From 109bee3a180d315a47cc1ea3477a2dd95daf10be Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 18 Jan 2024 21:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-18T21:00:25.551968+00:00 --- CVE-2022/CVE-2022-49xx/CVE-2022-4959.json | 58 +- CVE-2022/CVE-2022-49xx/CVE-2022-4961.json | 59 +- CVE-2023/CVE-2023-289xx/CVE-2023-28900.json | 4 +- CVE-2023/CVE-2023-289xx/CVE-2023-28901.json | 4 +- CVE-2023/CVE-2023-294xx/CVE-2023-29447.json | 103 ++- CVE-2023/CVE-2023-300xx/CVE-2023-30014.json | 64 +- CVE-2023/CVE-2023-300xx/CVE-2023-30015.json | 64 +- CVE-2023/CVE-2023-310xx/CVE-2023-31024.json | 73 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31025.json | 73 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31029.json | 73 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31030.json | 73 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31036.json | 78 ++- CVE-2023/CVE-2023-312xx/CVE-2023-31274.json | 4 +- CVE-2023/CVE-2023-340xx/CVE-2023-34061.json | 67 +- CVE-2023/CVE-2023-343xx/CVE-2023-34348.json | 4 +- CVE-2023/CVE-2023-368xx/CVE-2023-36842.json | 522 +++++++++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37644.json | 12 +- CVE-2023/CVE-2023-402xx/CVE-2023-40250.json | 68 +- CVE-2023/CVE-2023-464xx/CVE-2023-46474.json | 71 ++- CVE-2023/CVE-2023-482xx/CVE-2023-48254.json | 169 ++++- CVE-2023/CVE-2023-482xx/CVE-2023-48255.json | 169 ++++- CVE-2023/CVE-2023-492xx/CVE-2023-49258.json | 83 ++- CVE-2023/CVE-2023-492xx/CVE-2023-49259.json | 83 ++- CVE-2023/CVE-2023-492xx/CVE-2023-49260.json | 83 ++- CVE-2023/CVE-2023-492xx/CVE-2023-49261.json | 83 ++- CVE-2023/CVE-2023-498xx/CVE-2023-49862.json | 61 +- CVE-2023/CVE-2023-498xx/CVE-2023-49863.json | 61 +- CVE-2023/CVE-2023-499xx/CVE-2023-49943.json | 24 + CVE-2023/CVE-2023-501xx/CVE-2023-50127.json | 64 +- CVE-2023/CVE-2023-501xx/CVE-2023-50159.json | 10 +- CVE-2023/CVE-2023-510xx/CVE-2023-51067.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51068.json | 68 +- CVE-2023/CVE-2023-513xx/CVE-2023-51350.json | 75 ++- CVE-2023/CVE-2023-517xx/CVE-2023-51748.json | 10 +- CVE-2023/CVE-2023-517xx/CVE-2023-51749.json | 10 +- CVE-2023/CVE-2023-517xx/CVE-2023-51750.json | 14 +- CVE-2023/CVE-2023-517xx/CVE-2023-51751.json | 14 +- CVE-2023/CVE-2023-517xx/CVE-2023-51780.json | 147 ++++- CVE-2023/CVE-2023-517xx/CVE-2023-51781.json | 147 ++++- CVE-2023/CVE-2023-517xx/CVE-2023-51782.json | 147 ++++- CVE-2023/CVE-2023-517xx/CVE-2023-51790.json | 72 ++- CVE-2023/CVE-2023-518xx/CVE-2023-51806.json | 74 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52026.json | 76 ++- CVE-2024/CVE-2024-03xx/CVE-2024-0333.json | 101 ++- CVE-2024/CVE-2024-04xx/CVE-2024-0408.json | 4 +- CVE-2024/CVE-2024-04xx/CVE-2024-0409.json | 4 +- CVE-2024/CVE-2024-04xx/CVE-2024-0412.json | 65 +- CVE-2024/CVE-2024-04xx/CVE-2024-0413.json | 62 +- CVE-2024/CVE-2024-04xx/CVE-2024-0414.json | 72 ++- CVE-2024/CVE-2024-04xx/CVE-2024-0415.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0416.json | 60 +- CVE-2024/CVE-2024-04xx/CVE-2024-0417.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0418.json | 68 +- CVE-2024/CVE-2024-04xx/CVE-2024-0422.json | 60 +- CVE-2024/CVE-2024-04xx/CVE-2024-0423.json | 60 +- CVE-2024/CVE-2024-04xx/CVE-2024-0424.json | 70 ++- CVE-2024/CVE-2024-04xx/CVE-2024-0426.json | 58 +- CVE-2024/CVE-2024-04xx/CVE-2024-0443.json | 139 ++++- CVE-2024/CVE-2024-04xx/CVE-2024-0460.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0492.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0493.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0494.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0495.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0496.json | 61 +- CVE-2024/CVE-2024-04xx/CVE-2024-0498.json | 71 ++- CVE-2024/CVE-2024-04xx/CVE-2024-0499.json | 62 +- CVE-2024/CVE-2024-05xx/CVE-2024-0500.json | 62 +- CVE-2024/CVE-2024-05xx/CVE-2024-0501.json | 62 +- CVE-2024/CVE-2024-05xx/CVE-2024-0502.json | 62 +- CVE-2024/CVE-2024-06xx/CVE-2024-0607.json | 4 +- CVE-2024/CVE-2024-206xx/CVE-2024-20675.json | 40 +- CVE-2024/CVE-2024-213xx/CVE-2024-21337.json | 40 +- CVE-2024/CVE-2024-215xx/CVE-2024-21591.json | 512 ++++++++++++++- CVE-2024/CVE-2024-215xx/CVE-2024-21594.json | 427 ++++++++++++- CVE-2024/CVE-2024-215xx/CVE-2024-21595.json | 248 +++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21606.json | 654 +++++++++++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21607.json | 614 +++++++++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21611.json | 266 +++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21617.json | 356 ++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21641.json | 62 +- CVE-2024/CVE-2024-216xx/CVE-2024-21642.json | 58 +- CVE-2024/CVE-2024-219xx/CVE-2024-21982.json | 90 ++- CVE-2024/CVE-2024-220xx/CVE-2024-22027.json | 69 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22196.json | 118 +++- CVE-2024/CVE-2024-221xx/CVE-2024-22197.json | 118 +++- CVE-2024/CVE-2024-221xx/CVE-2024-22198.json | 143 ++++- CVE-2024/CVE-2024-222xx/CVE-2024-22212.json | 63 ++ CVE-2024/CVE-2024-222xx/CVE-2024-22213.json | 63 ++ CVE-2024/CVE-2024-224xx/CVE-2024-22400.json | 67 ++ CVE-2024/CVE-2024-224xx/CVE-2024-22403.json | 63 ++ CVE-2024/CVE-2024-224xx/CVE-2024-22419.json | 63 ++ CVE-2024/CVE-2024-224xx/CVE-2024-22494.json | 68 +- CVE-2024/CVE-2024-226xx/CVE-2024-22601.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22603.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22699.json | 4 +- CVE-2024/CVE-2024-228xx/CVE-2024-22817.json | 4 +- CVE-2024/CVE-2024-228xx/CVE-2024-22818.json | 4 +- CVE-2024/CVE-2024-228xx/CVE-2024-22819.json | 4 +- CVE-2024/CVE-2024-231xx/CVE-2024-23171.json | 84 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23172.json | 85 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23173.json | 85 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23174.json | 85 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23177.json | 72 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23178.json | 73 ++- CVE-2024/CVE-2024-231xx/CVE-2024-23179.json | 73 ++- README.md | 76 ++- 106 files changed, 9321 insertions(+), 458 deletions(-) create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49943.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22212.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22213.json create mode 100644 CVE-2024/CVE-2024-224xx/CVE-2024-22400.json create mode 100644 CVE-2024/CVE-2024-224xx/CVE-2024-22403.json create mode 100644 CVE-2024/CVE-2024-224xx/CVE-2024-22419.json diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4959.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4959.json index d0218c7d177..a60b55079ca 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4959.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4959.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4959", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T21:15:09.617", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:20:46.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qkmc-rk:redbbs:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FA7E12-C02B-4209-B181-395F66D654D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/qkmc-rk/redbbs/issues/2", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250237", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250237", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json index 49be1c7377f..39f7451f1c9 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4961", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T05:15:09.263", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:31:59.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fuyanglipengjun:wetong_mall:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "13026A6F-61BB-4F0B-8C27-6E0C3622DB52" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/fuyang_lipengjun/platform/issues/I5XC79", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250243", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250243", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28900.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28900.json index 8564778da67..67822669d60 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28900.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28900.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28900", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-18T17:15:13.737", - "lastModified": "2024-01-18T17:15:13.737", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json index 86dde8f6d5b..f98e7cac1c2 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28901", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-18T17:15:14.003", - "lastModified": "2024-01-18T17:15:14.003", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json index b352e9b225f..5c6c531a9f6 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29447", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T21:15:08.790", - "lastModified": "2024-01-11T13:57:35.163", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:53:18.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "ot-cert@dragos.com", "type": "Secondary", @@ -50,18 +80,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.2107.0", + "versionEndIncluding": "6.14.263.0", + "matchCriteriaId": "BE266C92-959F-41CE-A8DA-DC3D336BC169" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndIncluding": "6.14.263.0", + "matchCriteriaId": "99455409-195C-418C-A227-E9C67E70C2F3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "8.5", + "matchCriteriaId": "10F80877-E2FA-4800-B4EB-BC87E35A9441" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.ptc.com/en/support/article/cs399528", - "source": "ot-cert@dragos.com" + "source": "ot-cert@dragos.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30014.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30014.json index c72919fc962..34004e87b28 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30014.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30014.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30014", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T09:15:43.927", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:20:48.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro sub_event_id en sub_event_stat_update.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:judging_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1B03B38-D6B3-4E68-BC8C-1A36E865B087" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30015.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30015.json index 3f00566cc16..9f8ee4e35ac 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30015.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30015.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30015", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T09:15:44.040", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:20:38.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro txtsearch en review_search.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:judging_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C1B03B38-D6B3-4E68-BC8C-1A36E865B087" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31024.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31024.json index 523786f0435..60465f689ae 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31024.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31024.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31024", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-01-12T19:15:09.397", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:46:57.