From 0a010ab79451eed9665b747c07a58a99da4b2116 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 3 Feb 2024 00:55:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-03T00:55:25.394205+00:00 --- CVE-2021/CVE-2021-336xx/CVE-2021-33630.json | 6 +- CVE-2021/CVE-2021-336xx/CVE-2021-33631.json | 6 +- CVE-2023/CVE-2023-518xx/CVE-2023-51840.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-521xx/CVE-2023-52188.json | 51 +++++++++++- CVE-2023/CVE-2023-521xx/CVE-2023-52189.json | 51 +++++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6390.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-63xx/CVE-2023-6391.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-65xx/CVE-2023-6503.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-65xx/CVE-2023-6530.json | 75 ++++++++++++++++-- CVE-2023/CVE-2023-66xx/CVE-2023-6633.json | 69 +++++++++++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6946.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-70xx/CVE-2023-7074.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-70xx/CVE-2023-7089.json | 69 +++++++++++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7199.json | 74 +++++++++++++++-- CVE-2024/CVE-2024-05xx/CVE-2024-0589.json | 80 ++++++++++++++++++- CVE-2024/CVE-2024-10xx/CVE-2024-1026.json | 52 +++++++++++- CVE-2024/CVE-2024-10xx/CVE-2024-1029.json | 52 +++++++++++- CVE-2024/CVE-2024-11xx/CVE-2024-1113.json | 63 +++++++++++++-- CVE-2024/CVE-2024-11xx/CVE-2024-1114.json | 75 ++++++++++++++++-- CVE-2024/CVE-2024-11xx/CVE-2024-1115.json | 63 +++++++++++++-- CVE-2024/CVE-2024-11xx/CVE-2024-1116.json | 63 +++++++++++++-- CVE-2024/CVE-2024-11xx/CVE-2024-1117.json | 63 +++++++++++++-- CVE-2024/CVE-2024-11xx/CVE-2024-1196.json | 4 +- CVE-2024/CVE-2024-11xx/CVE-2024-1197.json | 84 ++++++++++++++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1198.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1199.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-217xx/CVE-2024-21750.json | 51 +++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22140.json | 61 +++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22143.json | 63 ++++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22148.json | 51 +++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22285.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22291.json | 63 ++++++++++++++- CVE-2024/CVE-2024-223xx/CVE-2024-22304.json | 63 ++++++++++++++- CVE-2024/CVE-2024-224xx/CVE-2024-22430.json | 62 ++++++++++++++- CVE-2024/CVE-2024-224xx/CVE-2024-22449.json | 62 ++++++++++++++- CVE-2024/CVE-2024-225xx/CVE-2024-22570.json | 63 ++++++++++++++- CVE-2024/CVE-2024-226xx/CVE-2024-22643.json | 64 ++++++++++++++- CVE-2024/CVE-2024-226xx/CVE-2024-22646.json | 64 ++++++++++++++- CVE-2024/CVE-2024-226xx/CVE-2024-22647.json | 64 ++++++++++++++- CVE-2024/CVE-2024-226xx/CVE-2024-22648.json | 64 ++++++++++++++- CVE-2024/CVE-2024-228xx/CVE-2024-22860.json | 69 ++++++++++++++-- CVE-2024/CVE-2024-228xx/CVE-2024-22861.json | 64 ++++++++++++++- CVE-2024/CVE-2024-228xx/CVE-2024-22862.json | 69 ++++++++++++++-- CVE-2024/CVE-2024-229xx/CVE-2024-22938.json | 74 +++++++++++++++-- CVE-2024/CVE-2024-240xx/CVE-2024-24059.json | 68 +++++++++++++++- CVE-2024/CVE-2024-240xx/CVE-2024-24060.json | 68 +++++++++++++++- CVE-2024/CVE-2024-240xx/CVE-2024-24061.json | 68 +++++++++++++++- CVE-2024/CVE-2024-240xx/CVE-2024-24062.json | 68 +++++++++++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24134.json | 64 ++++++++++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24136.json | 64 ++++++++++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24139.json | 64 ++++++++++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24140.json | 64 ++++++++++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24141.json | 64 ++++++++++++++- README.md | 51 +++++++----- 54 files changed, 3175 insertions(+), 222 deletions(-) create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1197.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1198.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1199.json diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json index f3c54686d14..02257a33071 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33630", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.653", - "lastModified": "2024-02-02T18:15:31.877", + "lastModified": "2024-02-03T00:15:43.983", "vulnStatus": "Modified", "descriptions": [ { @@ -132,6 +132,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c", "source": "securities@openeuler.org" diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json index 3647f4cf039..4fc90f50d74 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33631", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.860", - "lastModified": "2024-02-02T18:15:31.977", + "lastModified": "2024-02-03T00:15:44.090", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8", "source": "securities@openeuler.org", diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json index 9b0a7135956..a6f1403b0bc 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51840", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.100", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:29:48.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "DoraCMS 2.1.8 es vulnerable al uso de claves criptogr\u00e1ficas codificadas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:html-js:doracms:2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "1FFA2258-7C76-482B-8076-AAD87B371A21" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/doramart/DoraCMS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/doramart/DoraCMS/issues/262", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51840.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52188.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52188.json index 8a1e0d8ac89..efc07389d6b 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52188.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52188.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52188", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:09.040", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:01.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Russell Jamieson Footer Putter permite XSS almacenado. Este problema afecta a Footer Putter: desde n/a hasta 1.17." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:russelljamieson:footer_putter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.17", + "matchCriteriaId": "92083DF9-98E3-4832-AF67-743378B8A798" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52189.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52189.json index 706aaa2cd0d..2186db92172 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52189.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52189.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52189", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:09.343", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:38:48.