From 14c750e6a96422b65407100a57f359eedea555f9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 26 Jan 2024 17:00:39 +0000 Subject: [PATCH] Auto-Update: 2024-01-26T17:00:35.248459+00:00 --- CVE-1999/CVE-1999-07xx/CVE-1999-0783.json | 38 +++- CVE-1999/CVE-1999-13xx/CVE-1999-1386.json | 50 ++++- CVE-2000/CVE-2000-09xx/CVE-2000-0972.json | 40 +++- CVE-2000/CVE-2000-11xx/CVE-2000-1178.json | 63 +++++- CVE-2020/CVE-2020-288xx/CVE-2020-28871.json | 6 +- CVE-2020/CVE-2020-288xx/CVE-2020-28872.json | 6 +- CVE-2020/CVE-2020-367xx/CVE-2020-36771.json | 10 +- CVE-2020/CVE-2020-367xx/CVE-2020-36772.json | 10 +- CVE-2021/CVE-2021-313xx/CVE-2021-31314.json | 68 +++++- CVE-2022/CVE-2022-212xx/CVE-2022-21248.json | 33 ++- CVE-2022/CVE-2022-212xx/CVE-2022-21291.json | 38 +++- CVE-2022/CVE-2022-212xx/CVE-2022-21293.json | 33 ++- CVE-2022/CVE-2022-212xx/CVE-2022-21296.json | 33 ++- CVE-2022/CVE-2022-212xx/CVE-2022-21299.json | 28 ++- CVE-2022/CVE-2022-213xx/CVE-2022-21305.json | 28 ++- CVE-2022/CVE-2022-213xx/CVE-2022-21340.json | 28 ++- CVE-2022/CVE-2022-213xx/CVE-2022-21341.json | 28 ++- CVE-2022/CVE-2022-213xx/CVE-2022-21360.json | 28 ++- CVE-2022/CVE-2022-213xx/CVE-2022-21365.json | 28 ++- CVE-2022/CVE-2022-35xx/CVE-2022-3580.json | 22 +- CVE-2022/CVE-2022-36xx/CVE-2022-3625.json | 8 +- CVE-2022/CVE-2022-36xx/CVE-2022-3649.json | 8 +- CVE-2023/CVE-2023-220xx/CVE-2023-22006.json | 60 +++++- CVE-2023/CVE-2023-220xx/CVE-2023-22036.json | 60 +++++- CVE-2023/CVE-2023-220xx/CVE-2023-22041.json | 60 +++++- CVE-2023/CVE-2023-220xx/CVE-2023-22045.json | 60 +++++- CVE-2023/CVE-2023-267xx/CVE-2023-26775.json | 6 +- CVE-2023/CVE-2023-267xx/CVE-2023-26776.json | 6 +- CVE-2023/CVE-2023-289xx/CVE-2023-28901.json | 60 +++++- CVE-2023/CVE-2023-400xx/CVE-2023-40051.json | 90 +++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40052.json | 90 +++++++- CVE-2023/CVE-2023-50xx/CVE-2023-5080.json | 217 +++++++++++++++++++- CVE-2023/CVE-2023-50xx/CVE-2023-5081.json | 139 ++++++++++++- CVE-2023/CVE-2023-519xx/CVE-2023-51925.json | 77 ++++++- CVE-2023/CVE-2023-60xx/CVE-2023-6043.json | 31 ++- CVE-2023/CVE-2023-60xx/CVE-2023-6044.json | 53 ++++- CVE-2023/CVE-2023-62xx/CVE-2023-6291.json | 87 ++++++++ CVE-2023/CVE-2023-64xx/CVE-2023-6450.json | 43 +++- CVE-2024/CVE-2024-07xx/CVE-2024-0713.json | 61 +++++- CVE-2024/CVE-2024-07xx/CVE-2024-0733.json | 63 +++++- CVE-2024/CVE-2024-07xx/CVE-2024-0734.json | 63 +++++- CVE-2024/CVE-2024-07xx/CVE-2024-0738.json | 62 +++++- CVE-2024/CVE-2024-07xx/CVE-2024-0739.json | 63 +++++- CVE-2024/CVE-2024-07xx/CVE-2024-0758.json | 77 ++++++- CVE-2024/CVE-2024-09xx/CVE-2024-0921.json | 4 +- CVE-2024/CVE-2024-09xx/CVE-2024-0922.json | 4 +- CVE-2024/CVE-2024-09xx/CVE-2024-0923.json | 4 +- CVE-2024/CVE-2024-09xx/CVE-2024-0924.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0925.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0926.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0927.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0928.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0929.json | 88 ++++++++ CVE-2024/CVE-2024-09xx/CVE-2024-0930.json | 88 ++++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21985.json | 55 +++++ CVE-2024/CVE-2024-225xx/CVE-2024-22550.json | 20 ++ CVE-2024/CVE-2024-225xx/CVE-2024-22551.json | 20 ++ CVE-2024/CVE-2024-232xx/CVE-2024-23206.json | 8 +- CVE-2024/CVE-2024-232xx/CVE-2024-23211.json | 8 +- CVE-2024/CVE-2024-232xx/CVE-2024-23213.json | 8 +- CVE-2024/CVE-2024-232xx/CVE-2024-23222.json | 8 +- CVE-2024/CVE-2024-236xx/CVE-2024-23681.json | 78 ++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23682.json | 88 +++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23683.json | 95 ++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23687.json | 96 ++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23688.json | 76 ++++++- README.md | 74 ++++--- 67 files changed, 3149 insertions(+), 275 deletions(-) create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6291.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0924.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0925.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0926.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0927.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0928.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0929.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0930.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21985.json create mode 100644 CVE-2024/CVE-2024-225xx/CVE-2024-22550.json create mode 100644 CVE-2024/CVE-2024-225xx/CVE-2024-22551.json diff --git a/CVE-1999/CVE-1999-07xx/CVE-1999-0783.json b/CVE-1999/CVE-1999-07xx/CVE-1999-0783.json index bd647d27140..164f4adeefb 100644 --- a/CVE-1999/CVE-1999-07xx/CVE-1999-0783.json +++ b/CVE-1999/CVE-1999-07xx/CVE-1999-0783.json @@ -2,7 +2,7 @@ "id": "CVE-1999-0783", "sourceIdentifier": "cve@mitre.org", "published": "1998-06-16T04:00:00.000", - "lastModified": "2011-03-08T02:01:10.657", + "lastModified": "2024-01-26T16:54:15.777", "vulnStatus": "Analyzed", "descriptions": [ { @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-59" } ] } @@ -69,7 +91,17 @@ "references": [ { "url": "http://www.ciac.org/ciac/bulletins/i-057.shtml", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://www.osvdb.org/6090", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-1999/CVE-1999-13xx/CVE-1999-1386.json b/CVE-1999/CVE-1999-13xx/CVE-1999-1386.json index 2bbbf153933..0b21b726854 100644 --- a/CVE-1999/CVE-1999-13xx/CVE-1999-1386.json +++ b/CVE-1999/CVE-1999-13xx/CVE-1999-1386.json @@ -2,8 +2,8 @@ "id": "CVE-1999-1386", "sourceIdentifier": "cve@mitre.org", "published": "1999-12-31T05:00:00.000", - "lastModified": "2016-10-18T02:03:55.923", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:54:30.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-59" } ] } @@ -58,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:*", - "versionEndIncluding": "5.4.4", - "matchCriteriaId": "CCACA450-26BD-4221-BFB1-27B57C5E5C3A" + "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.004_04", + "matchCriteriaId": "356EEFF0-DC56-4E12-B7B1-DB28784FF3B1" } ] } @@ -70,15 +92,25 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=88932165406213&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List" + ] }, { "url": "http://www.iss.net/security_center/static/7243.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2000/CVE-2000-09xx/CVE-2000-0972.json b/CVE-2000/CVE-2000-09xx/CVE-2000-0972.json index 8870fc260ca..14686fdbe1e 100644 --- a/CVE-2000/CVE-2000-09xx/CVE-2000-0972.json +++ b/CVE-2000/CVE-2000-09xx/CVE-2000-0972.json @@ -2,8 +2,8 @@ "id": "CVE-2000-0972", "sourceIdentifier": "cve@mitre.org", "published": "2000-12-19T05:00:00.000", - "lastModified": "2017-10-10T01:29:25.170", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:56:22.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-59" } ] } @@ -56,11 +78,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", - "matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", @@ -76,13 +93,18 @@ "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5410", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2000/CVE-2000-11xx/CVE-2000-1178.json b/CVE-2000/CVE-2000-11xx/CVE-2000-1178.json index 282c0540823..053d31add4b 100644 --- a/CVE-2000/CVE-2000-11xx/CVE-2000-1178.json +++ b/CVE-2000/CVE-2000-11xx/CVE-2000-1178.json @@ -2,8 +2,8 @@ "id": "CVE-2000-1178", "sourceIdentifier": "cve@mitre.org", "published": "2001-01-09T05:00:00.000", - "lastModified": "2018-05-03T01:29:10.457", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:59:03.