admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-20T19:00:24.958497+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-20 19:00:28 +00:00
parent 49c44b1684
commit 1539f46599
49 changed files with 2537 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2022/CVE-2022-486xx/CVE-2022-48620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48620",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T04:15:08.123",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:44:50.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "uev (aka libuev) anterior a 2.4.1 tiene un desbordamiento de b\u00fafer en epoll_wait si maxevents es un n\u00famero grande."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:troglobit:libeuv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "BFF2C023-36E0-4067-8541-A9B49FF7361B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/troglobit/libuev/issues/27",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2023/CVE-2023-300xx/CVE-2023-30016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30016",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:44.083",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:44:22.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro sub_event_id en sub_event_details_edit.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:judging_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B03B38-D6B3-4E68-BC8C-1A36E865B087"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-362xx/CVE-2023-36236.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-36236",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T22:15:37.473",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:46:09.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting en webkil Bagisto v.1.5.0 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de una carga de archivo SVG manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:bagisto:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"matchCriteriaId": "A4F86930-29FC-4773-B0A6-83CE977A0953"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bagisto.com/en/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43815.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43815",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:08.717",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:52:55.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en Delta Electronics Delta Industrial Automation DOPSoft versi\u00f3n 2 al analizar el campo wScreenDESCTextLen de un archivo DPS. Un atacante an\u00f3nimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wscreendesctextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43816.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43816",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:08.957",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:54.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Delta Electronics Delta Industrial Automation DOPSoft versi\u00f3n 2 al analizar el campo wKPFStringLen de un archivo DPS. Un atacante an\u00f3nimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wkpfstringlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43817.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43817",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.183",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:51.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.\n\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en Delta Electronics Delta Industrial Automation DOPSoft versi\u00f3n 2 al analizar el campo wMailContentLen de un archivo DPS. Un atacante an\u00f3nimo puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wmailcontentlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43818.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43818",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.383",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:44.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en Delta Electronics Delta Industrial Automation DOPSoft. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43819.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43819",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.587",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:38.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo InitialMacroLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-initialmacrolen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43820.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43820",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:09.800",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:34.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wLogTitlesPrevValueLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesprevvaluelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43821.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43821",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.017",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:30.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wLogTitlesActionLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesactionlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43822.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43822",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.220",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:23.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wLogTitlesTimeLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlestimelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43823.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43823",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.430",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:19.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wTTitleLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wttitlelen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-438xx/CVE-2023-43824.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43824",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-18T22:15:10.630",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:53:14.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution."
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Delta Electronics Delta Industrial Automation DOPSoft al analizar el campo wTitleTextLen de un archivo DPS. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un archivo DPS especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:dopsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.00.00.00",
"versionEndIncluding": "2.00.07.04",
"matchCriteriaId": "95784818-4F78-43E2-85B1-68638C0C6373"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtitletextlen-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-504xx/CVE-2023-50447.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.870",
"lastModified": "2024-01-19T22:52:48.170",
"lastModified": "2024-01-20T18:15:31.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/20/1",
"source": "cve@mitre.org"
},
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/",
"source": "cve@mitre.org"

69
CVE-2023/CVE-2023-519xx/CVE-2023-51978.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51978",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T16:15:52.220",
"lastModified": "2024-01-12T17:06:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:44:02.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In PHPGurukul Art Gallery Management System v1.1, \"Update Artist Image\" functionality of \"imageid\" parameter is vulnerable to SQL Injection."