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en el daemon KVM del host, donde un atacante no autenticado puede da\u00f1ar la memoria de la pila al enviar un paquete de red especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", + "versionEndExcluding": "00.22.05", + "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31025.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31025.json index ec0ffb7b0ce..488cef8ce86 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31025.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31025.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31025", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-01-12T19:15:09.627", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:48:14.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure." + }, + { + "lang": "es", + "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un atacante puede provocar una inyecci\u00f3n de usuario LDAP. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", + "versionEndExcluding": "00.22.05", + "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31029.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31029.json index 5cfbb234ce4..c8c4779d43a 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31029.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31029.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31029", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-01-12T19:15:09.847", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:50:53.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "El controlador de administraci\u00f3n de placa base (BMC) NVIDIA DGX A100 contiene una vulnerabilidad en el daemon KVM del host, donde un atacante no autenticado puede causar un desbordamiento de pila al enviar un paquete de red especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", + "versionEndExcluding": "00.22.05", + "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31030.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31030.json index 6388e7362bd..b62f156e7df 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31030.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31030.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31030", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-01-12T19:15:10.067", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:53:22.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en el daemon KVM del host, donde un atacante no autenticado puede provocar un desbordamiento de pila al enviar un paquete de red especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", + "versionEndExcluding": "00.22.05", + "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31036.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31036.json index 6ad8a9145ff..f73ad6845bc 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31036.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31036.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31036", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-01-12T17:15:09.183", - "lastModified": "2024-01-12T18:05:43.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:45:53.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "NVIDIA Triton Inference Server para Linux y Windows contiene una vulnerabilidad en la que, cuando se inicia con la opci\u00f3n de l\u00ednea de comando no predeterminada --model-control explicit, un atacante puede usar la API de carga del modelo para provocar un path traversal relativo. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +80,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.40", + "matchCriteriaId": "51C00F3A-3540-4E24-BA29-5933965EB478" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5509", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json index 06bb4672e7a..db81581077e 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31274", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-18T18:15:08.253", - "lastModified": "2024-01-18T18:15:08.253", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34061.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34061.json index 794bf2bdeb4..abb5f1ce77c 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34061.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34061.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34061", "sourceIdentifier": "security@vmware.com", "published": "2024-01-12T07:15:11.747", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:24:41.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@vmware.com", "type": "Secondary", @@ -38,10 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.28.0", + "versionEndIncluding": "33.5.0", + "matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.163.0", + "versionEndIncluding": "0.283.0", + "matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json index 5b9eb4e0450..44844a19b5d 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34348", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-18T18:15:08.457", - "lastModified": "2024-01-18T18:15:08.457", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36842.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36842.json index c9a5f4830a3..ae758350d72 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36842.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36842.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36842", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:45.820", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:15:59.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,498 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", + "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*", + "matchCriteriaId": "C445622E-8E57-4990-A71A-E1993BFCB91A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75730", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json index a1a87d2cbac..85dfc3b8cf9 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37644", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T08:15:35.737", - "lastModified": "2024-01-17T21:39:24.333", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-18T19:27:01.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,8 +21,8 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", @@ -30,10 +30,10 @@ "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 6.5, + "baseScore": 5.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.8, "impactScore": 3.6 } ] diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40250.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40250.json index aa06652ed28..d9b13715de0 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40250.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40250.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40250", "sourceIdentifier": "vuln@krcert.or.kr", "published": "2024-01-12T02:15:44.380", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:24:35.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "vuln@krcert.or.kr", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "vuln@krcert.or.kr", "type": "Secondary", @@ -50,10 +80,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hancom:hcell:12.0.0.893:*:*:*:*:*:*:*", + "matchCriteriaId": "D0603140-5FD3-4991-8F6A-374C4CD44945" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80", - "source": "vuln@krcert.or.kr" + "source": "vuln@krcert.or.kr", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46474.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46474.json index a53cd1927b7..88a0835493a 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46474.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46474.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46474", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T22:15:45.713", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:23:18.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Vulnerabilidad de carga de archivos PMB v.7.4.8 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de un archivo PHP manipulado subido al archivo start_import.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sigb:pmb:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.5.3", + "matchCriteriaId": "E4943AC6-65E7-4405-94E9-57315A7FA378" + } + ] + } + ] + } + ], "references": [ { "url": "http://pmb.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/Xn2/CVE-2023-46474", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48254.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48254.json index 8e489d120e0..b98ff2f2a45 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48254.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48254.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48254", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:45.993", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:47:25.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim\u2019s session via a crafted URL or HTTP request." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto inyectar y ejecutar c\u00f3digo script arbitrario del lado del cliente dentro de la sesi\u00f3n de una v\u00edctima a trav\u00e9s de una URL manipulada o una solicitud HTTP." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48255.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48255.json index 26dbe62017b..6314137d666 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48255.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48255.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48255", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T13:15:46.200", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:29:46.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim\u2019s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log." + }, + { + "lang": "es", + "value": "La vulnerabilidad permite a un atacante remoto no autenticado enviar solicitudes de red maliciosas que contienen c\u00f3digo de script arbitrario del lado del cliente y obtener su ejecuci\u00f3n dentro de la sesi\u00f3n de la v\u00edctima a trav\u00e9s de una URL manipulada, una solicitud HTTP o simplemente esperando a que la v\u00edctima vea el registro envenenado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@bosch.com", "type": "Secondary", @@ -46,10 +80,139 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1000", + "versionEndIncluding": "1500-sp2", + "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", - "source": "psirt@bosch.com" + "source": "psirt@bosch.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49258.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49258.json index e8d5dd64fb6..19021bfd60b 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49258.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49258.json @@ -2,16 +2,53 @@ "id": "CVE-2023-49258", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-12T15:15:09.307", - "lastModified": "2024-01-12T15:54:26.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:38:29.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at \"/gui/terminal_tool.cgi\" in the \"data\" parameter." + }, + { + "lang": "es", + "value": "El navegador del usuario puede verse obligado a ejecutar JavaScript y pasar la cookie de autenticaci\u00f3n al atacante aprovechando la vulnerabilidad XSS ubicada en \"/gui/terminal_tool.cgi\" en el par\u00e1metro \"data\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -23,14 +60,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2310271149", + "matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49259.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49259.json index ffe451c373e..2fbf956f8f1 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49259.