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-59" } ] } @@ -71,41 +93,64 @@ "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://marc.info/?l=bugtraq&m=97500174210821&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.debian.org/security/2000/20001201", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2000-110.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/1959", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Patch", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5546", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-288xx/CVE-2020-28871.json b/CVE-2020/CVE-2020-288xx/CVE-2020-28871.json index 8cdade89b0a..fc26f3e27ec 100644 --- a/CVE-2020/CVE-2020-288xx/CVE-2020-28871.json +++ b/CVE-2020/CVE-2020-288xx/CVE-2020-28871.json @@ -2,7 +2,7 @@ "id": "CVE-2020-28871", "sourceIdentifier": "cve@mitre.org", "published": "2021-02-10T01:15:14.627", - "lastModified": "2023-03-23T17:15:13.497", + "lastModified": "2024-01-26T16:46:58.970", "vulnStatus": "Modified", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*", - "matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6" + "criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8" } ] } diff --git a/CVE-2020/CVE-2020-288xx/CVE-2020-28872.json b/CVE-2020/CVE-2020-288xx/CVE-2020-28872.json index baa6e5f2eeb..151c33ac95f 100644 --- a/CVE-2020/CVE-2020-288xx/CVE-2020-28872.json +++ b/CVE-2020/CVE-2020-288xx/CVE-2020-28872.json @@ -2,7 +2,7 @@ "id": "CVE-2020-28872", "sourceIdentifier": "cve@mitre.org", "published": "2021-04-12T14:15:14.133", - "lastModified": "2022-10-07T02:56:41.750", + "lastModified": "2024-01-26T16:46:58.970", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*", - "matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6" + "criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8" } ] } diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json index e11f7b0fc08..6709ae1cc99 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json @@ -2,12 +2,16 @@ "id": "CVE-2020-36771", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-22T14:15:07.530", - "lastModified": "2024-01-22T14:33:50.237", + "lastModified": "2024-01-26T16:15:21.483", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CloudLinux\n CageFS 7.1.1-1 or below passes the authentication token as command line\n argument. In some configurations this allows local users to view it via\n the process list and gain code execution as another user.\n\n\n" + }, + { + "lang": "es", + "value": "CloudLinux CageFS 7.1.1-1 o inferior pasa el token de autenticaci\u00f3n como argumento de l\u00ednea de comando. En algunas configuraciones, esto permite a los usuarios locales verlo a trav\u00e9s de la lista de procesos y obtener la ejecuci\u00f3n del c\u00f3digo como otro usuario." } ], "metrics": {}, @@ -24,6 +28,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/24", + "source": "secalert@redhat.com" + }, { "url": "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100", "source": "secalert@redhat.com" diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json index dbafce1ba81..8256c20dc97 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json @@ -2,12 +2,16 @@ "id": "CVE-2020-36772", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-22T15:15:07.883", - "lastModified": "2024-01-22T19:10:26.333", + "lastModified": "2024-01-26T16:15:21.613", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.\n" + }, + { + "lang": "es", + "value": "CloudLinux CageFS 7.0.8-2 o inferior restringe insuficientemente las rutas de archivo proporcionadas al comando proxy sendmail. Esto permite a los usuarios locales leer y escribir archivos arbitrarios fuera del entorno CageFS de forma limitada." } ], "metrics": {}, @@ -24,6 +28,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/25", + "source": "secalert@redhat.com" + }, { "url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100", "source": "secalert@redhat.com" diff --git a/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json b/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json index 2262fd6248f..4ebf0e85e14 100644 --- a/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json +++ b/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json @@ -2,19 +2,79 @@ "id": "CVE-2021-31314", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-20T01:15:07.770", - "lastModified": "2024-01-20T02:58:09.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:43:27.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos en el sistema de seguridad del terminal ejinshan v8+ permite a los atacantes cargar archivos arbitrarios en ubicaciones arbitrarias del servidor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ejinshan:terminal_security_system:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FAEC5644-D1C1-415A-A07F-3A71D7C850E5" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21248.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21248.json index b53bc9de5a1..1f610e2abbb 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21248.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21248.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21248", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:10.287", - "lastModified": "2023-09-08T00:15:07.480", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:09:33.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -159,8 +159,13 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -194,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", @@ -901,15 +911,24 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.gentoo.org/glsa/202209-05", diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21291.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21291.json index 2856fe264ba..af5fd02d7bf 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21291.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21291.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21291", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:12.350", - "lastModified": "2023-09-08T00:15:08.240", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:46:36.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -179,8 +179,13 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -214,6 +219,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", @@ -278,12 +288,30 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", + "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.gentoo.org/glsa/202209-05", diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21293.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21293.json index 68c1ce139de..75ade1a5358 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21293.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21293.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21293", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:12.447", - "lastModified": "2023-09-08T00:15:08.367", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:43:54.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -189,8 +189,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -224,6 +239,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", @@ -886,7 +906,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.gentoo.org/glsa/202209-05", diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21296.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21296.json index 37e265ee81d..a60f3abf3ba 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21296.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21296.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21296", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:12.587", - "lastModified": "2023-09-08T00:15:08.663", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:44:38.