},
{
"lang": "es",
"value": "En PHPGurukul Art Gallery Management System v1.1, la funcionalidad \"Update Artist Image\" del par\u00e1metro \"imageid\" es vulnerable a la inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3723A3BE-7EF5-4766-87DF-C7E18185322F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-04xx/CVE-2024-0464.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:11.777",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:47:32.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Online Faculty Clearance 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo delete_faculty.php del componente HTTP GET Request Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250569."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_faculty_clearance:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83AE20B8-0D2A-432F-9414-EFCE8C1FE07B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-04xx/CVE-2024-0465.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:12.577",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:47:17.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Employee Profile Management System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo download.php. La manipulaci\u00f3n del argumento download_file conduce a path traversal: '../filedir'. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250570 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECD8318-8E3C-4A62-B9A7-170B570C9A64"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250570",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250570",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-04xx/CVE-2024-0466.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0466",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:12.920",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:46:47.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Employee Profile Management System 1.0. Este problema afecta un procesamiento desconocido del archivo file_table.php. La manipulaci\u00f3n del argumento per_id conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250571."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECD8318-8E3C-4A62-B9A7-170B570C9A64"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250571",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250571",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

48
CVE-2024/CVE-2024-209xx/CVE-2024-20904.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20904",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:38.310",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:42:09.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: Pod Admin). Las versiones compatibles que se ven afectadas son 6.4.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Business Intelligence Enterprise Edition. Si bien la vulnerabilidad est\u00e1 en Oracle Business Intelligence Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Puntaje base 5.0 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,48 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EDBC994D-3FE6-4DEF-AE5C-26D2E3AD45BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-209xx/CVE-2024-20906.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20906",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:38.480",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:41:53.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Integrated Lights Out Manager (ILOM) de Oracle Systems (componente: System Management). Las versiones compatibles que se ven afectadas son 3, 4 y 5. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de ICMP comprometer Integrated Lights Out Manager (ILOM). Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Integrated Lights Out Manager (ILOM), los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Integrated Lights Out Manager (ILOM), as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Integrated Lights Out Manager (ILOM). CVSS 3.1 Puntaje base 4.8 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8218EEAF-741B-4DD3-BF54-9AACAB7DA8C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9782C736-0250-48D2-B104-C217F5F0AFAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E84523-3248-4A78-ABE1-41909A6DEF62"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20908.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20908",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:38.650",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:41:36.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle WebCenter Sites de Oracle Fusion Middleware (componente: UI avanzada). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa los sitios de Oracle WebCenter. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en los sitios de Oracle WebCenter, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de los sitios de Oracle WebCenter, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de los sitios de Oracle WebCenter. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20914.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20914",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.173",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:41:05.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle ZFS Storage Appliance Kit de Oracle Systems (componente: Core). La versi\u00f3n compatible que se ve afectada es la 8.8. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle ZFS Storage Appliance Kit para comprometer Oracle ZFS Storage Appliance Kit. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles del Oracle ZFS Storage Appliance Kit. CVSS 3.1 Puntaje base 2.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20916.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20916",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.343",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:40:50.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Manager Base Platform de Oracle Enterprise Manager (componente: Gesti\u00f3n de eventos). La versi\u00f3n compatible afectada es 13.5.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios acceder al segmento de comunicaci\u00f3n f\u00edsica conectado al hardware donde se ejecuta la plataforma base de Oracle Enterprise Manager para comprometer la plataforma base de Oracle Enterprise Manager. Si bien la vulnerabilidad est\u00e1 en la plataforma base de Oracle Enterprise Manager, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de la plataforma base de Oracle Enterprise Manager, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles y capacidades no autorizadas de la plataforma base de Oracle Enterprise Manager. provocar una denegaci\u00f3n parcial de servicio (DOS parcial) de la plataforma base Oracle Enterprise Manager. CVSS 3.1 Puntuaci\u00f3n base 8.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:enterprise_manager:13.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7E93F6-052B-4D0C-8499-C2CAA920F302"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20920",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.687",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:39:46.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Filesystem). La versi\u00f3n compatible que se ve afectada es la 11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris para comprometer Oracle Solaris. Si bien la vulnerabilidad est\u00e1 en Oracle Solaris, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Solaris. CVSS 3.1 Puntaje base 3.8 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBBA519-6C95-4973-B6C1-CE513CD7DA35"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20928",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.383",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:37:12.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle WebCenter Content de Oracle Fusion Middleware (componente: Content Server). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle WebCenter Content. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle WebCenter Content, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle WebCenter Content, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle WebCenter Content. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6BB89E-DCA0-4453-A043-1987EB657451"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20930.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20930",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.593",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:36:08.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Outside In Technology de Oracle Fusion Middleware (componente: SDK de acceso a contenido, SDK de exportaci\u00f3n de im\u00e1genes, SDK de exportaci\u00f3n de PDF, SDK de exportaci\u00f3n HTML). La versi\u00f3n compatible afectada es la 8.5.6. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer la tecnolog\u00eda Oracle Outside In. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Outside In Technology, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Outside In Technology y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio. (DOS parcial) de Oracle Outside In Technology. CVSS 3.1 Puntuaci\u00f3n base 6.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6D900-3178-4FB2-980C-5E806933F059"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20934.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20934",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.937",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:35:47.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: Engineering Change Order). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:installed_base:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "9C162720-0198-47BF-ABD5-D5C76418A066"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20936.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20936",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.110",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:35:22.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle One-to-One Fulfilment de Oracle E-Business Suite (componente: Documents). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle One-to-One Fulfilment. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en Oracle One-to-One Fulfilment, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle One-to-One Fulfilment, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle One-to-One Fulfilment. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:one-to-one_fulfillment:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "0E39BC27-A74E-4F12-BA8E-EB6A53E32744"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20938.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20938",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.277",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:35:05.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle iStore de Oracle E-Business Suite (componente: ECC). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle iStore. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle iStore, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle iStore, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle iStore. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:istore:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "6235EDBE-28A9-416D-A308-E62C640D8E43"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20940.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20940",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.447",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:34:47.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge Management de Oracle E-Business Suite (componente: Create, Update, Authoring Flow). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Knowledge Management. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Knowledge Management, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Knowledge Management, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Knowledge Management. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:knowledge_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "CF3B0F50-E10E-4694-B6D2-5D2C625CCA6C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-209xx/CVE-2024-20942.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20942",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.613",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:34:14.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Complex Maintenance, Repair and Overhaul de Oracle Supply Chain (componente: LOV). Las versiones compatibles que se ven afectadas son 11.5, 12.1 y 12.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad se encuentra en el mantenimiento, reparaci\u00f3n y revisi\u00f3n del complejo Oracle, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de mantenimiento, reparaci\u00f3n y revisi\u00f3n de Oracle Complex. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:complex_maintenance\\,_repair\\,_and_overhaul:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5911C4E7-0089-4BEC-9D19-52019567338B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:complex_maintenance\\,_repair\\,_and_overhaul:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4613F-3E3C-4F69-900D-153008B09559"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:complex_maintenance\\,_repair\\,_and_overhaul:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41461A44-18C5-4D83-998F-6DF8E32E0487"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20944.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20944",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.783",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:33:55.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data as well as unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle iSupport de Oracle E-Business Suite (componente: Operaciones Internas). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle iSupport. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle iSupport, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle iSupport, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle iSupport. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:isupport:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "C1E5C84B-877C-43F6-8964-985DFE280D5D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20946.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20946",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:41.957",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:33:39.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Kernel). La versi\u00f3n compatible que se ve afectada es la 11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris para comprometer Oracle Solaris. Los ataques exitosos de esta vulnerabilidad pueden tener como resultado una capacidad no autorizada para causar un bloqueo o un fallo frecuentemente repetible (DOS completo) de Oracle Solaris. CVSS 3.1 Puntuaci\u00f3n base 5.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBBA519-6C95-4973-B6C1-CE513CD7DA35"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20948.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20948",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.123",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:33:19.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge Management de Oracle E-Business Suite (componente: Configuraci\u00f3n, Administrador). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Knowledge Management. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Knowledge Management, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Knowledge Management, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Knowledge Management. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:knowledge_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "CF3B0F50-E10E-4694-B6D2-5D2C625CCA6C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20950.