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49259.json @@ -2,16 +2,53 @@ "id": "CVE-2023-49259", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-12T15:15:09.380", - "lastModified": "2024-01-12T15:54:26.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:33:22.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time." + }, + { + "lang": "es", + "value": "Las cookies de autenticaci\u00f3n se generan utilizando un algoritmo basado en el nombre de usuario, el secreto codificado y el tiempo de actividad, y pueden adivinarse en un tiempo razonable." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -23,14 +60,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2310271149", + "matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49260.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49260.json index 96325ee96f4..3af091409d4 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49260.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49260.json @@ -2,16 +2,53 @@ "id": "CVE-2023-49260", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-12T15:15:09.463", - "lastModified": "2024-01-12T15:54:26.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:22:01.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An XSS attack can be performed by changing the MOTD banner and pointing the victim to the \"terminal_tool.cgi\" path. It can be used together with the vulnerability CVE-2023-49255." + }, + { + "lang": "es", + "value": "Se puede realizar un ataque XSS cambiando el banner MOTD y se\u00f1alando a la v\u00edctima la ruta \"terminal_tool.cgi\". Se puede utilizar junto con la vulnerabilidad CVE-2023-49255." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -23,14 +60,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2310271149", + "matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49261.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49261.json index 3f4e07679ce..d3a6da727a4 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49261.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49261.json @@ -2,16 +2,53 @@ "id": "CVE-2023-49261", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-12T15:15:09.530", - "lastModified": "2024-01-12T15:54:26.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:21:50.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The \"tokenKey\" value used in user authorization is visible in the HTML source of the login page." + }, + { + "lang": "es", + "value": "El valor \"tokenKey\" utilizado en la autorizaci\u00f3n del usuario es visible en el c\u00f3digo fuente HTML de la p\u00e1gina de inicio de sesi\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -23,14 +60,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2310271149", + "matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json index d375d1cbad7..d75dbf24e9a 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49862", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.997", - "lastModified": "2024-01-10T18:15:47.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:29:20.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de carga de im\u00e1genes aVideoEncoderReceiveImage.json.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios. Esta vulnerabilidad se activa mediante el par\u00e1metro `downloadURL_gifimage`." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1AF6154-CDE7-45F9-9F6F-FDBC2D4E42B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json index 6df37d9ebdb..787b6762e87 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49863", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:49.180", - "lastModified": "2024-01-10T18:15:47.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:29:12.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de carga de im\u00e1genes aVideoEncoderReceiveImage.json.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios. Esta vulnerabilidad se activa mediante el par\u00e1metro `downloadURL_webpimage`." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1AF6154-CDE7-45F9-9F6F-FDBC2D4E42B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49943.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49943.json new file mode 100644 index 00000000000..56d4210c3b4 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49943.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49943", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T19:15:09.340", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://manageengine.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.manageengine.com/products/service-desk-msp/CVE-2023-49943.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50127.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50127.json index 41ddfa7295f..76cc26b29d1 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50127.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50127.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50127", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T21:15:10.770", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:21:22.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "El sistema de alarma Hozard (Alarmsysteem) v1.0 es vulnerable a una autenticaci\u00f3n incorrecta. Los comandos enviados a trav\u00e9s de la funcionalidad SMS se aceptan desde n\u00fameros de tel\u00e9fono aleatorios, lo que permite a un atacante desarmar el sistema de alarma desde cualquier n\u00famero de tel\u00e9fono determinado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json index 86a57c99b81..54a98bbc71d 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json @@ -2,12 +2,12 @@ "id": "CVE-2023-50159", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.070", - "lastModified": "2024-01-18T17:56:59.883", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-18T19:15:09.400", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed." + "value": "In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode." }, { "lang": "es", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51067.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51067.json index 14b515a6e9c..76ac3449d0e 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51067.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51067.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51067", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:08.000", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:58:41.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) reflejado no autenticada en QStar Archive Solutions Release RELEASE_3-0 Build 7 permite a los atacantes ejecutar javascript arbitrario en el navegador de una v\u00edctima a trav\u00e9s de un enlace manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51067.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51068.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51068.json index 50f9499b321..934de9f75d2 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51068.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51068.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51068", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:08.053", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:58:47.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) reflejado autenticada en QStar Archive Solutions Release RELEASE_3-0 Build 7 permite a los atacantes ejecutar javascript arbitrario en el navegador de una v\u00edctima a trav\u00e9s de un enlace manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51068.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51350.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51350.json index f07c928c295..7d543c46c1a 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51350.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51350.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51350", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T23:15:08.570", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:31:11.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "Un ataque de suplantaci\u00f3n de identidad en ujcms v.8.0.2 permite a un atacante remoto obtener informaci\u00f3n confidencial y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script dise\u00f1ado para la funci\u00f3n X-Forwarded-For en el encabezado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ujcms:ujcms:8.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E0B2489F-50F7-45FE-BC2E-9AA8E6309ADD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ujcms/ujcms", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ujcms/ujcms/issues/7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://www.ujcms.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json index 93b7f0a28d5..ac90c0bcb32 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json @@ -2,12 +2,12 @@ "id": "CVE-2023-51748", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.123", - "lastModified": "2024-01-18T18:45:55.020", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-18T19:15:09.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used." + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode." }, { "lang": "es", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json index affe6f1662b..9a87d6c0824 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json @@ -2,12 +2,12 @@ "id": "CVE-2023-51749", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.167", - "lastModified": "2024-01-18T18:54:46.507", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-18T19:15:09.520", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip." + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is \"Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.\"" }, { "lang": "es", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json index dbc55086cc9..04d677a1e10 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json @@ -2,16 +2,24 @@ "id": "CVE-2023-51750", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.230", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:15:09.587", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", - "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur." + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is \"Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.\"" + }, + { + "lang": "es", + "value": "ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicaci\u00f3n Edge porque pueden ocurrir descargas de archivos." } ], "metrics": {}, "references": [ + { + "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json index eec5c43514c..db16b849aee 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json @@ -2,16 +2,24 @@ "id": "CVE-2023-51751", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.270", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:15:09.637", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", - "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used." + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode." + }, + { + "lang": "es", + "value": "ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicaci\u00f3n Edge porque se puede usar Alt-F4." } ], "metrics": {}, "references": [ + { + "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json index 1a01edb3c10..358b8bc4549 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51780", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T19:15:12.500", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:59:04.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,156 @@ "value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. do_vcc_ioctl en net/atm/ioctl.