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -144,8 +144,28 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -179,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21299.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21299.json index 44141e0f5f0..cff8e3ad02f 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21299.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21299.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21299", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:12.727", - "lastModified": "2023-09-08T00:15:08.790", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:44:46.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-213xx/CVE-2022-21305.json b/CVE-2022/CVE-2022-213xx/CVE-2022-21305.json index 42c0d6d2c2e..e0218e95d4f 100644 --- a/CVE-2022/CVE-2022-213xx/CVE-2022-21305.json +++ b/CVE-2022/CVE-2022-213xx/CVE-2022-21305.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21305", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:13.013", - "lastModified": "2023-09-08T00:15:08.910", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:15:21.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-213xx/CVE-2022-21340.json b/CVE-2022/CVE-2022-213xx/CVE-2022-21340.json index ea043423b3e..73eb9a36dd6 100644 --- a/CVE-2022/CVE-2022-213xx/CVE-2022-21340.json +++ b/CVE-2022/CVE-2022-213xx/CVE-2022-21340.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21340", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:14.650", - "lastModified": "2023-09-08T00:15:09.037", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:15:32.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-213xx/CVE-2022-21341.json b/CVE-2022/CVE-2022-213xx/CVE-2022-21341.json index 19657d00617..29386d7e28e 100644 --- a/CVE-2022/CVE-2022-213xx/CVE-2022-21341.json +++ b/CVE-2022/CVE-2022-213xx/CVE-2022-21341.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21341", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:14.697", - "lastModified": "2023-09-08T00:15:09.163", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:15:38.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-213xx/CVE-2022-21360.json b/CVE-2022/CVE-2022-213xx/CVE-2022-21360.json index 67e8e52fdb8..ea448ac0b41 100644 --- a/CVE-2022/CVE-2022-213xx/CVE-2022-21360.json +++ b/CVE-2022/CVE-2022-213xx/CVE-2022-21360.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21360", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:15.540", - "lastModified": "2023-09-08T00:15:09.307", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:11:45.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-213xx/CVE-2022-21365.json b/CVE-2022/CVE-2022-213xx/CVE-2022-21365.json index 856d471f571..4f254fcb852 100644 --- a/CVE-2022/CVE-2022-213xx/CVE-2022-21365.json +++ b/CVE-2022/CVE-2022-213xx/CVE-2022-21365.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21365", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:15.770", - "lastModified": "2023-09-08T00:15:09.500", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:12:01.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -174,8 +174,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -209,6 +224,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-35xx/CVE-2022-3580.json b/CVE-2022/CVE-2022-35xx/CVE-2022-3580.json index 9ceaf80fb4a..c811b7060d7 100644 --- a/CVE-2022/CVE-2022-35xx/CVE-2022-3580.json +++ b/CVE-2022/CVE-2022-35xx/CVE-2022-3580.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3580", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-18T11:15:09.750", - "lastModified": "2023-11-07T03:51:27.770", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:51:06.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -79,8 +89,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cashier_queuing_system_project:cashier_queuing_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "B21EB003-D923-4995-B525-ED718FCE2D9A" + "criteria": "cpe:2.3:a:oretnom23:cashier_queuing_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "725E5246-68E0-436C-9BCC-B30E7386BD3A" } ] } diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3625.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3625.json index cf8ebc4d3d1..c6da7b3356c 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3625.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3625.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3625", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-21T06:15:09.577", - "lastModified": "2023-11-07T03:51:32.147", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:50:58.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3649.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3649.json index 8606a710743..228340cee82 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3649.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3649.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3649", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-21T20:15:09.837", - "lastModified": "2023-11-07T03:51:34.577", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:50:53.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json index ceae811983a..9830f91dc4a 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22006", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:12.067", - "lastModified": "2023-09-19T11:16:08.343", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:48:39.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -118,6 +118,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", @@ -131,12 +136,56 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", @@ -154,7 +203,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5478", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json index ab59978b289..aba95f3b9ff 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22036", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:13.587", - "lastModified": "2023-09-19T11:16:09.930", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:48:31.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -118,6 +118,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", @@ -131,12 +136,56 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", @@ -154,7 +203,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5478", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json index e6b434dea7d..45130538450 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22041", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:13.963", - "lastModified": "2023-09-19T11:16:11.037", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:48:25.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -148,6 +148,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", @@ -161,12 +166,56 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", @@ -184,7 +233,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5478", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json index 4e5f0ba17df..11c46c13c9c 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22045", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:14.267", - "lastModified": "2023-09-19T11:16:11.777", - "vulnStatus": "Modified", + "lastModified": "2024-01-26T16:04:45.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -138,6 +138,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", @@ -151,12 +156,56 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", @@ -174,7 +223,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5478", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26775.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26775.json index 8c5ce98b534..91deb879d01 100644 --- a/CVE-2023/CVE-2023-267xx/CVE-2023-26775.json +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26775.