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20950",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.313",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:32:03.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Customer Interaction History de Oracle E-Business Suite (componente: Outcome-Result). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el historial de interacci\u00f3n con el cliente de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en el Historial de interacci\u00f3n con el cliente de Oracle, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:customer_interaction_history:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "349A0172-5EE4-4EDA-85E2-D068FA947ED6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-209xx/CVE-2024-20957.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20957",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.830",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:31:43.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Package Build SEC). Las versiones compatibles que se ven afectadas son anteriores a la 9.2.8.1. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios y acceso a la red a trav\u00e9s de JDENET comprometer JD Edwards EnterpriseOne Tools. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de JD Edwards EnterpriseOne Tools. CVSS 3.1 Puntuaci\u00f3n base 2.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.8.1",
"matchCriteriaId": "39FEBA77-05E1-4FF7-AB18-BFDC79E5E59C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20959.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20959",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:43.003",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:31:27.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle ZFS Storage Appliance Kit de Oracle Systems (componente: Core). La versi\u00f3n compatible que se ve afectada es la 8.8. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle ZFS Storage Appliance Kit para comprometer Oracle ZFS Storage Appliance Kit. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un fallo frecuente (DOS completo) de Oracle ZFS Storage Appliance Kit. CVSS 3.1 Puntuaci\u00f3n base 4.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-209xx/CVE-2024-20979.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20979",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.860",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:30:34.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Web Server). Las versiones compatibles que se ven afectadas son 6.4.0.0.0, 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle BI Publisher. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle BI Publisher, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle BI Publisher, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle BI Publisher. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CEFA51-E2C5-4F07-952D-F8F46C928092"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F59017DC-0258-45BD-89E4-DC8EBA922107"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-209xx/CVE-2024-20987.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20987",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:45.543",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:30:16.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Web Server). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle BI Publisher. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle BI Publisher, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle BI Publisher, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle BI Publisher. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
@ -34,10 +38,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-216xx/CVE-2024-21669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21669",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T06:15:44.067",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:45:17.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperledger:aries_cloud_agent:*:*:*:*:*:python:*:*",
"versionStartIncluding": "0.7.0",
"versionEndExcluding": "0.10.5",
"matchCriteriaId": "8E7EDC2A-7233-4326-82B1-E896F8B52925"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperledger:aries_cloud_agent:0.11.0:rc1:*:*:*:python:*:*",
"matchCriteriaId": "300CAB56-D1C2-4D96-BBBB-C429E9364E94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperledger:aries_cloud_agent:0.11.0:rc2:*:*:*:python:*:*",
"matchCriteriaId": "A99DFE1B-4372-43D1-A8FA-2C4F6B6FB951"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hyperledger/aries-cloudagent-python/commit/0b01ffffc0789205ac990292f97238614c9fd293",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hyperledger/aries-cloudagent-python/commit/4c45244e2085aeff2f038dd771710e92d7682ff2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/hyperledger/aries-cloudagent-python/security/advisories/GHSA-97x9-59rv-q5pm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-224xx/CVE-2024-22492.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22492",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T16:15:52.793",
"lastModified": "2024-01-12T17:06:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:42:47.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de XSS almacenado en JFinalcms 5.0.0 a trav\u00e9s del par\u00e1metro de contacto /gusetbook/save, que permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/security/blob/main/%28JFinalcms%20contact%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20contact%20para.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-224xx/CVE-2024-22493.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22493",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T16:15:52.840",
"lastModified": "2024-01-12T17:06:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:42:39.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de XSS almacenado en JFinalcms 5.0.0 a trav\u00e9s del par\u00e1metro /gusetbook/save content, que permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/security/blob/main/%28JFinalcms%20content%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20content%20para.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22548.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22548",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.623",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:51:21.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section."
},
{
"lang": "es",
"value": "FlyCms 1.0 es vulnerable a Cross Site Scripting (XSS) en la secci\u00f3n de nombre del sitio web de configuraci\u00f3n del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/5List/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22549.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22549",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.670",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:51:14.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section."
},
{
"lang": "es",
"value": "FlyCms 1.0 es vulnerable a Cross Site Scripting (XSS) en la configuraci\u00f3n de correo electr\u00f3nico de la secci\u00f3n de configuraci\u00f3n del sitio web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cccbbbttt/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22568.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22568",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.717",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:49:52.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del."
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/score/del."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kayo-zjq/myc/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22591.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22591",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.763",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:49:47.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save."
