admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-23T21:00:24.899047+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-23 21:00:28 +00:00
parent b42d00e478
commit 009529a202
67 changed files with 4354 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2021/CVE-2021-241xx/CVE-2021-24151.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2021-24151",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:08.763",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:51:44.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings."
},
{
"lang": "es",
"value": "El complemento de WordPress WP Editor anterior a 1.2.7 no sanitiz\u00f3 ni valid\u00f3 sus campos de configuraci\u00f3n, lo que provoc\u00f3 un problema de inyecci\u00f3n ciega de SQL autenticado (admin+) a trav\u00e9s de un par\u00e1metro arbitrario al realizar una solicitud para guardar la configuraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.7",
"matchCriteriaId": "98CBCDBE-D4FC-484F-8CD6-E3B87E238177"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/5ee77dd7-5a73-4d4e-8038-23e6e763e20c/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2021/CVE-2021-244xx/CVE-2021-24432.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2021-24432",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:08.850",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:53:59.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue."
},
{
"lang": "es",
"value": "El complemento de WordPress Advanced AJAX Product Filters no sanitiza el par\u00e1metro POST 'term_id' antes de mostrarlo en la p\u00e1gina, lo que genera un problema de cross site scripting reflejado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:berocket:advanced_ajax_product_filters:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.4.7",
"matchCriteriaId": "A665DCC2-B6CD-4D43-8E83-FC6BDC70A4FC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b92ec5f7-d6a8-476f-a01e-21001a558914/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2021/CVE-2021-245xx/CVE-2021-24566.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2021-24566",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.003",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:37:16.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the \"woocs\" shortcode."
},
{
"lang": "es",
"value": "El complemento WooCommerce Currency Switcher FOX WordPress anterior a 1.3.7 era vulnerable a ataques LFI a trav\u00e9s del c\u00f3digo corto \"woocs\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.7",
"matchCriteriaId": "7A169580-039C-439F-8729-F3DC07B37D3E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jetpack.com/2021/07/22/severe-vulnerability-patched-in-woocommerce-currency-switcher/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/a0bc4b13-53fe-462d-8306-8915196d3a5a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2021/CVE-2021-44xx/CVE-2021-4432.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4432",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-16T15:15:08.280",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:27:55.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del componente USER Command Handler es afectada. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250719."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33ACD9B6-5E83-4D68-A829-FA67A55CA6A3"
}
]
}
]
}
],
"references": [
{
"url": "https://0day.today/exploit/description/36412",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/163104/PCMan-FTP-Server-2.0.7-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.250719",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250719",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-17xx/CVE-2022-1760.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-1760",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.680",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:31:30.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento Core Control de WordPress hasta la versi\u00f3n 1.2.1 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dd32:core_control:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "96C9EFD9-E549-41C8-9694-DFB6D5E932A5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/c7906b1d-25c9-4f34-bd02-66824878b88e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-231xx/CVE-2022-23179.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-23179",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.737",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:42:27.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
},
{
"lang": "es",
"value": "El complemento de WordPress Contact Form & Lead Form Elementor Builder anterior a 1.7.0 no escapa de algunos de sus campos de formulario antes de mostrarlos en atributos, lo que podr\u00eda permitir a usuarios con altos privilegios realizar ataques de cross site scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themehunk:contact_form_\\&_lead_form_elementor_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.0",
"matchCriteriaId": "55783A12-8060-413B-AD1E-29E70C9ACA37"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/90b8af99-e4a1-4076-99fa-efe805dd4be4/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