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26775", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-04T15:15:09.020", - "lastModified": "2023-04-10T23:15:07.177", + "lastModified": "2024-01-26T16:46:58.970", "vulnStatus": "Modified", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*", - "matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6" + "criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8" } ] } diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26776.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26776.json index cf03f3c5d0d..b26b3c9f58d 100644 --- a/CVE-2023/CVE-2023-267xx/CVE-2023-26776.json +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26776.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26776", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-04T15:15:09.063", - "lastModified": "2023-04-10T19:10:25.500", + "lastModified": "2024-01-26T16:46:58.970", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*", - "matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6" + "criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8" } ] } diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json index f98e7cac1c2..58e3d4096c4 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28901.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28901", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-18T17:15:14.003", - "lastModified": "2024-01-18T19:25:46.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:01:23.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number." + }, + { + "lang": "es", + "value": "La nube de Skoda Automotive contiene una vulnerabilidad de control de acceso roto, que permite a atacantes remotos obtener datos de viajes recientes, kilometraje del veh\u00edculo, consumo de combustible, velocidad media y m\u00e1xima y otra informaci\u00f3n de los usuarios del servicio Skoda Connect especificando un n\u00famero VIN arbitrario del veh\u00edculo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:skoda-auto:skoda_connect:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52F83D74-D8F0-4D6C-B382-6E1ECE9373AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-28901/", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json index b03821e7412..67bd2b5d6b0 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40051", "sourceIdentifier": "security@progress.com", "published": "2024-01-18T15:15:09.060", - "lastModified": "2024-01-18T15:50:54.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:25:18.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n" + }, + { + "lang": "es", + "value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante puede formular una solicitud para un transporte WEB que permita cargas de archivos no deseadas a una ruta de directorio del servidor en el sistema que ejecuta PASOE. Si la carga contiene un payload que puede explotar a\u00fan m\u00e1s el servidor o su red, es posible que se lance un ataque a mayor escala." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.7", + "versionEndExcluding": "11.7.18", + "matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2", + "versionEndExcluding": "12.2.13", + "matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.8.0", + "matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/openedge", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json index 965475698e3..1bc0458fdfe 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40052", "sourceIdentifier": "security@progress.com", "published": "2024-01-18T15:15:09.247", - "lastModified": "2024-01-18T15:50:54.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:26:09.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\nThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0\n\n.\u00a0\n\nAn attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server\u2019s remaining ability to process valid requests.\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante que pueda generar una solicitud web con formato incorrecto puede provocar el bloqueo de un agente PASOE, lo que podr\u00eda interrumpir las actividades de subprocesos de muchos clientes de aplicaciones web. Varios de estos ataques DoS podr\u00edan provocar una inundaci\u00f3n de solicitudes no v\u00e1lidas en comparaci\u00f3n con la capacidad restante del servidor para procesar solicitudes v\u00e1lidas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.7", + "versionEndExcluding": "11.7.18", + "matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2", + "versionEndExcluding": "12.2.13", + "matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.8.0", + "matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.progress.com/openedge", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5080.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5080.json index 6852b85ceca..72ed8a1f4ff 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5080.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5080.json @@ -2,19 +2,43 @@ "id": "CVE-2023-5080", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-01-19T20:15:12.017", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:02:33.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. " + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en algunas tabletas Lenovo que podr\u00eda permitir que las aplicaciones locales accedan a identificadores de dispositivos y comandos del sistema." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@lenovo.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "psirt@lenovo.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "psirt@lenovo.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@lenovo.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,183 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505f_usr_s301106_2309140042_v9.56_bmp_row", + "matchCriteriaId": "B1600932-86AD-4062-9BBE-7E05823E0841" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C36249B8-17F5-4C84-80DA-D53B15ECB132" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505fs_usr_s301107_2309140028_v9.56_bmp_row", + "matchCriteriaId": "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505x_usr_s301129_2309141226_v9.56_bmp_row", + "matchCriteriaId": "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1181F5AF-6A77-4B24-A8AD-41940D344829" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505xs_usr_s301077_2309140036_v9.56_bmp_row", + "matchCriteriaId": "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D690DD9B-767A-4487-8F81-E527E4838989" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "tb125fu_usr_s100116_2311171525_mp1rc_row", + "matchCriteriaId": "8DFC63D1-5E58-429A-B07C-D27E4E644F90" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "450B5FBD-8E52-4C87-A563-FA1B45FB86CE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_p11_pro_gen_2_tb132fu_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "tb132fu_s240219_231123_row", + "matchCriteriaId": "33D5ED5F-B0CA-4A3C-94EB-626DC3180DB3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_p11_pro_gen_2_tb132fu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3EDAC7D3-75F1-4D59-8B94-5C2159AF1CDE" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-142135", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5081.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5081.json index b4978fd20d9..62af1359c34 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5081.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5081.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5081", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-01-19T20:15:12.230", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:02:59.