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Jhayghost Ideal Interactive Map permite XSS almacenado. Este problema afecta a Ideal Interactive Map: desde n/a hasta 1.2.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jhayghost:ideal_interactive_map:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.4", + "matchCriteriaId": "0117D403-BA64-4888-8766-64F6B792F3D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ideal-interactive-map/wordpress-ideal-interactive-map-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json index e3cc1eaecb1..0ed4b9bb9e3 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6390", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.467", - "lastModified": "2024-01-29T16:19:17.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:28:00.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento WordPress Users de WordPress hasta la versi\u00f3n 1.4 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jonathonkemp:wordpress_users:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.0", + "matchCriteriaId": "BAD7A4FF-4673-4B38-A6A0-36D8063E3751" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/2023-6390.txt", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6391.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6391.json index a707d99b219..27b49e2490d 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6391.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6391.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6391", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.520", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:52:28.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento de WordPress Custom User CSS hasta la versi\u00f3n 0.2 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeremiahorem:custom_user_css:*:*:*:*:*:*:wordpress:*", + "versionEndIncluding": "0.2", + "matchCriteriaId": "09EB473C-7523-4F5B-90D1-66E9BB66A0E5" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/CVE-2023-6391.txt", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/4098b18d-6ff3-462c-af05-48adb6599cf3/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6503.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6503.json index a1c30710e77..c31c98608be 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6503.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6503.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6503", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.587", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:27:48.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento de WordPress WP Plugin Lister hasta la versi\u00f3n 2.1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador registrado agregue payloads XSS almacenados a trav\u00e9s de un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paulgriffinpetty:wp_plugin_lister:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.0", + "matchCriteriaId": "AB271BC2-C10E-41B8-B8E3-41CBEEE0BBA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/CVE-2023-6503.txt", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/0d95de23-e8f6-4342-b19c-57cd22b2fee2/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6530.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6530.json index 1b7e5598224..91481718d1f 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6530.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6530.json @@ -2,23 +2,88 @@ "id": "CVE-2023-6530", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.637", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:50:49.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento de WordPress TJ Shortcodes hasta la versi\u00f3n 0.1.3 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:theme-junkie:tj_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.1.3", + "matchCriteriaId": "83719B3C-3BCE-4422-8D58-B86E31B82366" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://research.cleantalk.org/cve-2023-6530-tj-shortcodes-stored-xss-poc/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6633.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6633.json index 1f476adc6c7..fe0b4c936fc 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6633.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6633.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6633", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.687", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:49:18.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks" + }, + { + "lang": "es", + "value": "El complemento de WordPress Site Notes hasta la versi\u00f3n 2.0.0 no tiene comprobaciones CSRF en algunas de sus funcionalidades, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas, como eliminar notas administrativas, a trav\u00e9s de ataques CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sidenotesproject:side_notes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.0", + "matchCriteriaId": "3C1A562A-2BF1-4173-B8DF-BA9D2733ADCD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6946.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6946.json index 84e2ee89a0d..96d1e3cc077 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6946.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6946.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6946", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.740", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:24:34.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Autotitle para WordPress hasta la versi\u00f3n 1.0.3 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unalignedcode:autotitle:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "18F0CB66-4F24-432F-A67C-8CD4626E5A94" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/CVE-2023-6946", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/54a00416-c7e3-44f3-8dd2-ed9e748055e6/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7074.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7074.json index 8a668e4eae2..18ad7046beb 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7074.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7074.json @@ -2,23 +2,87 @@ "id": "CVE-2023-7074", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.793", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:27:20.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento de WordPress WP SOCIAL BOOKMARK MENU hasta la versi\u00f3n 1.2 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:giovambattistafazioli:wp_social_bookmark_menu:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "B8A6D24D-C693-4382-8C4E-21ABAA326029" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/CVE-2023-7074.txt", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/7906c349-97b0-4d82-aef0-97a1175ae88e/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json index 8574be6fffb..468af12473c 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json @@ -2,19 +2,80 @@ "id": "CVE-2023-7089", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.840", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:27:31.