos para el equipo en el que se encuentra el playbook acceda y modifique el playbook. Esto puede suceder si el usuario alguna vez fue miembro del equipo, obtuvo permisos para el playbook y luego fue eliminado del equipo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.5", + "matchCriteriaId": "6FA74D02-6508-49A3-960F-22B84B6E5B51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.1", + "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json index c27e7d4fb5d..12f4fd2fa8f 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6563.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6563", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-14T18:15:45.540", - "lastModified": "2023-12-14T18:15:45.540", - "vulnStatus": "Received", + "lastModified": "2023-12-14T19:26:01.850", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index dc46e4b607a..148bfff2b37 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T19:00:25.136410+00:00 +2023-12-14T21:00:24.921161+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T18:58:08.837000+00:00 +2023-12-14T20:55:34.777000+00:00 ``` ### Last Data Feed Release @@ -29,65 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233211 +233221 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` - -* [CVE-2023-42799](CVE-2023/CVE-2023-427xx/CVE-2023-42799.json) (`2023-12-14T17:15:07.257`) -* [CVE-2023-42800](CVE-2023/CVE-2023-428xx/CVE-2023-42800.json) (`2023-12-14T17:15:07.463`) -* [CVE-2023-42801](CVE-2023/CVE-2023-428xx/CVE-2023-42801.json) (`2023-12-14T17:15:07.657`) -* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-14T17:15:07.933`) -* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-14T17:15:07.987`) -* [CVE-2023-48756](CVE-2023/CVE-2023-487xx/CVE-2023-48756.json) (`2023-12-14T17:15:08.187`) -* [CVE-2023-48767](CVE-2023/CVE-2023-487xx/CVE-2023-48767.json) (`2023-12-14T17:15:08.380`) -* [CVE-2023-48770](CVE-2023/CVE-2023-487xx/CVE-2023-48770.json) (`2023-12-14T17:15:08.570`) -* [CVE-2023-48771](CVE-2023/CVE-2023-487xx/CVE-2023-48771.json) (`2023-12-14T17:15:08.763`) -* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-14T17:15:08.953`) -* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-14T17:15:09.143`) -* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-14T17:15:09.337`) -* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-14T17:15:09.533`) -* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-14T17:15:09.727`) -* [CVE-2023-5769](CVE-2023/CVE-2023-57xx/CVE-2023-5769.json) (`2023-12-14T17:15:09.920`) -* [CVE-2023-49151](CVE-2023/CVE-2023-491xx/CVE-2023-49151.json) (`2023-12-14T18:15:44.450`) -* [CVE-2023-49152](CVE-2023/CVE-2023-491xx/CVE-2023-49152.json) (`2023-12-14T18:15:44.683`) -* [CVE-2023-49157](CVE-2023/CVE-2023-491xx/CVE-2023-49157.json) (`2023-12-14T18:15:44.877`) -* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-14T18:15:45.070`) -* [CVE-2023-50710](CVE-2023/CVE-2023-507xx/CVE-2023-50710.json) (`2023-12-14T18:15:45.270`) -* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T18:15:45.540`) +Recently added CVEs: `10` + +* [CVE-2023-41151](CVE-2023/CVE-2023-411xx/CVE-2023-41151.json) (`2023-12-14T19:15:16.193`) +* [CVE-2023-4694](CVE-2023/CVE-2023-46xx/CVE-2023-4694.json) (`2023-12-14T19:15:16.243`) +* [CVE-2023-50017](CVE-2023/CVE-2023-500xx/CVE-2023-50017.json) (`2023-12-14T19:15:16.297`) +* [CVE-2023-50713](CVE-2023/CVE-2023-507xx/CVE-2023-50713.json) (`2023-12-14T19:15:16.340`) +* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-14T20:15:52.260`) +* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-14T20:15:52.687`) +* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-14T20:15:52.730`) +* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-14T20:15:52.927`) +* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-14T20:15:53.130`) +* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-14T20:15:53.180`) ### CVEs modified in the last Commit -Recently modified CVEs: `53` - -* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-14T17:17:54.510`) -* [CVE-2023-44278](CVE-2023/CVE-2023-442xx/CVE-2023-44278.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-44279](CVE-2023/CVE-2023-442xx/CVE-2023-44279.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-44284](CVE-2023/CVE-2023-442xx/CVE-2023-44284.