1153
CVE-2022/CVE-2022-457xx/CVE-2022-45794.json
View File

File diff suppressed because it is too large Load Diff

69
CVE-2023/CVE-2023-22xx/CVE-2023-2252.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-2252",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.773",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:37:27.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files."
},
{
"lang": "es",
"value": "El complemento Directorist de WordPress anterior a 7.5.4 es vulnerable a la inclusi\u00f3n de archivos locales, ya que no valida el par\u00e1metro del archivo al importar archivos CSV."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.5.4",
"matchCriteriaId": "0B1CFA39-CBD7-448C-AEDD-1B68AF33A0E0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/9da6eede-10d0-4609-8b97-4a5d38fa8e69/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-375xx/CVE-2023-37522.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37522",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-16T16:15:11.070",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:39:58.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. \n"
},
{
"lang": "es",
"value": "HCL BigFix Bare OSD Metal Server WebUI versi\u00f3n 311.19 o anterior tiene etiquetas faltantes o inseguras que podr\u00edan permitir a un atacante ejecutar un script malicioso en el navegador del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:bigfix_bare_osd_metal_server_webui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "311.28",
"matchCriteriaId": "EC54BBC6-5CEF-4D80-B458-C289E3ED18C9"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-40xx/CVE-2023-4001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4001",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T11:15:08.270",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:29:20.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,22 +80,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5104C160-A510-4AB3-82F8-F92E21B1B2D7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4001",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-421xx/CVE-2023-42143.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42143",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.097",
"lastModified": "2024-01-23T20:15:45.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware."
}
],
"metrics": {},
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-421xx/CVE-2023-42144.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42144",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.150",
"lastModified": "2024-01-23T20:15:45.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password."
}
],
"metrics": {},
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-452xx/CVE-2023-45229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45229",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:11.533",
"lastModified": "2024-01-17T15:15:10.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:39:38.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -50,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "202311",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-452xx/CVE-2023-45230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45230",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:11.727",
"lastModified": "2024-01-17T15:15:10.400",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:39:22.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "202311",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-452xx/CVE-2023-45232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45232",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.090",
"lastModified": "2024-01-17T15:15:10.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:39:11.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "202311",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-452xx/CVE-2023-45233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45233",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.277",
"lastModified": "2024-01-17T15:15:10.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:40:59.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
},
{
"source": "infosec@edk2.groups.io",
"type": "Secondary",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "202311",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"source": "infosec@edk2.groups.io"
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-458xx/CVE-2023-45889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T18:15:18.053",
"lastModified": "2024-01-23T18:15:18.053",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-45xx/CVE-2023-4536.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4536",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.220",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:38:31.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE"
},
{
"lang": "es",
"value": "El complemento de WordPress My Account Page Editor anterior a 1.3.2 no valida la imagen de perfil que se cargar\u00e1, lo que permite que cualquier usuario autenticado, como un suscriptor, cargue archivos arbitrarios al servidor, lo que lleva a RCE."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koalaapps:my_account_page_editor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.2",
"matchCriteriaId": "E40D0003-D6CF-4B0E-A59C-D62264BBA4FF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/80e0e21c-9e6e-406d-b598-18eb222b3e3e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-468xx/CVE-2023-46889.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.190",
"lastModified": "2024-01-23T20:15:45.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it."
}
],
"metrics": {},
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-474xx/CVE-2023-47459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47459",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T01:15:34.283",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:27:43.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Un problema en Knovos Discovery v.22.67.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knovos:discovery:22.67.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81B34BDE-17F1-4945-9C22-7038C9EF61F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aleksey-vi/CVE-2023-47459",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.knovos.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-47xx/CVE-2023-4703.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4703",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.300",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:38:18.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation."
},
{
"lang": "es",
"value": "El complemento de WordPress All in One B2B para WooCommerce hasta la versi\u00f3n 1.0.3 no valida correctamente los par\u00e1metros al actualizar los detalles del usuario, lo que permite a un atacante no autenticado actualizar los detalles de cualquier usuario. Actualizar la contrase\u00f1a de un usuario Admin conduce a una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "AE21098B-A473-42D0-971D-1EA84961A82B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-489xx/CVE-2023-48926.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48926",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T21:15:08.220",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:19:18.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status."
},
{
"lang": "es",
"value": "Un problema en 202 ecommerce Advanced Loyalty Program: Loyalty Points anteriores a v2.3.4 para PrestaShop permite a atacantes no autenticados cambiar arbitrariamente el estado de un pedido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:advanced_loyalty_program:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.4",
"matchCriteriaId": "E828B5E9-4CAC-4682-8B4C-1D4E52667CD4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/202ecommerce/security-advisories/security/advisories/GHSA-jp2c-mj65-qpmw",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-502xx/CVE-2023-50274.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50274",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-01-23T17:15:09.597",
"lastModified": "2024-01-23T17:15:09.597",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-502xx/CVE-2023-50275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50275",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-01-23T17:15:10.127",
"lastModified": "2024-01-23T17:15:10.127",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2023/CVE-2023-50xx/CVE-2023-5097.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5097",
"sourceIdentifier": "security@hypr.com",
"published": "2024-01-16T20:15:45.107",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:29:08.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en HYPR Workforce Access en Windows permite path traversal. Este problema afecta a Workforce Access: versiones anteriores a 8.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hypr.com/security-advisories",
"source": "security@hypr.com"
"source": "security@hypr.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-512xx/CVE-2023-51210.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51210",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T19:15:08.230",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91",
"source": "cve@mitre.org"
}
]
}