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads." + }, + { + "lang": "es", + "value": "El complemento Easy SVG Allow de WordPress hasta la versi\u00f3n 1.0 no sanitiza los archivos SVG cargados, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como Autor cargar un SVG malicioso que contenga payloads XSS." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:benjaminzekavica:easy_svg_support:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "EE962879-BBDE-4FCF-B192-C164E564A454" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/3b8ba734-7764-4ab6-a7e2-8de55bd46bed/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7199.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7199.json index 885a2b04e62..587c01e5976 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7199.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7199.json @@ -2,23 +2,87 @@ "id": "CVE-2023-7199", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.897", - "lastModified": "2024-01-29T16:19:11.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:24:17.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request" + }, + { + "lang": "es", + "value": "Los complementos Relevanssi de WordPress anterior a 4.22.0 y Relevanssi Premium de WordPress anterior a 2.25.0 permite a cualquier usuario no autenticado leer borradores y publicaciones privadas a trav\u00e9s de una solicitud manipulada" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.25.0", + "matchCriteriaId": "2B407843-FBDD-441A-95AD-F2502DFF3E3E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0589.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0589.json index fff655492a4..8f83f14c877 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0589.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0589.json @@ -2,19 +2,91 @@ "id": "CVE-2024-0589", "sourceIdentifier": "security@devolutions.net", "published": "2024-01-31T13:15:10.567", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:19:14.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross site scripting (XSS) en la pesta\u00f1a de descripci\u00f3n general de la entrada en Devolutions Remote Desktop Manager 2023.3.36 y versiones anteriores en Windows permite a un atacante con acceso a una fuente de datos inyectar un script malicioso a trav\u00e9s de un input especialmente manipulado en una entrada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.3.36.0", + "matchCriteriaId": "874D527D-63AD-47F1-8E42-11F73744DA26" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0001/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json index 6b01c15b3f4..12009d7a66d 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1026", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T01:15:59.693", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:28:11.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*", + "matchCriteriaId": "A101648E-3E32-4D66-B5FE-CECFFA2DEDED" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.252293", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252293", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json index ee363cf7dcd..11ff6320088 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1029", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T06:15:45.633", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:28:20.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*", + "matchCriteriaId": "A101648E-3E32-4D66-B5FE-CECFFA2DEDED" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.252302", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252302", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1113.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1113.json index 11406f24d0a..3bf5e331122 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1113.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1113.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1113", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T20:15:45.140", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:08.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en openBI hasta 1.0.8 y clasificada como cr\u00edtica. Esto afecta la funci\u00f3n uploadUnity del archivo /application/index/controller/Unity.php. La manipulaci\u00f3n del argumento file conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252471." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/hPSx8li8LFfJ", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252471", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252471", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1114.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1114.json index 17ff07d1910..363fea23dfb 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1114.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1114.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1114", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T20:15:45.367", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:15.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en openBI hasta 1.0.8 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n dlfile del archivo /application/index/controller/Screen.php. La manipulaci\u00f3n del argumento fileUrl conduce a controles de acceso inadecuados. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252472." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/9wv48TygKRxo", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252472", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252472", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1115.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1115.json index 3b72256aca6..24df0e94957 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1115.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1115.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1115", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T20:15:45.590", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:20.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido clasificada como cr\u00edtica. La funci\u00f3n index del archivo /application/plugins/controller/Upload.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252474 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/81JmiyogcYL7", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252473", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252473", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1116.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1116.json index 8c5792e0b52..975a841f0e2 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1116.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1116.