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. " + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lenovo Tab M8 HD que podr\u00eda permitir que una aplicaci\u00f3n local recopile un identificador de dispositivo no reiniciable." } ], "metrics": { @@ -36,8 +40,18 @@ }, "weaknesses": [ { - "source": "psirt@lenovo.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@lenovo.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +60,127 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505f_usr_s301106_2309140042_v9.56_bmp_row", + "matchCriteriaId": "B1600932-86AD-4062-9BBE-7E05823E0841" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C36249B8-17F5-4C84-80DA-D53B15ECB132" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505fs_usr_s301107_2309140028_v9.56_bmp_row", + "matchCriteriaId": "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505x_usr_s301129_2309141226_v9.56_bmp_row", + "matchCriteriaId": "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1181F5AF-6A77-4B24-A8AD-41940D344829" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8505xs_usr_s301077_2309140036_v9.56_bmp_row", + "matchCriteriaId": "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D690DD9B-767A-4487-8F81-E527E4838989" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-142135", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json index c428f0846d3..6b254212015 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json @@ -2,27 +2,92 @@ "id": "CVE-2023-51925", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-20T02:15:07.773", - "lastModified": "2024-01-20T02:58:09.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:46:39.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en el m\u00e9todo nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() de YonBIP v3_23.05 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yonyou:yonbip:3_23.05:*:*:*:*:*:*:*", + "matchCriteriaId": "B2233A40-5ECC-45B7-B651-5B57118891C3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://yonbip.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51925.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.yonyou.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6043.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6043.json index b30199372e2..454ea01523d 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6043.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6043.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6043", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-01-19T20:15:12.433", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:03:21.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges." + }, + { + "lang": "es", + "value": "Se inform\u00f3 de una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podr\u00eda permitir a un atacante local eludir las comprobaciones de integridad y ejecutar c\u00f3digo arbitrario con privilegios elevados." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.49.0", + "matchCriteriaId": "C16608AA-34BC-4F60-93CD-B33F5CC39EF7" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-144736", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6044.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6044.json index bcbea437d15..b37b4245e51 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6044.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6044.json @@ -2,19 +2,43 @@ "id": "CVE-2023-6044", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-01-19T20:15:12.647", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:56:47.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podr\u00eda permitir que un atacante local con acceso f\u00edsico se haga pasar por Lenovo Vantage Service y ejecute c\u00f3digo arbitrario con privilegios elevados." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@lenovo.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + }, + { + "source": "psirt@lenovo.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.49.0", + "matchCriteriaId": "C16608AA-34BC-4F60-93CD-B33F5CC39EF7" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-144736", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json new file mode 100644 index 00000000000..db6a6e85ae5 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json @@ -0,0 +1,87 @@ +{ + "id": "CVE-2023-6291", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-26T15:15:08.280", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7854", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7855", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7856", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7857", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7858", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7860", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7861", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6291", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6450.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6450.json index d72a642fa53..4255715338b 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6450.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6450.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6450", "sourceIdentifier": "psirt@lenovo.com", "published": "2024-01-19T20:15:12.853", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:59:00.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service." + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de permisos incorrectos en la aplicaci\u00f3n Lenovo App Store que podr\u00eda permitir a un atacante utilizar recursos del sistema, lo que provocar\u00eda una denegaci\u00f3n de servicio." } ], "metrics": { @@ -36,8 +40,18 @@ }, "weaknesses": [ { - "source": "psirt@lenovo.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@lenovo.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.4.20", + "matchCriteriaId": "EBE4493E-19DF-4653-AFEB-70746B7208FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://iknow.lenovo.com.cn/detail/419672", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json index d84e1952284..a51fdb3d8d8 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0713.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0713", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T14:15:13.277", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:58:48.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Monitorr 1.7.6m. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /assets/php/upload.php del componente Services Configuration es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fileToUpload conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251539. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*", + "matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.251539", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251539", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0733.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0733.json index 4abc0d4678a..6f319c67e21 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0733.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0733.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0733", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T21:15:08.703", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:03:13.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Smsot hasta 2.12. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /api.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento data[sign] conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251556." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.12", + "matchCriteriaId": "1514F763-D93B-4C93-B607-27335A693E34" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/3GznRo9vWRJ8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.251556", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251556", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0734.