73
CVE-2023/CVE-2023-63xx/CVE-2023-6334.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6334",
"sourceIdentifier": "security@hypr.com",
"published": "2024-01-16T20:15:45.303",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:25:15.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites en b\u00fafer de memoria en HYPR Workforce Access en Windows permite desbordamiento de b\u00faferes. Este problema afecta a Workforce Access: versiones anteriores a 8.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hypr.com/security-advisories",
"source": "security@hypr.com"
"source": "security@hypr.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-65xx/CVE-2023-6573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6573",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-01-23T18:15:18.113",
"lastModified": "2024-01-23T18:15:18.113",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-69xx/CVE-2023-6926.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6926",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-23T20:15:45.233",
"lastModified": "2024-01-23T20:15:45.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThere is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

123
CVE-2023/CVE-2023-72xx/CVE-2023-7206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7206",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-15T23:15:07.807",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:59:09.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,14 +80,99 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.90",
"matchCriteriaId": "EE2DC26D-983D-42DF-A903-1AFC1430EB07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:-:*:*:*:*:*:*",
"matchCriteriaId": "F3037FE7-0230-48F0-8665-3F63F4D57AFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp1:*:*:*:*:*:*",
"matchCriteriaId": "419F775A-9EC9-4C78-9834-D241D18E67AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp10:*:*:*:*:*:*",
"matchCriteriaId": "05F0FEE9-B508-48FD-85DD-6B1CA1C386BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A20012C0-21A9-42BD-AF6A-CC193A3631FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D62ADB7C-09CC-4A36-BD7C-235029100510"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp4:*:*:*:*:*:*",
"matchCriteriaId": "35C25D54-A7DD-43D0-8A4C-EF274B8EAB65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp5:*:*:*:*:*:*",
"matchCriteriaId": "289190F6-E74B-4869-B47B-734A965A0C3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B4EEABB9-4AD6-4F42-975D-5D4A50047EA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DEB9CAB3-BB31-4344-88AE-E161776E7D4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1:*:*:*:*:*:*",
"matchCriteriaId": "A4C0B423-D6B9-4B7D-BB08-BFA2701313F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp9:*:*:*:*:*:*",
"matchCriteriaId": "CE1F918C-F6D6-43D5-A98C-55DB1D3C4AF9"
}
]
}
]
}
],
"references": [
{
"url": "https://hornerautomation.com/cscape-software/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2023/CVE-2023-72xx/CVE-2023-7238.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-7238",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-23T20:15:45.413",
"lastModified": "2024-01-23T20:15:45.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

98
CVE-2024/CVE-2024-02xx/CVE-2024-0200.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0200",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-01-16T19:15:08.667",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:52:46.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de reflexi\u00f3n insegura en GitHub Enterprise Server que podr\u00eda provocar una inyecci\u00f3n de reflexi\u00f3n. Esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de m\u00e9todos controlados por el usuario y a la ejecuci\u00f3n remota de c\u00f3digo. Para aprovechar este error, un actor deber\u00eda iniciar sesi\u00f3n en una cuenta en la instancia de GHES con el rol de propietario de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.13, 3.9.8, 3.10.5 y 3.11.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-470"
}
]
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -46,22 +80,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.13",
"matchCriteriaId": "253739D1-3AED-408C-97C9-279159F8AE96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.5",
"matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.3",
"matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
}
]
}

97
CVE-2024/CVE-2024-05xx/CVE-2024-0507.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0507",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-01-16T19:15:08.870",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:31:32.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Un atacante con acceso a una cuenta de usuario de Management Console con funci\u00f3n de editor podr\u00eda escalar privilegios a trav\u00e9s de una vulnerabilidad de inyecci\u00f3n de comandos en Management Console. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.11.3, 3.10.5, 3.9.8 y 3.8.13. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -46,22 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.13",
"matchCriteriaId": "AB892F1A-3E3E-476E-8EBC-18FD7F5CB26D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.5",
"matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.3",
"matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
}
]
}