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1116", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T20:15:45.807", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:25.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido clasificada como cr\u00edtica. La funci\u00f3n index del archivo /application/plugins/controller/Upload.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252474 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/uCElTQRGWVyw", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252474", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252474", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json index f81194b1dd6..7f5f4cae409 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1117", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T21:15:08.500", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:39:47.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido declarada cr\u00edtica. La funci\u00f3n index del archivo /application/index/controller/Screen.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fileurl conduce a la inyecci\u00f3n de c\u00f3digo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252475." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/Liu1nbjddxu4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252475", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252475", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json index 176b1c75dcf..f290dd9dedf 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1196", "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-02T22:15:25.997", - "lastModified": "2024-02-02T22:15:25.997", - "vulnStatus": "Received", + "lastModified": "2024-02-03T00:07:59.997", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1197.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1197.json new file mode 100644 index 00000000000..530a11cacba --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1197.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2024-1197", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-02T23:15:08.420", + "lastModified": "2024-02-03T00:07:57.573", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.252695", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252695", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1198.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1198.json new file mode 100644 index 00000000000..86f25a290dc --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1198.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1198", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-03T00:15:44.220", + "lastModified": "2024-02-03T00:15:44.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/qFXZZfp1NLa3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252696", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252696", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1199.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1199.json new file mode 100644 index 00000000000..466d160c3e1 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1199.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1199", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-03T00:15:44.447", + "lastModified": "2024-02-03T00:15:44.447", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \\employee-tasks-php\\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://docs.qq.com/doc/DYnhIWEdkZXViTXdD", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252697", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252697", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21750.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21750.json index eb8896f4ee4..8971fa7ce4f 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21750.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21750.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21750", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:11.880", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:41:15.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Scribit Shortcodes Finder permite XSS reflejado. Este problema afecta a Shortcodes Finder: desde n/a hasta 1.5.5." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:scribit:shortcodes_finder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.5", + "matchCriteriaId": "6C47010F-D73A-4950-A2B8-EACAB61CB308" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22140.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22140.json index 6604dd4eca9..9936a420670 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22140.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22140.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22140", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T14:15:49.653", - "lastModified": "2024-01-31T14:28:47.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:18:43.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cozmoslabs Profile Builder Pro. Este problema afecta a Profile Builder Pro: desde n/a hasta 3.10.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.10.0", + "matchCriteriaId": "AFFF2152-4BE0-4896-978B-DDF6AD396A5F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22143.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22143.json index d66e242640e..9c9b0e98030 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22143.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22143.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22143", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T13:15:11.093", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:24:07.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Spell Check. Este problema afecta a WP Spell Check: desde n/a hasta 9.17." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpspellcheck:wpspellcheck:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "9.17", + "matchCriteriaId": "7F6096A0-4048-46A9-B0F2-F70EA2BE0E02" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22148.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22148.json index 6917c6e0b0e..9f459b04724 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22148.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22148.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22148", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:12.223", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:30:56.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Smart Editor JoomUnited permite XSS reflejado. Este problema afecta a JoomUnited: desde n/a hasta 1.3.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:joomunited:wp-smart-editor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.3", + "matchCriteriaId": "37D9AD7D-71ED-4878-AC8E-2562CB9B11FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22285.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22285.json index cc9156edcfb..95b5ff1eb64 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22285.