Auto-Update: 2024-02-21T15:04:25.404608+00:00

2025-05-08 19:47:09 +00:00 · 2024-02-21 15:04:29 +00:00 · 2024-02-21 15:04:29 +00:00 · 15c5d51c7a
commit 15c5d51c7a
parent d3f6fe25be
7 changed files with 207 additions and 14 deletions
--- a/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
+++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47795",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-21T14:15:45.677",
+  "lastModified": "2024-02-21T14:15:45.677",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's \u201cTitle\u201d text field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47795",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-50387",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-14T16:15:45.300",
-  "lastModified": "2024-02-20T16:55:30.890",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-21T13:15:07.913",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -303,6 +303,10 @@
        "VDB Entry"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json
+++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-50868",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-14T16:15:45.377",
-  "lastModified": "2024-02-19T03:15:08.100",
+  "lastModified": "2024-02-21T13:15:08.130",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -48,6 +48,10 @@
      "url": "https://kb.isc.org/docs/cve-2023-50868",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
      "source": "cve@mitre.org"
--- a/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
+++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-7235",
+  "sourceIdentifier": "security@openvpn.net",
+  "published": "2024-02-21T11:15:07.673",
+  "lastModified": "2024-02-21T11:15:07.673",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables."
+    },
+    {
+      "lang": "es",
+      "value": "El instalador de la GUI de OpenVPN anterior a la versi\u00f3n 2.6.9 no establec\u00eda las restricciones de control de acceso adecuadas al directorio de instalaci\u00f3n de los archivos binarios de OpenVPN cuando usaba una ruta de instalaci\u00f3n no est\u00e1ndar, lo que permite a un atacante reemplazar archivos binarios para ejecutar ejecutables arbitrarios."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@openvpn.net",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-7235",
+      "source": "security@openvpn.net"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-1661",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-02-20T13:15:08.230",
-  "lastModified": "2024-02-20T19:50:53.960",
+  "lastModified": "2024-02-21T12:15:47.927",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en Totolink X6000R 9.4.0cu.852_B20230719 y clasificada como problem\u00e1tica. Una funcionalidad desconocida del archivo /etc/shadow es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a credenciales codificadas. Es posible lanzar el ataque al servidor local. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-254179. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-213xx/CVE-2024-21341.json
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21341.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-21341",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2024-02-13T18:15:49.630",
-  "lastModified": "2024-02-13T18:22:58.333",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-02-21T14:19:31.900",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Kernel Remote Code Execution Vulnerability"
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del kernel de Windows"
    }
  ],
  "metrics": {
@ -34,10 +38,92 @@
      }
    ]
  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-noinfo"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.17763.5458",
+              "matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.19044.4046",
+              "matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.19045.4046",
+              "matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.22000.2777",
+              "matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.22621.3155",
+              "matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.22631.3155",
+              "matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.17763.5458",
+              "matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "10.0.20348.2322",
+              "matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
+              "versionEndIncluding": "10.0.25398.709",
+              "matchCriteriaId": "62322DCD-FDD1-4E54-A51A-08D68890E7DE"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341",
-      "source": "secure@microsoft.com"
+      "source": "secure@microsoft.com",
+      "tags": [
+        "Patch",
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-21T11:01:04.754994+00:00
+2024-02-21T15:04:25.404608+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-21T10:15:42.900000+00:00
+2024-02-21T14:19:31.900000+00:00
 ```

 ### Last Data Feed Release
@ -29,21 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-239086
+239088
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+* [CVE-2023-7235](CVE-2023/CVE-2023-72xx/CVE-2023-7235.json) (`2024-02-21T11:15:07.673`)
+* [CVE-2023-47795](CVE-2023/CVE-2023-477xx/CVE-2023-47795.json) (`2024-02-21T14:15:45.677`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `4`

-* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-21T10:15:42.770`)
-* [CVE-2023-6399](CVE-2023/CVE-2023-63xx/CVE-2023-6399.json) (`2024-02-21T10:15:42.900`)
+* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-21T13:15:07.913`)
+* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-21T13:15:08.130`)
+* [CVE-2024-1661](CVE-2024/CVE-2024-16xx/CVE-2024-1661.json) (`2024-02-21T12:15:47.927`)
+* [CVE-2024-21341](CVE-2024/CVE-2024-213xx/CVE-2024-21341.json) (`2024-02-21T14:19:31.900`)


 ## Download and Usage