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/user/group_save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22592.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22592",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.813",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:49:41.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/user/group_update"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22593.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22593",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.853",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-20T18:49:24.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/admin/add_group_save"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-20T11:00:24.598354+00:00
2024-01-20T19:00:24.958497+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-20T10:15:07.980000+00:00
2024-01-20T18:53:54.993000+00:00
```
### Last Data Feed Release
@ -34,16 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `0`
* [CVE-2023-7063](CVE-2023/CVE-2023-70xx/CVE-2023-7063.json) (`2024-01-20T09:15:07.520`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `48`
* [CVE-2023-46749](CVE-2023/CVE-2023-467xx/CVE-2023-46749.json) (`2024-01-20T10:15:07.980`)
* [CVE-2024-20942](CVE-2024/CVE-2024-209xx/CVE-2024-20942.json) (`2024-01-20T18:34:14.440`)
* [CVE-2024-20940](CVE-2024/CVE-2024-209xx/CVE-2024-20940.json) (`2024-01-20T18:34:47.863`)
* [CVE-2024-20938](CVE-2024/CVE-2024-209xx/CVE-2024-20938.json) (`2024-01-20T18:35:05.397`)
* [CVE-2024-20936](CVE-2024/CVE-2024-209xx/CVE-2024-20936.json) (`2024-01-20T18:35:22.853`)
* [CVE-2024-20934](CVE-2024/CVE-2024-209xx/CVE-2024-20934.json) (`2024-01-20T18:35:47.127`)
* [CVE-2024-20930](CVE-2024/CVE-2024-209xx/CVE-2024-20930.json) (`2024-01-20T18:36:08.060`)
* [CVE-2024-20928](CVE-2024/CVE-2024-209xx/CVE-2024-20928.json) (`2024-01-20T18:37:12.027`)
* [CVE-2024-20920](CVE-2024/CVE-2024-209xx/CVE-2024-20920.json) (`2024-01-20T18:39:46.033`)
* [CVE-2024-20916](CVE-2024/CVE-2024-209xx/CVE-2024-20916.json) (`2024-01-20T18:40:50.423`)
* [CVE-2024-20914](CVE-2024/CVE-2024-209xx/CVE-2024-20914.json) (`2024-01-20T18:41:05.227`)
* [CVE-2024-20908](CVE-2024/CVE-2024-209xx/CVE-2024-20908.json) (`2024-01-20T18:41:36.717`)
* [CVE-2024-20906](CVE-2024/CVE-2024-209xx/CVE-2024-20906.json) (`2024-01-20T18:41:53.127`)
* [CVE-2024-20904](CVE-2024/CVE-2024-209xx/CVE-2024-20904.json) (`2024-01-20T18:42:09.760`)
* [CVE-2024-22493](CVE-2024/CVE-2024-224xx/CVE-2024-22493.json) (`2024-01-20T18:42:39.343`)
* [CVE-2024-22492](CVE-2024/CVE-2024-224xx/CVE-2024-22492.json) (`2024-01-20T18:42:47.087`)
* [CVE-2024-21669](CVE-2024/CVE-2024-216xx/CVE-2024-21669.json) (`2024-01-20T18:45:17.257`)
* [CVE-2024-0466](CVE-2024/CVE-2024-04xx/CVE-2024-0466.json) (`2024-01-20T18:46:47.457`)
* [CVE-2024-0465](CVE-2024/CVE-2024-04xx/CVE-2024-0465.json) (`2024-01-20T18:47:17.343`)
* [CVE-2024-0464](CVE-2024/CVE-2024-04xx/CVE-2024-0464.json) (`2024-01-20T18:47:32.230`)
* [CVE-2024-22593](CVE-2024/CVE-2024-225xx/CVE-2024-22593.json) (`2024-01-20T18:49:24.957`)
* [CVE-2024-22592](CVE-2024/CVE-2024-225xx/CVE-2024-22592.json) (`2024-01-20T18:49:41.750`)
* [CVE-2024-22591](CVE-2024/CVE-2024-225xx/CVE-2024-22591.json) (`2024-01-20T18:49:47.907`)
* [CVE-2024-22568](CVE-2024/CVE-2024-225xx/CVE-2024-22568.json) (`2024-01-20T18:49:52.490`)
* [CVE-2024-22549](CVE-2024/CVE-2024-225xx/CVE-2024-22549.json) (`2024-01-20T18:51:14.307`)
* [CVE-2024-22548](CVE-2024/CVE-2024-225xx/CVE-2024-22548.json) (`2024-01-20T18:51:21.163`)
## Download and Usage