69
CVE-2024/CVE-2024-05xx/CVE-2024-0552.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0552",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-01-15T04:15:08.260",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:34:05.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.0-202012tw",
"matchCriteriaId": "961218A9-47B8-4622-BCB5-C5DF22615C8D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0260F953-BD5B-49C0-B7BA-AFBE246FA702"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-05xx/CVE-2024-0554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0554",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-16T11:15:07.933",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:37:17.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27A5FA72-8BA5-4BE7-89D2-8D85C1554A8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CACDA7-1954-4FDE-998A-E5675B65787F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-05xx/CVE-2024-0555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0555",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-16T11:15:08.493",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:57:48.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27A5FA72-8BA5-4BE7-89D2-8D85C1554A8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CACDA7-1954-4FDE-998A-E5675B65787F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-05xx/CVE-2024-0556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0556",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-16T11:15:08.700",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:44:47.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27A5FA72-8BA5-4BE7-89D2-8D85C1554A8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CACDA7-1954-4FDE-998A-E5675B65787F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2024/CVE-2024-05xx/CVE-2024-0565.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0565",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T20:15:43.630",
"lastModified": "2024-01-18T13:15:09.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T20:31:54.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*",
"matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0565",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg328851.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

79
CVE-2024/CVE-2024-05xx/CVE-2024-0570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0570",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-16T14:15:48.730",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:35:42.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6265:*:*:*:*:*:*:*",
"matchCriteriaId": "4E08592D-399A-464C-8589-8EF5F9B2B18B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B88D1F1-F7A6-43D5-8DF7-E9425823C7B6"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1xmGHvjMTaOn7v6buju5Ifuti3q47G7yF/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.250786",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250786",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-05xx/CVE-2024-0581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0581",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-16T14:15:49.450",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:51:19.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandsprite:scdbg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9786FCFF-377D-49EF-8799-10AEDF01800F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-05xx/CVE-2024-0584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0584",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T14:15:49.643",
"lastModified": "2024-01-21T10:15:08.337",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-23T20:18:49.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0584",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258584",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lore.kernel.org/netdev/170083982540.9628.4546899811301303734.git-patchwork-notify@kernel.org/T/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

60
CVE-2024/CVE-2024-05xx/CVE-2024-0599.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0599",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-16T20:15:45.840",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:21:46.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\\main\\java\\com\\jspxcms\\core\\web\\back\\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Jspxcms 10.2.0. Ha sido declarada problem\u00e1tica. Una funci\u00f3n desconocida del archivo src\\main\\java\\com\\jspxcms\\core\\web\\back\\InfoController.java del componente Document Management Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento title conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250837."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ujcms:jspxcms:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1CD5E2-FC54-44FF-B6CB-F55126EA3985"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.250837",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250837",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-207xx/CVE-2024-20709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20709",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-15T13:15:07.940",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:28:38.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +60,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:edge:*:*",
"versionEndIncluding": "120.0.2210.91",
"matchCriteriaId": "8FFA51CD-CF59-4672-BEE8-1512450A968D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.133",
"matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-207xx/CVE-2024-20721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20721",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-15T13:15:08.183",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:28:29.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +60,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:edge:*:*",
"versionEndIncluding": "120.0.2210.91",
"matchCriteriaId": "8FFA51CD-CF59-4672-BEE8-1512450A968D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.2210.133",
"matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20910.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20910",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:38.823",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:19.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Base Score 3.0 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.1",
"versionEndIncluding": "20.9",
"matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20912.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20912",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.000",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:12.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometer Oracle Audit Vault y Database Firewall. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Puntaje base 2.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.1",
"versionEndIncluding": "20.9",
"matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