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0734.json index 280442425ca..95e438ff643 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0734.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0734.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0734", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T21:15:08.923", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:57:32.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Smsot hasta 2.12. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /get.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento tid conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251557." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.12", + "matchCriteriaId": "1514F763-D93B-4C93-B607-27335A693E34" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/vo1KOw3EYmBK", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.251557", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251557", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0738.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0738.json index 5cdc571fb3a..d54ef49f2c4 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0738.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0738.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0738", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T22:15:07.997", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:13:41.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada y clasificada como cr\u00edtica en mldong 1.0. Este problema afecta la funci\u00f3n ExpressionEngine del archivo com/mldong/modules/wf/engine/model/DecisionModel.java. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251561." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:garethhk:mldong:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5C8F29B2-5DEB-4CDF-8103-603DC94BF43B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0739.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0739.json index 4443af36b86..a7d3c71990a 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0739.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0739.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0739", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T22:15:08.217", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:44:57.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Hecheng Leadshop hasta 1.4.20 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /web/leadshop.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento install conduce a la deserializaci\u00f3n. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251562 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:leadshop:leadshop:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndIncluding": "1.4.20", + "matchCriteriaId": "873747E1-23AC-4CD5-BBE1-4293A478A1CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/vLswXhWxUrs8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.251562", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251562", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0758.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0758.json index 03cf992ee1c..7ffe69632ee 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0758.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0758.json @@ -2,16 +2,53 @@ "id": "CVE-2024-0758", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:09.600", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T17:00:10.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.\n\n\n" + }, + { + "lang": "es", + "value": "MolecularFaces anteriores a 0.3.0 son vulnerables a cross site scripting. Un atacante remoto puede ejecutar JavaScript arbitrario en el contexto del navegador de la v\u00edctima a trav\u00e9s de archivos mol manipulados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,18 +60,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ipb-halle:molecularfaces:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.3.0", + "matchCriteriaId": "D088D106-C946-4483-BAB7-BDF8B4153563" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json index 0e4163ccc4b..c287b1cfebc 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0921", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T14:15:50.237", - "lastModified": "2024-01-26T14:15:50.237", - "vulnStatus": "Received", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json index 9867636a39a..e9f8fdbdb09 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0922", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T14:15:50.527", - "lastModified": "2024-01-26T14:15:50.527", - "vulnStatus": "Received", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json index 252cf321829..f243d1e68c2 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0923", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T14:15:50.747", - "lastModified": "2024-01-26T14:15:50.747", - "vulnStatus": "Received", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0924.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0924.json new file mode 100644 index 00000000000..3faa36ef153 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0924.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0924", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T15:15:08.537", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252129", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252129", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0925.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0925.json new file mode 100644 index 00000000000..0f82c819c0d --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0925.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0925", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T15:15:08.770", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252130", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252130", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0926.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0926.json new file mode 100644 index 00000000000..2f2317edfc8 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0926.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0926", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T15:15:08.983", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252131", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252131", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0927.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0927.json new file mode 100644 index 00000000000..b81b41b6b1d --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0927.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0927", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T15:15:09.217", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252132", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252132", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0928.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0928.json new file mode 100644 index 00000000000..23ff1ae1921 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0928.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0928", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T16:15:21.707", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252133", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252133", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0929.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0929.json new file mode 100644 index 00000000000..f2651d194a6 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0929.