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n vcc_recvmsg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "2.6.12", + "versionEndExcluding": "6.6.8", + "matchCriteriaId": "C5C35A7D-82A5-436F-925A-384D92679784" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", + "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", + "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json index 25f3e25c433..631f2ef3752 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51781", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T19:15:12.553", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:58:50.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,156 @@ "value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n atalk_recvmsg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "2.6.12", + "versionEndExcluding": "6.6.8", + "matchCriteriaId": "C5C35A7D-82A5-436F-925A-384D92679784" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", + "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", + "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json index 0a1cddd5a6c..c938a12e9a7 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51782", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T19:15:12.727", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:31:37.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,156 @@ "value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. rose_ioctl en net/rose/af_rose.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n rose_accept." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "2.6.12", + "versionEndExcluding": "6.6.8", + "matchCriteriaId": "C5C35A7D-82A5-436F-925A-384D92679784" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", + "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", + "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51790.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51790.json index 352530181f3..ccf700dda78 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51790.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51790.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51790", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T13:15:11.733", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:47:57.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Vulnerabilidad de Cross Site Scripting en piwigo v.14.0.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro lang en el componente del complemento Herramientas de Administrador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:piwigo:piwigo:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DF997677-CC8C-40D2-BAA6-EF1374DC731F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Piwigo/AdminTools/issues/21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/Piwigo/Piwigo/issues/2069", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51806.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51806.json index b1da3947d91..ab8ce8da1bc 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51806.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51806.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51806", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T13:15:11.807", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:58:15.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Vulnerabilidad de carga de archivos en Ujcms v.8.0.2 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ujcms:ujcms:8.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E0B2489F-50F7-45FE-BC2E-9AA8E6309ADD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ujcms/ujcms", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ujcms/ujcms/issues/8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.ujcms.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52026.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52026.json index 8ed724d57f9..1dffbabdc4d 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52026.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52026.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52026", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T13:15:11.860", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:20:30.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Se descubri\u00f3 que TOTOlink EX1800T V9.1.0cu.2112_B20220316 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s del par\u00e1metro telnet_enabled de la interfaz setTelnetCfg" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*", + "matchCriteriaId": "0A42AB5D-BBE3-46C5-B60E-0C5D0BE5BD61" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4ECDCF8F-01EE-4B54-AE5F-8793D54BB5A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json index a470bcadb18..a34c922c008 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0333", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-10T22:15:50.907", - "lastModified": "2024-01-13T20:15:45.073", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:39:16.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,110 @@ "value": "La validaci\u00f3n de datos insuficiente en Extensions de Google Chrome anteriores a 120.0.6099.216 permiti\u00f3 a un atacante en una posici\u00f3n privilegiada de la red instalar una extensi\u00f3n maliciosa a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.216", + "matchCriteriaId": "D1ACDF60-8534-4076-8608-9101A21D917E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1513379", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json index f67b9337a4c..88c6d071e51 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0408", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T16:15:08.380", - "lastModified": "2024-01-18T16:15:08.380", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json index fa4f6e04aab..1b364769049 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0409", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T16:15:08.593", - "lastModified": "2024-01-18T16:15:08.593", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0412.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0412.json index 64e772eba17..8bd4d7799d8 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0412.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0412.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0412", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T17:15:08.843", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:20:05.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dsshop:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CDA7CDD3-CA8A-44D7-AA3E-D1FE4D5471E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dsshop:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2EC91B69-2B20-40C6-80EF-00AD1469A5C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/Q56cf5nN9RzF", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250432", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250432", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0413.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0413.json index fcbb58f5a7b..9bcbf83a842 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0413.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0413.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0413", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T17:15:09.060", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:12:44.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dskms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.2", + "matchCriteriaId": "F4C436DC-AE04-482A-95AF-9EE5A7BBCF58" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/MarH4fY66BgO", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250433", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250433", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0414.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0414.json index 1b4d8580415..60b88d7bfdc 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0414.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0414.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0414", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T17:15:09.280", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:11:45.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dscms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.2", + "matchCriteriaId": "9350B0D7-927E-421D-898C-74816443206B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dscms:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C6BB0980-AE03-4570-B3AC-FE735DA04F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dscms:7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "17730E62-FFB9-46C6-A881-0F61D903792E" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/xYQMsARg83ui", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250434", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250434", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0415.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0415.json index de4979f6b92..c4e2a9f4649 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0415.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0415.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0415", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T18:15:44.223", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:10:13.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dsmall:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.1.0", + "matchCriteriaId": "838F429A-CC3F-492C-8605-559E8BE2E507" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/63LhFitJmKGR", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250435", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250435", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json index b42cd47d5dd..4cc81395f76 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0416", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T18:15:44.460", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:09:52.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dsmall:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.3", + "matchCriteriaId": "B64D60D9-D298-41ED-8245-D76CA1EF5452" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/DxR7FZsCKJQ1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250436", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250436", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0417.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0417.json index 93701fd6461..ca9059bc62c 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0417.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0417.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0417", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T18:15:44.687", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:07:08.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:csdeshang:dsshop:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.1.5", + "matchCriteriaId": "D9F91FDD-776C-49C4-A867-82348943EE24" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/ZpRTCLblKd7N", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250437", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250437", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0418.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0418.json index 4c91f3f5208..52e84711376 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0418.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0418.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0418", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T18:15:44.913", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:04:01.