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22285.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22285", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T13:15:11.307", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:22:41.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Elise Bosse Frontpage Manager. Este problema afecta a Frontpage Manager: desde n/a hasta 1.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elisebosse:frontpage_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "58B489C8-0CDE-4B4D-B2E2-B3B81A5B6BC3" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/frontpage-manager/wordpress-frontpage-manager-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22291.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22291.json index c8ba4de38aa..11021cc7e87 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22291.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22291.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22291", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T13:15:11.500", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:22:08.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Marco Milesi Browser Theme Color. Este problema afecta a Browser Theme Color: desde n/a hasta 1.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:marcomilesi:browser_theme_color:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "25CAF588-86B1-44D3-AAE0-23C08B3C19EC" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/browser-theme-color/wordpress-browser-theme-color-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22304.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22304.json index 2b6b31c17e1..ec63bb63991 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22304.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22304.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22304", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T13:15:11.690", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:21:59.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Borbis Media FreshMail para WordPress. Este problema afecta a FreshMail para WordPress: desde n/a hasta 2.3.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:borbis:freshmail_for_wordpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.2", + "matchCriteriaId": "B635D748-7FA1-4F02-A9B2-1C0C2321C835" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22430.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22430.json index 2bd23eef8b8..b8b9f1de23a 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22430.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22430.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22430", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-01T10:15:12.533", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:30:48.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.\n\n" + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS versiones 8.2.x a 9.6.0.x contiene una vulnerabilidad de permisos predeterminados incorrectos. Un usuario malintencionado local con privilegios bajos podr\u00eda explotar esta vulnerabilidad y provocar una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.2.0", + "versionEndExcluding": "9.6.1", + "matchCriteriaId": "D76B2773-3D7B-4F59-BD4C-04D612D63EFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22449.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22449.json index e860a1abdd9..417657c7dec 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22449.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22449.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22449", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-01T10:15:12.890", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:30:30.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.\n\n" + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS versiones 9.0.0.x a 9.6.0.x contiene una autenticaci\u00f3n faltante para una vulnerabilidad de funci\u00f3n cr\u00edtica. Un usuario malicioso local con pocos privilegios podr\u00eda explotar esta vulnerabilidad para obtener acceso elevado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.6.1", + "matchCriteriaId": "4CF9CC24-C248-47D2-B817-BFC142A51649" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json index 83e1908e158..be16790e534 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22570", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.420", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:32:46.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en /install.php?m=install&c=index&a=step3 de GreenCMS v2.3 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:njtech:greencms:2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "7271D633-9BD0-4E2B-BA69-E732E3E19D43" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Num-Nine/CVE/issues/11", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json index e80d5cf5822..dba31486c6e 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22643", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:07.950", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:28:40.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en SEO Panel versi\u00f3n 4.10.0 permite a atacantes remotos realizar restablecimientos de contrase\u00f1as de usuarios no autorizados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22643", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json index e7051795b27..bc79d42c39f 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22646", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.027", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:28:48.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Existe una vulnerabilidad de enumeraci\u00f3n de direcciones de correo electr\u00f3nico en la funci\u00f3n de restablecimiento de contrase\u00f1a de SEO Panel versi\u00f3n 4.10.0. Esto permite a un atacante adivinar qu\u00e9 correos electr\u00f3nicos existen en el sistema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22646", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json index 9da46e1958e..feaa0581b72 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22647", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.103", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:29:11.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Se encontr\u00f3 una vulnerabilidad de enumeraci\u00f3n de usuarios en SEO Panel 4.10.0. Este problema ocurre durante la autenticaci\u00f3n del usuario, donde una diferencia en los mensajes de error podr\u00eda permitir a un atacante determinar si un nombre de usuario es v\u00e1lido o no, lo que permitir\u00eda un ataque de fuerza bruta con nombres de usuario v\u00e1lidos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json index 8b4b8a06c02..603c10ca027 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22648", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.200", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:29:29.