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0929", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T16:15:22.020", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252134", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252134", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0930.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0930.json new file mode 100644 index 00000000000..8e393f0b0a0 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0930.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0930", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T16:15:22.287", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252135", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252135", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21985.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21985.json new file mode 100644 index 00000000000..04bd00ff294 --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21985.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-21985", + "sourceIdentifier": "security-alert@netapp.com", + "published": "2024-01-26T16:15:22.597", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 \nand 9.13.1P4 are susceptible to a vulnerability which could allow an \nauthenticated user with multiple remote accounts with differing roles to\n perform actions via REST API beyond their intended privilege. Possible \nactions include viewing limited configuration details and metrics or \nmodifying limited settings, some of which could result in a Denial of \nService (DoS).\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-alert@netapp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-alert@netapp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.netapp.com/advisory/ntap-20240126-0001/", + "source": "security-alert@netapp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22550.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22550.json new file mode 100644 index 00000000000..b85ec56df5c --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22550.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22550", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-26T15:15:09.437", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22551.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22551.json new file mode 100644 index 00000000000..e2955a4944f --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22551.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22551", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-26T15:15:09.490", + "lastModified": "2024-01-26T16:33:07.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://packetstormsecurity.com/files/176314/WhatACart-2.0.7-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23206.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23206.json index a75c945b709..599c09ebf66 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23206.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23206.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23206", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:10.840", - "lastModified": "2024-01-23T13:44:00.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:15:22.890", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/27", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214055", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json index 38349f94383..4a76abc48ea 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23211", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.087", - "lastModified": "2024-01-23T13:44:00.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:15:22.953", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/27", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214056", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json index 12b4d159da6..c21a6c15d7c 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23213", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.183", - "lastModified": "2024-01-23T13:44:00.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:15:23.020", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/27", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214055", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json index 468716d4e90..5d201d3a09c 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23222", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.500", - "lastModified": "2024-01-24T02:00:01.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:15:23.083", + "vulnStatus": "Undergoing Analysis", "cisaExploitAdd": "2024-01-23", "cisaActionDue": "2024-02-13", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -20,6 +20,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/27", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214055", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23681.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23681.json index 1e67022c5f7..adfa47d9d1b 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23681.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23681.json @@ -2,16 +2,53 @@ "id": "CVE-2024-23681", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.207", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:08:04.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librer\u00edas que no son de confianza utilizando System.load o System.loadLibrary. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,18 +60,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.11.2", + "matchCriteriaId": "D02F9163-5CB9-4780-B35C-BFA6002078B7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-98hq-4wmw-98w9", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json index 78100662a9b..abb337d52e6 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json @@ -2,16 +2,53 @@ "id": "CVE-2024-23682", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.273", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:08:33.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares conf\u00eda. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -27,26 +64,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.0", + "matchCriteriaId": "12206DA2-20AE-4357-A395-4CB389485D00" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-227w-wv4j-67h4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ls1intum/Ares/issues/15", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json index d2c96f57e70..5cc48840451 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json @@ -2,39 +2,116 @@ "id": "CVE-2024-23683", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.340", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:17:29.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.6", + "matchCriteriaId": "147CDF80-6055-494C-8B01-74B48210DE43" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/advisories/GHSA-883x-6fch-6wjx", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/ls1intum/Ares/releases/tag/1.7.6", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23687.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23687.json index 71293f5a25c..eebcc228a1e 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23687.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23687.json @@ -2,35 +2,115 @@ "id": "CVE-2024-23687", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T22:15:08.517", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T16:54:13.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.