103
CVE-2024/CVE-2024-209xx/CVE-2024-20918.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20918",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.510",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:41:57.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
@ -34,10 +38,103 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5781C-4153-431D-991E-637E253EDC87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "568F994E-135F-486D-B57C-0245A1BC253B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A51BB-6DAE-4506-B737-7A5854543F18"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-209xx/CVE-2024-20922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20922",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.860",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:03.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JavaFX). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 y 21.3.8. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con inicio de sesi\u00f3n en la infraestructura donde se ejecuta Oracle Java SE, Oracle GraalVM Enterprise Edition comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 2.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,68 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20924",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.030",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:41:50.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Audit Vault y Database Firewall. CVSS 3.1 Puntuaci\u00f3n base 7,6 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.1",
"versionEndIncluding": "20.9",
"matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

113
CVE-2024/CVE-2024-209xx/CVE-2024-20926.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20926",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.207",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:41:44.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Scripting). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 5.9 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,113 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5781C-4153-431D-991E-637E253EDC87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "568F994E-135F-486D-B57C-0245A1BC253B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A51BB-6DAE-4506-B737-7A5854543F18"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-209xx/CVE-2024-20932.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20932",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.763",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:46.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 17.0.9; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 y 22.3.4. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": {
@ -34,10 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch"
]
}
]
}

113
CVE-2024/CVE-2024-209xx/CVE-2024-20952.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20952",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.477",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:52.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
@ -34,10 +38,113 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5781C-4153-431D-991E-637E253EDC87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "568F994E-135F-486D-B57C-0245A1BC253B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A51BB-6DAE-4506-B737-7A5854543F18"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-209xx/CVE-2024-20955.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20955",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.647",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:42:41.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en Oracle GraalVM para JDK, producto Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Puntaje base 3.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-220xx/CVE-2024-22049.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22049",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:10.013",
"lastModified": "2024-01-14T02:15:47.070",
"lastModified": "2024-01-23T19:15:08.283",
"vulnStatus": "Modified",
"descriptions": [
{
@ -110,6 +110,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00011.html",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/",
"source": "disclosure@vulncheck.com"

6
CVE-2024/CVE-2024-221xx/CVE-2024-22195.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22195",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T03:15:11.200",
"lastModified": "2024-01-23T03:15:12.870",
"lastModified": "2024-01-23T19:15:08.383",
"vulnStatus": "Modified",
"descriptions": [
{
@ -113,6 +113,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/",
"source": "security-advisories@github.com"

4
CVE-2024/CVE-2024-222xx/CVE-2024-22203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22203",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.263",
"lastModified": "2024-01-23T18:15:18.263",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-222xx/CVE-2024-22204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22204",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.467",
"lastModified": "2024-01-23T18:15:18.467",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-222xx/CVE-2024-22205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22205",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.667",
"lastModified": "2024-01-23T18:15:18.667",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