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:upredsun:file_sharing_wizard:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.5.0", + "matchCriteriaId": "F3356706-BA28-4ED0-9383-73C77D5A5D4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://cxsecurity.com/issue/WLB-2024010023", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250438", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250438", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.youtube.com/watch?v=WK7xK9KHiMU", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json index 07f28001837..39ac6b4b0e1 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0422", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T19:15:13.750", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:24:44.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:pos_and_inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "912BD54C-7528-49DD-9A65-3328BA873592" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250441", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250441", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json index 3f61a21171c..dca6542ab71 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0423", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T20:15:44.243", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:24:20.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:online_food_ordering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "06BD9CE2-F761-453D-B13F-6234AA0545A5" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250442", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250442", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json index d0f61559385..59d1fc383d7 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0424", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T20:15:44.473", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:23:57.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -64,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +105,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:simple_banking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "82D034EC-9EA5-4594-8961-92AD4757D883" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250443", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250443", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0426.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0426.json index 5ff9733b38b..4884702a1d1 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0426.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0426.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0426", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T21:15:12.453", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:27:23.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2020-06-23", + "matchCriteriaId": "EAC3894B-590E-44A9-A01C-A330C98EC000" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250445", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250445", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0443.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0443.json index 683a74961b1..45295e8f479 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0443.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0443.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0443", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-12T00:15:45.230", - "lastModified": "2024-01-14T15:15:46.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:16:39.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,22 +80,119 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.4", + "matchCriteriaId": "0F35D0CC-0461-4526-BC9C-091805061E47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", + "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", + "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", + "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", + "matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", + "matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", + "matchCriteriaId": "9E1C36BE-F9D8-40B6-8281-5B8F9B42322D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:7077", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0443", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257968", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0460.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0460.json index 8ad07676370..63acc5385ea 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0460.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0460.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0460", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T16:15:52.577", - "lastModified": "2024-01-12T17:06:09.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:37:41.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en los code-projects Faculty Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /admin/pages/student-print.php. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250565." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:carmelogarcia:faculty_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4EA917DA-4616-4066-91A4-AB48022B2D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250565", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250565", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0492.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0492.json index 2a907c5ac71..c8449d3b27a 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0492.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0492.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0492", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T15:15:08.770", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:52:29.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Kashipara Billing Software 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo buyer_detail_submit.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento gstn_no conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250597." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250597", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250597", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0493.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0493.json index dde4dddf909..9f57245f09c 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0493.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0493.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0493", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T16:15:44.207", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:52:17.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Kashipara Billing Software 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo submit_delivery_list.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento customer_details conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250598 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250598", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250598", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0494.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0494.json index fb9f012665e..98f52816c39 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0494.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0494.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0494", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T16:15:44.543", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:32:53.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Kashipara Billing Software 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo material_bill.php del componente HTTP POST Request Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento itemtypeid conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250599." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0495.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0495.json index d30f84edf6f..35f16419067 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0495.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0495.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0495", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T17:15:07.813", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:32:42.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Kashipara Billing Software 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo party_submit.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento party_name conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250600." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250600", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250600", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0496.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0496.json index 6f628a0a76a..fb6c0ae4422 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0496.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0496.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0496", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T17:15:08.120", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:28:17.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Kashipara Billing Software 1.0 y clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo item_list_edit.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250601." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C0706A5-5DE8-42DF-8980-9DBCF02A2A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250601", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250601", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0498.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0498.json index 72932472ee7..363bb6d17fc 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0498.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0498.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0498", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T18:15:44.150", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:28:00.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Project Worlds Lawyer Management System 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo searchLawyer.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento experience conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250603." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yugeshverma:online_lawyer_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D50A11E-4B14-4439-8347-1D18A36D2406" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250603", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250603", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json index 0e3a48ab3c5..ceffb08a4b7 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0499", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T19:15:08.273", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:27:40.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester House Rental Management System 1.0 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo index.php. La manipulaci\u00f3n del argumento page conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250607." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A111B1DB-C7DB-4CB9-847E-5BB67A86FD64" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250607", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250607", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json index 827aa1f0838..993cbcacf8b 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0500", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T19:15:08.580", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:27:18.