\n\n" + }, + { + "lang": "es", + "value": "Las credenciales codificadas en las versiones FOLIO mod-data-export-spring anteriores a 1.5.4 y de 2.0.0 a 2.0.2 permiten a usuarios no autenticados acceder a API cr\u00edticas, modificar datos de usuario, modificar configuraciones, incluido el inicio de sesi\u00f3n \u00fanico, y manipular tarifas/multas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openlibraryfoundation:mod-data-export-spring:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.4", + "matchCriteriaId": "EF023FD8-0E0B-4208-BDB3-8F9F73A25B45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openlibraryfoundation:mod-data-export-spring:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.0.2", + "matchCriteriaId": "AC95B1BE-9BE8-4C31-B57B-9E4E09E14745" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/advisories/GHSA-vf78-3q9f-92g3", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://wiki.folio.org/x/hbMMBw", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json index 92d79f7731d..bc66c324447 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json @@ -2,16 +2,53 @@ "id": "CVE-2024-23688", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T22:15:08.563", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T15:53:31.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.\n\n" + }, + { + "lang": "es", + "value": "Las versiones de Consensys Discovery inferiores a 0.4.5 utilizan el mismo nonce AES/GCM durante toda la sesi\u00f3n que idealmente deber\u00eda ser \u00fanico para cada mensaje. La clave privada del nodo no est\u00e1 comprometida, solo se expone la clave de sesi\u00f3n generada para una comunicaci\u00f3n entre pares espec\u00edfica." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,18 +60,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:consensys:discovery:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.4.5", + "matchCriteriaId": "33F278C7-2BA2-400A-AB54-C1CC096B8D31" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/advisories/GHSA-w3hj-wr2q-x83g", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index f8c9fc04d1b..61a6e8a2637 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-26T15:00:24.884467+00:00 +2024-01-26T17:00:35.248459+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-26T14:59:22.727000+00:00 +2024-01-26T17:00:10.607000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236917 +236928 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `11` -* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-01-26T14:15:50.237`) -* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-01-26T14:15:50.527`) -* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-01-26T14:15:50.747`) +* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-01-26T15:15:08.280`) +* [CVE-2024-0924](CVE-2024/CVE-2024-09xx/CVE-2024-0924.json) (`2024-01-26T15:15:08.537`) +* [CVE-2024-0925](CVE-2024/CVE-2024-09xx/CVE-2024-0925.json) (`2024-01-26T15:15:08.770`) +* [CVE-2024-0926](CVE-2024/CVE-2024-09xx/CVE-2024-0926.json) (`2024-01-26T15:15:08.983`) +* [CVE-2024-0927](CVE-2024/CVE-2024-09xx/CVE-2024-0927.json) (`2024-01-26T15:15:09.217`) +* [CVE-2024-22550](CVE-2024/CVE-2024-225xx/CVE-2024-22550.json) (`2024-01-26T15:15:09.437`) +* [CVE-2024-22551](CVE-2024/CVE-2024-225xx/CVE-2024-22551.json) (`2024-01-26T15:15:09.490`) +* [CVE-2024-0928](CVE-2024/CVE-2024-09xx/CVE-2024-0928.json) (`2024-01-26T16:15:21.707`) +* [CVE-2024-0929](CVE-2024/CVE-2024-09xx/CVE-2024-0929.json) (`2024-01-26T16:15:22.020`) +* [CVE-2024-0930](CVE-2024/CVE-2024-09xx/CVE-2024-0930.json) (`2024-01-26T16:15:22.287`) +* [CVE-2024-21985](CVE-2024/CVE-2024-219xx/CVE-2024-21985.json) (`2024-01-26T16:15:22.597`) ### CVEs modified in the last Commit -Recently modified CVEs: `110` +Recently modified CVEs: `55` -* [CVE-2024-23857](CVE-2024/CVE-2024-238xx/CVE-2024-23857.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23858](CVE-2024/CVE-2024-238xx/CVE-2024-23858.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23859](CVE-2024/CVE-2024-238xx/CVE-2024-23859.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23860](CVE-2024/CVE-2024-238xx/CVE-2024-23860.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23861](CVE-2024/CVE-2024-238xx/CVE-2024-23861.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23862](CVE-2024/CVE-2024-238xx/CVE-2024-23862.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23863](CVE-2024/CVE-2024-238xx/CVE-2024-23863.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23864](CVE-2024/CVE-2024-238xx/CVE-2024-23864.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23865](CVE-2024/CVE-2024-238xx/CVE-2024-23865.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23866](CVE-2024/CVE-2024-238xx/CVE-2024-23866.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23867](CVE-2024/CVE-2024-238xx/CVE-2024-23867.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23868](CVE-2024/CVE-2024-238xx/CVE-2024-23868.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23869](CVE-2024/CVE-2024-238xx/CVE-2024-23869.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23870](CVE-2024/CVE-2024-238xx/CVE-2024-23870.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23871](CVE-2024/CVE-2024-238xx/CVE-2024-23871.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-26T13:51:45.267`) -* [CVE-2024-22402](CVE-2024/CVE-2024-224xx/CVE-2024-22402.json) (`2024-01-26T14:11:30.677`) -* [CVE-2024-22404](CVE-2024/CVE-2024-224xx/CVE-2024-22404.json) (`2024-01-26T14:37:23.880`) -* [CVE-2024-22401](CVE-2024/CVE-2024-224xx/CVE-2024-22401.json) (`2024-01-26T14:42:35.147`) -* [CVE-2024-0737](CVE-2024/CVE-2024-07xx/CVE-2024-0737.json) (`2024-01-26T14:44:48.370`) -* [CVE-2024-23689](CVE-2024/CVE-2024-236xx/CVE-2024-23689.json) (`2024-01-26T14:50:45.023`) -* [CVE-2024-22212](CVE-2024/CVE-2024-222xx/CVE-2024-22212.json) (`2024-01-26T14:58:18.877`) +* [CVE-2023-22045](CVE-2023/CVE-2023-220xx/CVE-2023-22045.json) (`2024-01-26T16:04:45.867`) +* [CVE-2023-51925](CVE-2023/CVE-2023-519xx/CVE-2023-51925.json) (`2024-01-26T16:46:39.787`) +* [CVE-2023-26775](CVE-2023/CVE-2023-267xx/CVE-2023-26775.json) (`2024-01-26T16:46:58.970`) +* [CVE-2023-26776](CVE-2023/CVE-2023-267xx/CVE-2023-26776.json) (`2024-01-26T16:46:58.970`) +* [CVE-2023-22041](CVE-2023/CVE-2023-220xx/CVE-2023-22041.json) (`2024-01-26T16:48:25.717`) +* [CVE-2023-22036](CVE-2023/CVE-2023-220xx/CVE-2023-22036.json) (`2024-01-26T16:48:31.050`) +* [CVE-2023-22006](CVE-2023/CVE-2023-220xx/CVE-2023-22006.json) (`2024-01-26T16:48:39.380`) +* [CVE-2024-23681](CVE-2024/CVE-2024-236xx/CVE-2024-23681.json) (`2024-01-26T15:08:04.263`) +* [CVE-2024-23682](CVE-2024/CVE-2024-236xx/CVE-2024-23682.json) (`2024-01-26T15:08:33.007`) +* [CVE-2024-0738](CVE-2024/CVE-2024-07xx/CVE-2024-0738.json) (`2024-01-26T15:13:41.257`) +* [CVE-2024-23683](CVE-2024/CVE-2024-236xx/CVE-2024-23683.json) (`2024-01-26T15:17:29.350`) +* [CVE-2024-0739](CVE-2024/CVE-2024-07xx/CVE-2024-0739.json) (`2024-01-26T15:44:57.530`) +* [CVE-2024-23688](CVE-2024/CVE-2024-236xx/CVE-2024-23688.json) (`2024-01-26T15:53:31.397`) +* [CVE-2024-0713](CVE-2024/CVE-2024-07xx/CVE-2024-0713.json) (`2024-01-26T15:58:48.263`) +* [CVE-2024-0733](CVE-2024/CVE-2024-07xx/CVE-2024-0733.json) (`2024-01-26T16:03:13.010`) +* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-01-26T16:15:22.890`) +* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-01-26T16:15:22.953`) +* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-26T16:15:23.020`) +* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-26T16:15:23.083`) +* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-01-26T16:33:07.620`) +* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-01-26T16:33:07.620`) +* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-01-26T16:33:07.620`) +* [CVE-2024-23687](CVE-2024/CVE-2024-236xx/CVE-2024-23687.json) (`2024-01-26T16:54:13.900`) +* [CVE-2024-0734](CVE-2024/CVE-2024-07xx/CVE-2024-0734.json) (`2024-01-26T16:57:32.447`) +* [CVE-2024-0758](CVE-2024/CVE-2024-07xx/CVE-2024-0758.json) (`2024-01-26T17:00:10.607`) ## Download and Usage