53
CVE-2024/CVE-2024-222xx/CVE-2024-22207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22207",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-15T16:15:13.437",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T19:40:46.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "1B7560CB-4508-4059-AB35-DA1482ECC357"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-224xx/CVE-2024-22417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22417",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.860",
"lastModified": "2024-01-23T18:15:18.860",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-224xx/CVE-2024-22490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22490",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T17:15:10.487",
"lastModified": "2024-01-23T17:15:10.487",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-224xx/CVE-2024-22496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22496",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T17:15:10.543",
"lastModified": "2024-01-23T17:15:10.543",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-224xx/CVE-2024-22497.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22497",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T19:15:08.480",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/security/blob/main/%28JFinalcms%20admin-login-password%29%20.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-233xx/CVE-2024-23330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23330",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:19.060",
"lastModified": "2024-01-23T18:15:19.060",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-233xx/CVE-2024-23341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23341",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:19.250",
"lastModified": "2024-01-23T18:15:19.250",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23636",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:19.433",
"lastModified": "2024-01-23T18:15:19.433",
"vulnStatus": "Received",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-23T19:00:27.096838+00:00
2024-01-23T21:00:24.899047+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-23T18:59:15.157000+00:00
2024-01-23T20:59:09.030000+00:00
```
### Last Data Feed Release
@ -29,50 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236627
236634
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `7`
* [CVE-2023-50274](CVE-2023/CVE-2023-502xx/CVE-2023-50274.json) (`2024-01-23T17:15:09.597`)
* [CVE-2023-50275](CVE-2023/CVE-2023-502xx/CVE-2023-50275.json) (`2024-01-23T17:15:10.127`)
* [CVE-2023-45889](CVE-2023/CVE-2023-458xx/CVE-2023-45889.json) (`2024-01-23T18:15:18.053`)
* [CVE-2023-6573](CVE-2023/CVE-2023-65xx/CVE-2023-6573.json) (`2024-01-23T18:15:18.113`)
* [CVE-2024-22490](CVE-2024/CVE-2024-224xx/CVE-2024-22490.json) (`2024-01-23T17:15:10.487`)
* [CVE-2024-22496](CVE-2024/CVE-2024-224xx/CVE-2024-22496.json) (`2024-01-23T17:15:10.543`)
* [CVE-2024-22203](CVE-2024/CVE-2024-222xx/CVE-2024-22203.json) (`2024-01-23T18:15:18.263`)
* [CVE-2024-22204](CVE-2024/CVE-2024-222xx/CVE-2024-22204.json) (`2024-01-23T18:15:18.467`)
* [CVE-2024-22205](CVE-2024/CVE-2024-222xx/CVE-2024-22205.json) (`2024-01-23T18:15:18.667`)
* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-01-23T18:15:18.860`)
* [CVE-2024-23330](CVE-2024/CVE-2024-233xx/CVE-2024-23330.json) (`2024-01-23T18:15:19.060`)
* [CVE-2024-23341](CVE-2024/CVE-2024-233xx/CVE-2024-23341.json) (`2024-01-23T18:15:19.250`)
* [CVE-2024-23636](CVE-2024/CVE-2024-236xx/CVE-2024-23636.json) (`2024-01-23T18:15:19.433`)
* [CVE-2023-51210](CVE-2023/CVE-2023-512xx/CVE-2023-51210.json) (`2024-01-23T19:15:08.230`)
* [CVE-2023-42143](CVE-2023/CVE-2023-421xx/CVE-2023-42143.json) (`2024-01-23T20:15:45.097`)
* [CVE-2023-42144](CVE-2023/CVE-2023-421xx/CVE-2023-42144.json) (`2024-01-23T20:15:45.150`)
* [CVE-2023-46889](CVE-2023/CVE-2023-468xx/CVE-2023-46889.json) (`2024-01-23T20:15:45.190`)
* [CVE-2023-6926](CVE-2023/CVE-2023-69xx/CVE-2023-6926.json) (`2024-01-23T20:15:45.233`)