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester House Rental Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Manage Tenant Details es afectada por esta funci\u00f3n. La manipulaci\u00f3n del argumento Name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250608." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A111B1DB-C7DB-4CB9-847E-5BB67A86FD64" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250608", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250608", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json index ca3b6a144a0..794aac97c2f 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0501", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T20:15:45.137", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:26:56.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester House Rental Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Manage Invoice Details es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Invoice conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250609." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A111B1DB-C7DB-4CB9-847E-5BB67A86FD64" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250609", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250609", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json index 39335245ca9..98b63b4e9ed 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0502", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T20:15:45.390", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:53:03.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester House Rental Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo Manage_user.php del componente Edit User es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id/name/username conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250610 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A111B1DB-C7DB-4CB9-847E-5BB67A86FD64" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250610", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250610", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json index 333ed50ccba..01269c04607 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0607", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T16:15:08.690", - "lastModified": "2024-01-18T16:15:08.690", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20675.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20675.json index f351a64b3af..6480f050093 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20675.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20675.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20675", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-11T21:15:13.073", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:14:08.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.2210.133", + "matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21337.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21337.json index 9402fc10d85..bea5d50c201 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21337.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21337.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21337", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-11T22:15:46.500", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:13:58.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.2210.133", + "matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21591.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21591.json index ed3cb07f716..d44b8699a43 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21591.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21591", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:46.697", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:14:24.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,488 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", + "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*", + "matchCriteriaId": "C445622E-8E57-4990-A71A-E1993BFCB91A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r3s1:*:*:*:*:*:*", + "matchCriteriaId": "0B5A3193-CAB9-4BA8-AF4E-806F803996E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75729", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21594.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21594.json index 3252a699aa6..b74bde369fd 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21594.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21594.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21594", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:46.880", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:14:10.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,403 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75733", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21595.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21595.json index fa3d34faa9d..401d3273f7a 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21595.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21595.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21595", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:47.063", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:37:57.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,224 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:23.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "0038F142-6F5E-476D-A1EC-E977FD30F155" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BD0F680-ED30-48F3-A5D9-988D510CFC0D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", + "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38D790AD-D00F-4FED-96FE-3046C827356B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BAD9AD5C-947D-41EF-9969-FCCEB144984F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B86047DE-A0A0-4698-9414-B66C0FA7B544" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisory.juniper.net/JSA75734", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21606.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21606.json index 3b2e41947f9..baf7529b3fc 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21606.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21606.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21606", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:48.873", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:39:18.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,630 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", + "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", + "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75747", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21607.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21607.json index 9634fa6afd4..5021f4d28bd 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21607.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21607.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21607", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:49.057", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:41:11.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,590 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20.4", + "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", + "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", + "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", + "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", + "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D08A8D94-134A-41E7-8396-70D8B0735E9C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*", + "matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52699E2B-450A-431C-81E3-DC4483C8B4F2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", + "matchCriteriaId": "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C39DA74D-F5C7-4C11-857D-50631A110644" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F72C850A-0530-4DB7-A553-7E19F82122B5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FE2089C-F341-4DC1-B76D-633BC699306D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B557965-0040-4048-B56C-F564FF28635B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB875EBD-A3CD-4466-B2A3-39D47FF94592" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75748", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21611.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21611.json index 525f5bf9ecb..12331d6d0d3 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21611.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21611.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21611", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:49.263", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:30:07.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,242 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75752", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21617.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21617.json index fa9fe1a76c1..7f7de49b031 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21617.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21617.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21617", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-12T01:15:50.230", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:28:48.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + }, { "source": "sirt@juniper.net", "type": "Secondary", @@ -50,14 +80,332 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", + "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", + "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", + "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", + "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", + "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", + "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", + "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", + "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", + "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", + "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175" + } + ] + } + ] + } + ], "references": [ { "url": "https://supportportal.juniper.net/JSA75758", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21641.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21641.json index a79f75035c9..e1d70567d04 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21641.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21641.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21641", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-05T21:15:43.337", - "lastModified": "2024-01-05T22:12:18.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:42:19.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe." + }, + { + "lang": "es", + "value": "Flarum es un software de plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 1.8.5, la ruta `/logout` de Flarum incluye un par\u00e1metro de redirecci\u00f3n que permite a cualquier tercero redirigir a los usuarios desde un dominio (confiable) de la instalaci\u00f3n de Flarum para redirigir a cualquier enlace. Para los usuarios que han iniciado sesi\u00f3n, se debe confirmar el cierre de sesi\u00f3n. Los invitados son redirigidos inmediatamente. Los spammers podr\u00edan utilizar esto para redirigir a una direcci\u00f3n web utilizando un dominio confiable de una instalaci\u00f3n de Flarum en ejecuci\u00f3n. La vulnerabilidad ha sido reparada y publicada como flarum/core v1.8.5. Como workaround, algunas extensiones que modifican la ruta de cierre de sesi\u00f3n pueden solucionar este problema si su implementaci\u00f3n es segura." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.5", + "matchCriteriaId": "D5C4E508-EB5A-43B9-B11C-81977B5BA70D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21642.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21642.json index 6fa516e7a3f..722992f35f4 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21642.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21642.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21642", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-05T22:15:43.190", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:15:52.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.0", + "matchCriteriaId": "D6B55BC0-CB00-4380-9679-A7E86C8D7B12" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21982.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21982.json index 7fdf9f333c7..175fffcc4f0 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21982.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21982.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21982", "sourceIdentifier": "security-alert@netapp.com", "published": "2024-01-12T00:15:45.450", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:16:20.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-alert@netapp.com", "type": "Secondary", @@ -38,10 +58,74 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4", + "versionEndExcluding": "9.8", + "matchCriteriaId": "A1AAAB2B-2589-4946-BBDD-A873D19326F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.8:-:*:*:*:*:*:*", + "matchCriteriaId": "2ABBF729-6A69-4CEC-9B3E-735C45D3069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "2A6A96D7-45B2-46BE-8894-6DC3F565A8A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.10.1:-:*:*:*:*:*:*", + "matchCriteriaId": "21C64ED1-485F-4CCF-8114-70B2987B6674" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.11.1:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA41D1E-1184-448E-A5E4-7F8FDAACC638" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "7E7FAAAB-2BE5-4173-8CC6-669A9D29D446" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*", + "matchCriteriaId": "3D704DC8-A679-4293-81CE-70F4FEE89530" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240111-0001/", - "source": "security-alert@netapp.com" + "source": "security-alert@netapp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22027.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22027.json index 3b9eb777406..daa48cc7605 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22027.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22027.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22027", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-12T07:15:12.243", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:02:46.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en WordPress Quiz Maker Plugin anterior a 6.5.0.6 permite a un atacante remoto autenticado realizar un ataque de denegaci\u00f3n de servicio (DoS) contra servicios externos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.5.0.6", + "matchCriteriaId": "D10A3F01-F9B4-4A5F-ABB4-3972679C093D" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN37326856/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://wordpress.org/plugins/quiz-maker/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json index 24ebb11fa46..1704a5629bf 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22196", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T20:15:44.923", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:22:21.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,104 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "B4426F94-540E-497C-AE75-04126AF12112" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", + "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", + "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", + "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", + "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", + "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22197.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22197.json index 59570befb7a..2b797870f13 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22197.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22197", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T18:15:45.140", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:59:28.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,104 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "B4426F94-540E-497C-AE75-04126AF12112" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", + "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", + "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", + "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", + "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", + "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json index 9e4797a481b..50064f352cc 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22198", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T20:15:45.120", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T19:14:25.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,34 +70,139 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "B4426F94-540E-497C-AE75-04126AF12112" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", + "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", + "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", + "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", + "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", + "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json new file mode 100644 index 00000000000..d28b2d7a326 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-22212", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-18T19:15:10.353", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/2248689", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22213.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22213.json new file mode 100644 index 00000000000..a011d6a4d73 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22213.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-22213", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-18T20:15:08.113", + "lastModified": "2024-01-18T20:15:08.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 0.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/2058556", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22400.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22400.json new file mode 100644 index 00000000000..68f30bd3a86 --- /dev/null +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22400.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-22400", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-18T20:15:08.360", + "lastModified": "2024-01-18T20:15:08.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/user_saml/pull/788", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/2263044", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22403.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22403.json new file mode 100644 index 00000000000..7cf79d16e38 --- /dev/null +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22403.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-22403", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-18T20:15:08.610", + "lastModified": "2024-01-18T20:15:08.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/40766", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1784162", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22419.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22419.json new file mode 100644 index 00000000000..8ac7f36cc09 --- /dev/null +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22419.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-22419", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-18T19:15:10.550", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/issues/3737", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22494.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22494.json index a38ab15faee..0ab43a2f838 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22494.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22494.json @@ -2,19 +2,79 @@ "id": "CVE-2024-22494", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T16:15:52.890", - "lastModified": "2024-01-12T17:06:09.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:39:35.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de XSS almacenado en JFinalcms 5.0.0 a trav\u00e9s del par\u00e1metro /gusetbook/save mobile, que permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cui2shark/security/blob/main/%28JFinalcms%20moblie%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20moblie%20para.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json index 428f3698014..66fdd9493c6 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22601", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.417", - "lastModified": "2024-01-18T17:15:14.417", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22603.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22603.json index 59658dfc27a..12e9f8909aa 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22603.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22603.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22603", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.480", - "lastModified": "2024-01-18T17:15:14.480", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json index f9e20d7e107..0fa559a3448 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22699", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T16:15:09.020", - "lastModified": "2024-01-18T16:15:09.020", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22817.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22817.json index 0e14f1c2037..d909004f80f 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22817.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22817.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22817", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.530", - "lastModified": "2024-01-18T17:15:14.530", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22818.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22818.json index 9ff82d6ab8d..d7833eb1fae 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22818.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22818.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22818", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.577", - "lastModified": "2024-01-18T17:15:14.577", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22819.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22819.json index dfbc63e5c2b..ef062b6fd38 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22819.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22819.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22819", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.623", - "lastModified": "2024-01-18T17:15:14.623", - "vulnStatus": "Received", + "lastModified": "2024-01-18T19:25:46.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json index 9a870a20530..b7c86a207ae 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23171", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T05:15:10.033", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:23:45.