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-44285](CVE-2023/CVE-2023-442xx/CVE-2023-44285.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-44286](CVE-2023/CVE-2023-442xx/CVE-2023-44286.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-48660](CVE-2023/CVE-2023-486xx/CVE-2023-48660.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-48661](CVE-2023/CVE-2023-486xx/CVE-2023-48661.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-48662](CVE-2023/CVE-2023-486xx/CVE-2023-48662.json) (`2023-12-14T17:17:58.157`) -* [CVE-2023-6647](CVE-2023/CVE-2023-66xx/CVE-2023-6647.json) (`2023-12-14T17:22:19.353`) -* [CVE-2023-50424](CVE-2023/CVE-2023-504xx/CVE-2023-50424.json) (`2023-12-14T17:44:34.810`) -* [CVE-2023-50423](CVE-2023/CVE-2023-504xx/CVE-2023-50423.json) (`2023-12-14T17:48:27.037`) -* [CVE-2023-41118](CVE-2023/CVE-2023-411xx/CVE-2023-41118.json) (`2023-12-14T17:54:25.937`) -* [CVE-2023-50245](CVE-2023/CVE-2023-502xx/CVE-2023-50245.json) (`2023-12-14T17:57:33.607`) -* [CVE-2023-41623](CVE-2023/CVE-2023-416xx/CVE-2023-41623.json) (`2023-12-14T18:01:27.260`) -* [CVE-2023-46701](CVE-2023/CVE-2023-467xx/CVE-2023-46701.json) (`2023-12-14T18:07:27.107`) -* [CVE-2023-45847](CVE-2023/CVE-2023-458xx/CVE-2023-45847.json) (`2023-12-14T18:20:40.697`) -* [CVE-2023-49607](CVE-2023/CVE-2023-496xx/CVE-2023-49607.json) (`2023-12-14T18:29:44.217`) -* [CVE-2023-49563](CVE-2023/CVE-2023-495xx/CVE-2023-49563.json) (`2023-12-14T18:30:37.733`) -* [CVE-2023-48677](CVE-2023/CVE-2023-486xx/CVE-2023-48677.json) (`2023-12-14T18:32:23.603`) -* [CVE-2023-48642](CVE-2023/CVE-2023-486xx/CVE-2023-48642.json) (`2023-12-14T18:38:31.893`) -* [CVE-2023-49809](CVE-2023/CVE-2023-498xx/CVE-2023-49809.json) (`2023-12-14T18:45:03.083`) -* [CVE-2023-49874](CVE-2023/CVE-2023-498xx/CVE-2023-49874.json) (`2023-12-14T18:51:59.960`) -* [CVE-2023-49058](CVE-2023/CVE-2023-490xx/CVE-2023-49058.json) (`2023-12-14T18:56:27.277`) -* [CVE-2023-45316](CVE-2023/CVE-2023-453xx/CVE-2023-45316.json) (`2023-12-14T18:58:08.837`) +Recently modified CVEs: `57` + +* [CVE-2023-49805](CVE-2023/CVE-2023-498xx/CVE-2023-49805.json) (`2023-12-14T19:48:34.987`) +* [CVE-2023-41119](CVE-2023/CVE-2023-411xx/CVE-2023-41119.json) (`2023-12-14T19:48:44.997`) +* [CVE-2023-41120](CVE-2023/CVE-2023-411xx/CVE-2023-41120.json) (`2023-12-14T19:54:24.970`) +* [CVE-2023-49804](CVE-2023/CVE-2023-498xx/CVE-2023-49804.json) (`2023-12-14T19:59:50.187`) +* [CVE-2023-49803](CVE-2023/CVE-2023-498xx/CVE-2023-49803.json) (`2023-12-14T20:03:24.677`) +* [CVE-2023-48427](CVE-2023/CVE-2023-484xx/CVE-2023-48427.json) (`2023-12-14T20:07:17.240`) +* [CVE-2023-6193](CVE-2023/CVE-2023-61xx/CVE-2023-6193.json) (`2023-12-14T20:19:39.233`) +* [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2023-12-14T20:22:25.383`) +* [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2023-12-14T20:28:47.477`) +* [CVE-2023-50495](CVE-2023/CVE-2023-504xx/CVE-2023-50495.json) (`2023-12-14T20:37:40.283`) +* [CVE-2023-35619](CVE-2023/CVE-2023-356xx/CVE-2023-35619.json) (`2023-12-14T20:39:57.213`) +* [CVE-2023-26920](CVE-2023/CVE-2023-269xx/CVE-2023-26920.json) (`2023-12-14T20:41:19.917`) +* [CVE-2023-41963](CVE-2023/CVE-2023-419xx/CVE-2023-41963.json) (`2023-12-14T20:41:34.697`) +* [CVE-2023-35636](CVE-2023/CVE-2023-356xx/CVE-2023-35636.json) (`2023-12-14T20:42:06.433`) +* [CVE-2023-35635](CVE-2023/CVE-2023-356xx/CVE-2023-35635.json) (`2023-12-14T20:42:38.230`) +* [CVE-2023-35634](CVE-2023/CVE-2023-356xx/CVE-2023-35634.json) (`2023-12-14T20:44:58.467`) +* [CVE-2023-35633](CVE-2023/CVE-2023-356xx/CVE-2023-35633.json) (`2023-12-14T20:45:09.917`) +* [CVE-2023-35632](CVE-2023/CVE-2023-356xx/CVE-2023-35632.json) (`2023-12-14T20:46:02.290`) +* [CVE-2023-35631](CVE-2023/CVE-2023-356xx/CVE-2023-35631.json) (`2023-12-14T20:46:22.417`) +* [CVE-2023-35630](CVE-2023/CVE-2023-356xx/CVE-2023-35630.json) (`2023-12-14T20:46:37.387`) +* [CVE-2023-36696](CVE-2023/CVE-2023-366xx/CVE-2023-36696.json) (`2023-12-14T20:47:25.777`) +* [CVE-2023-35629](CVE-2023/CVE-2023-356xx/CVE-2023-35629.json) (`2023-12-14T20:47:46.863`) +* [CVE-2023-35628](CVE-2023/CVE-2023-356xx/CVE-2023-35628.json) (`2023-12-14T20:48:31.847`) +* [CVE-2023-49140](CVE-2023/CVE-2023-491xx/CVE-2023-49140.json) (`2023-12-14T20:50:01.000`) +* [CVE-2023-48313](CVE-2023/CVE-2023-483xx/CVE-2023-48313.json) (`2023-12-14T20:55:34.777`) ## Download and Usage