* [CVE-2023-7238](CVE-2023/CVE-2023-72xx/CVE-2023-7238.json) (`2024-01-23T20:15:45.413`)
* [CVE-2024-22497](CVE-2024/CVE-2024-224xx/CVE-2024-22497.json) (`2024-01-23T19:15:08.480`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `59`
* [CVE-2016-10885](CVE-2016/CVE-2016-108xx/CVE-2016-10885.json) (`2024-01-23T17:59:10.360`)
* [CVE-2016-10886](CVE-2016/CVE-2016-108xx/CVE-2016-10886.json) (`2024-01-23T17:59:10.360`)
* [CVE-2021-20331](CVE-2021/CVE-2021-203xx/CVE-2021-20331.json) (`2024-01-23T17:15:08.097`)
* [CVE-2021-20332](CVE-2021/CVE-2021-203xx/CVE-2021-20332.json) (`2024-01-23T17:15:08.240`)
* [CVE-2021-20333](CVE-2021/CVE-2021-203xx/CVE-2021-20333.json) (`2024-01-23T17:15:08.360`)
* [CVE-2021-20335](CVE-2021/CVE-2021-203xx/CVE-2021-20335.json) (`2024-01-23T17:15:08.477`)
* [CVE-2021-32036](CVE-2021/CVE-2021-320xx/CVE-2021-32036.json) (`2024-01-23T17:15:08.597`)
* [CVE-2021-32037](CVE-2021/CVE-2021-320xx/CVE-2021-32037.json) (`2024-01-23T17:15:08.793`)
* [CVE-2021-32039](CVE-2021/CVE-2021-320xx/CVE-2021-32039.json) (`2024-01-23T17:15:09.003`)
* [CVE-2021-24559](CVE-2021/CVE-2021-245xx/CVE-2021-24559.json) (`2024-01-23T17:32:47.457`)
* [CVE-2022-1617](CVE-2022/CVE-2022-16xx/CVE-2022-1617.json) (`2024-01-23T18:59:15.157`)
* [CVE-2023-51257](CVE-2023/CVE-2023-512xx/CVE-2023-51257.json) (`2024-01-23T17:11:17.413`)
* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2024-01-23T17:15:09.217`)
* [CVE-2023-21901](CVE-2023/CVE-2023-219xx/CVE-2023-21901.json) (`2024-01-23T17:54:03.523`)
* [CVE-2023-51282](CVE-2023/CVE-2023-512xx/CVE-2023-51282.json) (`2024-01-23T18:08:43.617`)
* [CVE-2023-0079](CVE-2023/CVE-2023-00xx/CVE-2023-0079.json) (`2024-01-23T18:20:55.687`)
* [CVE-2024-22362](CVE-2024/CVE-2024-223xx/CVE-2024-22362.json) (`2024-01-23T18:18:32.767`)
* [CVE-2024-0582](CVE-2024/CVE-2024-05xx/CVE-2024-0582.json) (`2024-01-23T18:52:01.343`)
* [CVE-2024-22490](CVE-2024/CVE-2024-224xx/CVE-2024-22490.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22496](CVE-2024/CVE-2024-224xx/CVE-2024-22496.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22203](CVE-2024/CVE-2024-222xx/CVE-2024-22203.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22204](CVE-2024/CVE-2024-222xx/CVE-2024-22204.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22205](CVE-2024/CVE-2024-222xx/CVE-2024-22205.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-23330](CVE-2024/CVE-2024-233xx/CVE-2024-23330.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-23341](CVE-2024/CVE-2024-233xx/CVE-2024-23341.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-23636](CVE-2024/CVE-2024-236xx/CVE-2024-23636.json) (`2024-01-23T19:40:11.110`)
* [CVE-2024-22207](CVE-2024/CVE-2024-222xx/CVE-2024-22207.json) (`2024-01-23T19:40:46.420`)
* [CVE-2024-20926](CVE-2024/CVE-2024-209xx/CVE-2024-20926.json) (`2024-01-23T19:41:44.100`)
* [CVE-2024-20924](CVE-2024/CVE-2024-209xx/CVE-2024-20924.json) (`2024-01-23T19:41:50.120`)
* [CVE-2024-20918](CVE-2024/CVE-2024-209xx/CVE-2024-20918.json) (`2024-01-23T19:41:57.467`)
* [CVE-2024-20922](CVE-2024/CVE-2024-209xx/CVE-2024-20922.json) (`2024-01-23T19:42:03.873`)
* [CVE-2024-20912](CVE-2024/CVE-2024-209xx/CVE-2024-20912.json) (`2024-01-23T19:42:12.067`)
* [CVE-2024-20910](CVE-2024/CVE-2024-209xx/CVE-2024-20910.json) (`2024-01-23T19:42:19.473`)
* [CVE-2024-20955](CVE-2024/CVE-2024-209xx/CVE-2024-20955.json) (`2024-01-23T19:42:41.163`)
* [CVE-2024-20932](CVE-2024/CVE-2024-209xx/CVE-2024-20932.json) (`2024-01-23T19:42:46.783`)
* [CVE-2024-20952](CVE-2024/CVE-2024-209xx/CVE-2024-20952.json) (`2024-01-23T19:42:52.877`)
* [CVE-2024-0556](CVE-2024/CVE-2024-05xx/CVE-2024-0556.json) (`2024-01-23T19:44:47.387`)
* [CVE-2024-0581](CVE-2024/CVE-2024-05xx/CVE-2024-0581.json) (`2024-01-23T19:51:19.543`)
* [CVE-2024-0200](CVE-2024/CVE-2024-02xx/CVE-2024-0200.json) (`2024-01-23T19:52:46.093`)
* [CVE-2024-0555](CVE-2024/CVE-2024-05xx/CVE-2024-0555.json) (`2024-01-23T19:57:48.237`)
* [CVE-2024-0584](CVE-2024/CVE-2024-05xx/CVE-2024-0584.json) (`2024-01-23T20:18:49.657`)
* [CVE-2024-0565](CVE-2024/CVE-2024-05xx/CVE-2024-0565.json) (`2024-01-23T20:31:54.850`)
## Download and Usage