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,89 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CampaignEvents en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La p\u00e1gina Special:EventDetails permite XSS a trav\u00e9s de la configuraci\u00f3n de idioma x-xss para la internacionalizaci\u00f3n (i18n)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.14", + "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.39.6", + "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.40.0", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://phabricator.wikimedia.org/T348343", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json index 1ff721e2a18..80a2713324f 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23172", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T05:15:10.187", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:23:36.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,90 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a trav\u00e9s de definiciones de mensajes. por ejemplo, en SpecialCheckUserLog." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.14", + "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.39.6", + "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.40.0", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://phabricator.wikimedia.org/T347708", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json index a0302ec917c..fc2c6d0339c 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23173", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T05:15:10.237", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:23:22.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,90 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n Cargo en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La p\u00e1gina Special:Drilldown permite XSS a trav\u00e9s de los par\u00e1metros artist, album y position debido a los valores de filtro aplicados en drilldown/CargoAppliedFilter.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.14", + "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.39.6", + "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.40.0", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://phabricator.wikimedia.org/T348687", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json index d6f5cd00efb..31cc1c73198 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23174", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T05:15:10.387", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:23:11.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,90 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n PageTriage en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a trav\u00e9s de rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, o mensaje pagetriage-filter-reset-button." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.14", + "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.39.6", + "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.40.0", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://phabricator.wikimedia.org/T347704", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json index fad96b7e8e8..6bf4c86acf9 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23177", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T06:15:47.297", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:22:24.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,77 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n WatchAnalytics en MediaWiki antes de la versi\u00f3n 1.40.2. XSS puede ocurrir a trav\u00e9s del par\u00e1metro de p\u00e1gina Special:PageStatistics." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Release Notes" + ] }, { "url": "https://phabricator.wikimedia.org/T348979", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json index 84307771df6..88878fe2b08 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23178", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T06:15:47.337", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:22:07.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,78 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n Phonos en MediaWiki antes de la versi\u00f3n 1.40.2. PhonosButton.js permite XSS basado en i18n a trav\u00e9s del mensaje de error phonos-purge-needed-error." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://phabricator.wikimedia.org/T349312", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json index c62542a17c0..24fb5266c31 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23179", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T06:15:47.383", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T20:21:13.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,78 @@ "value": "Se descubri\u00f3 un problema en la extensi\u00f3n GlobalBlocking en MediaWiki antes de la versi\u00f3n 1.40.2. Para un URI Special:GlobalBlock?uselang=x-xss, el XSS basado en i18n puede ocurrir a trav\u00e9s del mensaje entre par\u00e9ntesis. Esto afecta los enlaces de subt\u00edtulos en buildSubtitleLinks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.40.2", + "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Release Notes" + ] }, { "url": "https://phabricator.wikimedia.org/T347746", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 8457181cb93..3acda73bc11 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-18T19:00:24.565357+00:00 +2024-01-18T21:00:25.551968+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-18T18:59:32.627000+00:00 +2024-01-18T20:58:47.270000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236316 +236322 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `6` -* [CVE-2023-28900](CVE-2023/CVE-2023-289xx/CVE-2023-28900.json) (`2024-01-18T17:15:13.737`) -* [CVE-2023-28901](CVE-2023/CVE-2023-289xx/CVE-2023-28901.json) (`2024-01-18T17:15:14.003`) -* [CVE-2023-31274](CVE-2023/CVE-2023-312xx/CVE-2023-31274.json) (`2024-01-18T18:15:08.253`) -* [CVE-2023-34348](CVE-2023/CVE-2023-343xx/CVE-2023-34348.json) (`2024-01-18T18:15:08.457`) -* [CVE-2024-22601](CVE-2024/CVE-2024-226xx/CVE-2024-22601.json) (`2024-01-18T17:15:14.417`) -* [CVE-2024-22603](CVE-2024/CVE-2024-226xx/CVE-2024-22603.json) (`2024-01-18T17:15:14.480`) -* [CVE-2024-22817](CVE-2024/CVE-2024-228xx/CVE-2024-22817.json) (`2024-01-18T17:15:14.530`) -* [CVE-2024-22818](CVE-2024/CVE-2024-228xx/CVE-2024-22818.json) (`2024-01-18T17:15:14.577`) -* [CVE-2024-22819](CVE-2024/CVE-2024-228xx/CVE-2024-22819.json) (`2024-01-18T17:15:14.623`) -* [CVE-2024-0694](CVE-2024/CVE-2024-06xx/CVE-2024-0694.json) (`2024-01-18T18:15:08.647`) +* [CVE-2023-49943](CVE-2023/CVE-2023-499xx/CVE-2023-49943.json) (`2024-01-18T19:15:09.340`) +* [CVE-2024-22212](CVE-2024/CVE-2024-222xx/CVE-2024-22212.json) (`2024-01-18T19:15:10.353`) +* [CVE-2024-22419](CVE-2024/CVE-2024-224xx/CVE-2024-22419.json) (`2024-01-18T19:15:10.550`) +* [CVE-2024-22213](CVE-2024/CVE-2024-222xx/CVE-2024-22213.json) (`2024-01-18T20:15:08.113`) +* [CVE-2024-22400](CVE-2024/CVE-2024-224xx/CVE-2024-22400.json) (`2024-01-18T20:15:08.360`) +* [CVE-2024-22403](CVE-2024/CVE-2024-224xx/CVE-2024-22403.json) (`2024-01-18T20:15:08.610`) ### CVEs modified in the last Commit -Recently modified CVEs: `36` +Recently modified CVEs: `99` -* [CVE-2023-6554](CVE-2023/CVE-2023-65xx/CVE-2023-6554.json) (`2024-01-18T17:35:46.637`) -* [CVE-2023-7071](CVE-2023/CVE-2023-70xx/CVE-2023-7071.json) (`2024-01-18T17:36:11.930`) -* [CVE-2023-20573](CVE-2023/CVE-2023-205xx/CVE-2023-20573.json) (`2024-01-18T17:39:02.430`) -* [CVE-2023-6751](CVE-2023/CVE-2023-67xx/CVE-2023-6751.json) (`2024-01-18T17:46:25.627`) -* [CVE-2023-50159](CVE-2023/CVE-2023-501xx/CVE-2023-50159.json) (`2024-01-18T17:56:59.883`) -* [CVE-2023-24733](CVE-2023/CVE-2023-247xx/CVE-2023-24733.json) (`2024-01-18T18:04:53.087`) -* [CVE-2023-24734](CVE-2023/CVE-2023-247xx/CVE-2023-24734.json) (`2024-01-18T18:04:53.087`) -* [CVE-2023-24735](CVE-2023/CVE-2023-247xx/CVE-2023-24735.json) (`2024-01-18T18:04:53.087`) -* [CVE-2023-24736](CVE-2023/CVE-2023-247xx/CVE-2023-24736.json) (`2024-01-18T18:04:53.087`) -* [CVE-2023-24737](CVE-2023/CVE-2023-247xx/CVE-2023-24737.json) (`2024-01-18T18:04:53.087`) -* [CVE-2023-6242](CVE-2023/CVE-2023-62xx/CVE-2023-6242.json) (`2024-01-18T18:13:53.840`) -* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-18T18:16:25.947`) -* [CVE-2023-51748](CVE-2023/CVE-2023-517xx/CVE-2023-51748.json) (`2024-01-18T18:45:55.020`) -* [CVE-2023-51749](CVE-2023/CVE-2023-517xx/CVE-2023-51749.json) (`2024-01-18T18:54:46.507`) -* [CVE-2023-50671](CVE-2023/CVE-2023-506xx/CVE-2023-50671.json) (`2024-01-18T18:54:54.863`) -* [CVE-2023-7226](CVE-2023/CVE-2023-72xx/CVE-2023-7226.json) (`2024-01-18T18:56:22.977`) -* [CVE-2024-21821](CVE-2024/CVE-2024-218xx/CVE-2024-21821.json) (`2024-01-18T17:08:35.830`) -* [CVE-2024-21773](CVE-2024/CVE-2024-217xx/CVE-2024-21773.json) (`2024-01-18T17:08:43.260`) -* [CVE-2024-0429](CVE-2024/CVE-2024-04xx/CVE-2024-0429.json) (`2024-01-18T17:26:20.573`) -* [CVE-2024-21833](CVE-2024/CVE-2024-218xx/CVE-2024-21833.json) (`2024-01-18T18:26:59.627`) -* [CVE-2024-0419](CVE-2024/CVE-2024-04xx/CVE-2024-0419.json) (`2024-01-18T18:27:23.807`) -* [CVE-2024-0227](CVE-2024/CVE-2024-02xx/CVE-2024-0227.json) (`2024-01-18T18:32:10.307`) -* [CVE-2024-0411](CVE-2024/CVE-2024-04xx/CVE-2024-0411.json) (`2024-01-18T18:46:08.967`) -* [CVE-2024-21614](CVE-2024/CVE-2024-216xx/CVE-2024-21614.json) (`2024-01-18T18:56:50.410`) -* [CVE-2024-21612](CVE-2024/CVE-2024-216xx/CVE-2024-21612.json) (`2024-01-18T18:59:32.627`) +* [CVE-2024-0416](CVE-2024/CVE-2024-04xx/CVE-2024-0416.json) (`2024-01-18T20:09:52.287`) +* [CVE-2024-0415](CVE-2024/CVE-2024-04xx/CVE-2024-0415.json) (`2024-01-18T20:10:13.733`) +* [CVE-2024-0414](CVE-2024/CVE-2024-04xx/CVE-2024-0414.json) (`2024-01-18T20:11:45.007`) +* [CVE-2024-0413](CVE-2024/CVE-2024-04xx/CVE-2024-0413.json) (`2024-01-18T20:12:44.737`) +* [CVE-2024-21594](CVE-2024/CVE-2024-215xx/CVE-2024-21594.json) (`2024-01-18T20:14:10.903`) +* [CVE-2024-21591](CVE-2024/CVE-2024-215xx/CVE-2024-21591.json) (`2024-01-18T20:14:24.380`) +* [CVE-2024-21642](CVE-2024/CVE-2024-216xx/CVE-2024-21642.json) (`2024-01-18T20:15:52.813`) +* [CVE-2024-21982](CVE-2024/CVE-2024-219xx/CVE-2024-21982.json) (`2024-01-18T20:16:20.420`) +* [CVE-2024-0443](CVE-2024/CVE-2024-04xx/CVE-2024-0443.json) (`2024-01-18T20:16:39.840`) +* [CVE-2024-0412](CVE-2024/CVE-2024-04xx/CVE-2024-0412.json) (`2024-01-18T20:20:05.993`) +* [CVE-2024-23179](CVE-2024/CVE-2024-231xx/CVE-2024-23179.json) (`2024-01-18T20:21:13.830`) +* [CVE-2024-23178](CVE-2024/CVE-2024-231xx/CVE-2024-23178.json) (`2024-01-18T20:22:07.447`) +* [CVE-2024-23177](CVE-2024/CVE-2024-231xx/CVE-2024-23177.json) (`2024-01-18T20:22:24.457`) +* [CVE-2024-23174](CVE-2024/CVE-2024-231xx/CVE-2024-23174.json) (`2024-01-18T20:23:11.307`) +* [CVE-2024-23173](CVE-2024/CVE-2024-231xx/CVE-2024-23173.json) (`2024-01-18T20:23:22.817`) +* [CVE-2024-23172](CVE-2024/CVE-2024-231xx/CVE-2024-23172.json) (`2024-01-18T20:23:36.063`) +* [CVE-2024-23171](CVE-2024/CVE-2024-231xx/CVE-2024-23171.json) (`2024-01-18T20:23:45.707`) +* [CVE-2024-21617](CVE-2024/CVE-2024-216xx/CVE-2024-21617.json) (`2024-01-18T20:28:48.990`) +* [CVE-2024-21611](CVE-2024/CVE-2024-216xx/CVE-2024-21611.json) (`2024-01-18T20:30:07.573`) +* [CVE-2024-0460](CVE-2024/CVE-2024-04xx/CVE-2024-0460.json) (`2024-01-18T20:37:41.797`) +* [CVE-2024-21595](CVE-2024/CVE-2024-215xx/CVE-2024-21595.json) (`2024-01-18T20:37:57.160`) +* [CVE-2024-21606](CVE-2024/CVE-2024-216xx/CVE-2024-21606.json) (`2024-01-18T20:39:18.483`) +* [CVE-2024-22494](CVE-2024/CVE-2024-224xx/CVE-2024-22494.json) (`2024-01-18T20:39:35.327`) +* [CVE-2024-21607](CVE-2024/CVE-2024-216xx/CVE-2024-21607.json) (`2024-01-18T20:41:11.583`) +* [CVE-2024-21641](CVE-2024/CVE-2024-216xx/CVE-2024-21641.json) (`2024-01-18T20:42:19.490`) ## Download and Usage