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Existe una vulnerabilidad de Blind SSRF en la funcionalidad \"Crawl Meta Data\" de SEO Panel versi\u00f3n 4.10.0. Esto hace posible que atacantes remotos escaneen puertos en el entorno local." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22648", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22860.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22860.json index 47875a56b0f..718f553dc4c 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22860.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22860.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22860", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-27T06:15:48.430", - "lastModified": "2024-01-29T14:25:30.223", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:38:02.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente jpegxl_anim_read_packet en el decodificador de animaci\u00f3n JPEG XL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1", + "matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22861.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22861.json index 41d36fba93a..0492b26db7f 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22861.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22861.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22861", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-27T07:15:07.603", - "lastModified": "2024-01-29T14:25:30.223", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:38:20.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del m\u00f3dulo avcodec/osq." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1", + "matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json index d28a35dc90f..6bc663cf189 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22862", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-27T06:15:48.477", - "lastModified": "2024-01-29T14:25:30.223", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:38:28.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de JJPEG XL Parser." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1", + "matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/FFmpeg/FFmpeg/commit/ca09d8a0dcd82e3128e62463231296aaf63ae6f7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json index 81396a2924f..64ff24ccc19 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22938", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:16:00.077", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:30:37.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "La vulnerabilidad de permisos inseguros en BossCMS v.1.3.0 permite a un atacante local ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de la funci\u00f3n init en el componente admin.class.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bosscms:bosscms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "700607F2-A251-4B79-B171-EA976C32A8B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/n0Sleeper/bosscmsVuln", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/n0Sleeper/bosscmsVuln/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.bosscms.net/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24059.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24059.json index 1f8e5d2337c..595eee08ea1 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24059.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24059.json @@ -2,19 +2,79 @@ "id": "CVE-2024-24059", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T14:15:56.230", - "lastModified": "2024-02-01T18:52:12.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:40:43.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files." + }, + { + "lang": "es", + "value": "springboot-manager v1.6 es vulnerable a la carga arbitraria de archivos. El sistema no filtra los sufijos de los archivos cargados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#2-file-upload-vulnerability", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24060.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24060.json index ee17931d4cc..7d7764b997c 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24060.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24060.json @@ -2,19 +2,79 @@ "id": "CVE-2024-24060", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T14:15:56.283", - "lastModified": "2024-02-01T18:52:09.930", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:40:48.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user." + }, + { + "lang": "es", + "value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sys/user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24061.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24061.json index 429417b7b62..8bf08e52f01 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24061.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24061.json @@ -2,19 +2,79 @@ "id": "CVE-2024-24061", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T14:15:56.333", - "lastModified": "2024-02-01T18:52:07.677", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:40:50.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add." + }, + { + "lang": "es", + "value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sysContent/add." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#13-stored-cross-site-scripting-syscontentadd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24062.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24062.json index 90676e5661b..e7258901293 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24062.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24062.json @@ -2,19 +2,79 @@ "id": "CVE-2024-24062", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T14:15:56.380", - "lastModified": "2024-02-01T18:52:05.193", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-03T00:40:52.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role." + }, + { + "lang": "es", + "value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sys/role." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#12-stored-cross-site-scripting-sysrole", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json index 768b67b3ea7..11ca92c4113 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24134", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T19:15:08.940", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-03T00:29:40.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Sourcecodester Online Food Menu 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de los campos 'Menu Name' y 'Description' en la secci\u00f3n Update Menu." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rems:online_food_menu:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "90AFB5DB-217A-48FC-A899-D06F90AD3C82" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json index 1249a5442f8..0a045453154 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24136", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.467", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:32:58.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "El campo 'Your Name' en la secci\u00f3n Submit Score de Sourcecodester Math Game con Leaderboard v1.0 es vulnerable a ataques de Cross-Site Scripting (XSS)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:math_game:1.0:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "89267872-5FB2-4157-90A3-8CD6FCB1DFF6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BurakSevben/2024_Math_Game_XSS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json index e25d790e851..1a6ad17a5b4 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24139", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.517", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:36:37.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "El sistema de inicio de sesi\u00f3n Sourcecodester Login System with Email Verification 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'user'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:login_system_with_email_verification:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E9B9B4D9-046F-4057-BED8-0AC09160C899" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BurakSevben/Login_System_with_Email_Verification_SQL_Injection/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json index 6c6866f49ed..231aef3458a 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24140", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.557", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:36:15.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "La aplicaci\u00f3n Sourcecodester Daily Habit Tracker 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'tracker'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:daily_habit_tracker:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "90CBBC5D-B0F2-4BC3-8306-984E7B239BE7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json index 37a6de40ac3..29a172f4829 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24141", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.600", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-02T23:36:54.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "La aplicaci\u00f3n Sourcecodester School Task Manager 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'task'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:school_task_manager:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "912FFDF4-5A9C-4E91-AD6F-3AA762CE409E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 0b102624f41..5ea7396a0a6 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-02T23:00:24.138974+00:00 +2024-02-03T00:55:25.394205+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-02T22:15:25.997000+00:00 +2024-02-03T00:41:15.460000+00:00 ``` ### Last Data Feed Release @@ -29,32 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237486 +237489 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -* [CVE-2024-1193](CVE-2024/CVE-2024-11xx/CVE-2024-1193.json) (`2024-02-02T21:15:08.113`) -* [CVE-2024-1194](CVE-2024/CVE-2024-11xx/CVE-2024-1194.json) (`2024-02-02T21:15:08.413`) -* [CVE-2024-23553](CVE-2024/CVE-2024-235xx/CVE-2024-23553.json) (`2024-02-02T21:15:08.647`) -* [CVE-2024-1195](CVE-2024/CVE-2024-11xx/CVE-2024-1195.json) (`2024-02-02T22:15:25.757`) -* [CVE-2024-1196](CVE-2024/CVE-2024-11xx/CVE-2024-1196.json) (`2024-02-02T22:15:25.997`) +* [CVE-2024-1197](CVE-2024/CVE-2024-11xx/CVE-2024-1197.json) (`2024-02-02T23:15:08.420`) +* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-03T00:15:44.220`) +* [CVE-2024-1199](CVE-2024/CVE-2024-11xx/CVE-2024-1199.json) (`2024-02-03T00:15:44.447`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `50` -* [CVE-2023-37527](CVE-2023/CVE-2023-375xx/CVE-2023-37527.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-1186](CVE-2024/CVE-2024-11xx/CVE-2024-1186.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-23635](CVE-2024/CVE-2024-236xx/CVE-2024-23635.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-24560](CVE-2024/CVE-2024-245xx/CVE-2024-24560.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-1187](CVE-2024/CVE-2024-11xx/CVE-2024-1187.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-1188](CVE-2024/CVE-2024-11xx/CVE-2024-1188.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-1189](CVE-2024/CVE-2024-11xx/CVE-2024-1189.json) (`2024-02-02T21:13:53.920`) -* [CVE-2024-1190](CVE-2024/CVE-2024-11xx/CVE-2024-1190.json) (`2024-02-02T21:13:53.920`) +* [CVE-2024-22304](CVE-2024/CVE-2024-223xx/CVE-2024-22304.json) (`2024-02-03T00:21:59.163`) +* [CVE-2024-22291](CVE-2024/CVE-2024-222xx/CVE-2024-22291.json) (`2024-02-03T00:22:08.697`) +* [CVE-2024-22285](CVE-2024/CVE-2024-222xx/CVE-2024-22285.json) (`2024-02-03T00:22:41.607`) +* [CVE-2024-22143](CVE-2024/CVE-2024-221xx/CVE-2024-22143.json) (`2024-02-03T00:24:07.510`) +* [CVE-2024-1026](CVE-2024/CVE-2024-10xx/CVE-2024-1026.json) (`2024-02-03T00:28:11.273`) +* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-02-03T00:28:20.230`) +* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-02-03T00:28:40.073`) +* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-02-03T00:28:48.987`) +* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-02-03T00:29:11.063`) +* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-02-03T00:29:29.850`) +* [CVE-2024-24134](CVE-2024/CVE-2024-241xx/CVE-2024-24134.json) (`2024-02-03T00:29:40.210`) +* [CVE-2024-22449](CVE-2024/CVE-2024-224xx/CVE-2024-22449.json) (`2024-02-03T00:30:30.737`) +* [CVE-2024-22938](CVE-2024/CVE-2024-229xx/CVE-2024-22938.json) (`2024-02-03T00:30:37.107`) +* [CVE-2024-22430](CVE-2024/CVE-2024-224xx/CVE-2024-22430.json) (`2024-02-03T00:30:48.593`) +* [CVE-2024-22148](CVE-2024/CVE-2024-221xx/CVE-2024-22148.json) (`2024-02-03T00:30:56.520`) +* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-02-03T00:39:08.927`) +* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-02-03T00:39:15.057`) +* [CVE-2024-1115](CVE-2024/CVE-2024-11xx/CVE-2024-1115.json) (`2024-02-03T00:39:20.790`) +* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-02-03T00:39:25.920`) +* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-02-03T00:39:47.597`) +* [CVE-2024-24059](CVE-2024/CVE-2024-240xx/CVE-2024-24059.json) (`2024-02-03T00:40:43.793`) +* [CVE-2024-24060](CVE-2024/CVE-2024-240xx/CVE-2024-24060.json) (`2024-02-03T00:40:48.600`) +* [CVE-2024-24061](CVE-2024/CVE-2024-240xx/CVE-2024-24061.json) (`2024-02-03T00:40:50.623`) +* [CVE-2024-24062](CVE-2024/CVE-2024-240xx/CVE-2024-24062.json) (`2024-02-03T00:40:52.877`) +* [CVE-2024-21750](CVE-2024/CVE-2024-217xx/CVE-2024-21750.json) (`2024-02-03T00:41:15.460`) ## Download and Usage