admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T19:00:24.743087+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 19:00:28 +00:00
parent e1ef50bbf0
commit 1bb9d33bcf
33 changed files with 1177 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2014/CVE-2014-1251xx/CVE-2014-125108.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2014-125108",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-23T17:15:07.773",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T18:34:51.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en w3c online-spellchecker-py hasta 20140130. Se ha calificado como problem\u00e1tica. Este problema afecta un procesamiento desconocido del corrector ortogr\u00e1fico de archivos. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El identificador del parche es d6c21fd8187c5db2a50425ff80694149e75d722e. Se recomienda aplicar un parche para solucionar este problema. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248849."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:w3:spell_checker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2014-01-31",
"matchCriteriaId": "ECC53122-2509-47E6-BCDD-F8C72E93D7C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.248849",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248849",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2019/CVE-2019-155xx/CVE-2019-15592.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-15592",
"sourceIdentifier": "support@hackerone.com",
"published": "2020-02-14T22:15:10.360",
"lastModified": "2021-08-27T12:50:12.590",
"lastModified": "2024-01-03T18:55:45.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -94,8 +94,45 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B25EFFB-3A02-4ACA-BF2E-44DEA5843729"
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "12.0.8",
"matchCriteriaId": "C0D64621-2E24-4698-B116-0FCC6EE6D30F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "12.0.8",
"matchCriteriaId": "5AC10563-1F00-4CAB-94E0-8464E5DBA517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "12.1.8",
"matchCriteriaId": "BE0BA50B-833E-4F74-95CB-EC8963B0ABCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "12.1.8",
"matchCriteriaId": "36F29405-3C84-4ECF-96B7-E25D88926B46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "12.2.3",
"matchCriteriaId": "16FD6BD6-8B76-4053-81C1-E9B00F279113"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.2.0",
"versionEndExcluding": "12.2.3",
"matchCriteriaId": "F131A404-4B2B-4F77-981B-A12D8FC7F590"
}
]
}

6
CVE-2021/CVE-2021-459xx/CVE-2021-45967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-45967",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-18T05:15:07.027",
"lastModified": "2022-07-12T17:42:04.277",
"lastModified": "2024-01-03T18:55:26.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pascom_cloud_phone_system:*:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.19",
"matchCriteriaId": "32CC59F0-1ABA-4D86-9A82-FB8648B2E785"
"matchCriteriaId": "78D2A6F1-C247-4A95-991B-610CDB0DB305"
}
]
}

4
CVE-2023/CVE-2023-306xx/CVE-2023-30617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30617",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T16:15:08.117",
"lastModified": "2024-01-03T16:15:08.117",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-376xx/CVE-2023-37607.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37607",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T14:15:08.747",
"lastModified": "2024-01-03T14:15:08.747",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "Directory Traversal en sistemas autom\u00e1ticos SOC FL9600 FastLine lego_T04E00 permite a un atacante remoto obtener informaci\u00f3n confidencial."
}
],
"metrics": {},

62
CVE-2023/CVE-2023-410xx/CVE-2023-41097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41097",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-12-21T21:15:08.020",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T17:22:03.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -54,14 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.4.0",
"matchCriteriaId": "F8DA3192-03D2-4218-9561-641A2E54C46F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases",
"source": "product-security@silabs.com"
"source": "product-security@silabs.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1",
"source": "product-security@silabs.com"
"source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
}
]
}

90
CVE-2023/CVE-2023-424xx/CVE-2023-42465.json
View File

@ -2,35 +2,109 @@
"id": "CVE-2023-42465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T16:15:08.057",
"lastModified": "2023-12-22T20:32:41.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T17:40:23.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit."
},
{
"lang": "es",
"value": "Sudo anterior a 1.9.15 podr\u00eda permitir row hammer attacks (para eludir la autenticaci\u00f3n o escalar privilegios) porque la l\u00f3gica de la aplicaci\u00f3n a veces se basa en no igualar un valor de error (en lugar de igualar un valor de \u00e9xito) y porque los valores no resisten los cambios de un solo bit."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.15",
"matchCriteriaId": "0352673D-D618-41C1-BC9F-8B3582BC277E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://arxiv.org/abs/2309.02545",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "https://www.sudo.ws/releases/changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

4
CVE-2023/CVE-2023-455xx/CVE-2023-45559.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45559",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T15:15:09.670",
"lastModified": "2024-01-03T15:15:09.670",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-467xx/CVE-2023-46738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46738",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T16:15:08.470",
"lastModified": "2024-01-03T16:15:08.470",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-467xx/CVE-2023-46739.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46739",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:10.303",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/6a0d5fa45a77ff20c752fa9e44738bf5d86c84bd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-8579-7p32-f398",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-467xx/CVE-2023-46740.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46740",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:10.590",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the \u201caccessKey\u201d. To create the \"accesKey\", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/8555c6402794cabdf2cc025c8bea1576122c07ba",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-4248-p65p-hcrm",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-467xx/CVE-2023-46741.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46741",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:10.797",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/972f0275ee8d5dbba4b1530da7c145c269b31ef5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-8h2x-gr2c-c275",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-467xx/CVE-2023-46742.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46742",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:11.010",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-500xx/CVE-2023-50093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50093",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T14:15:08.840",
"lastModified": "2024-01-03T14:15:08.840",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection."
},
{
"lang": "es",
"value": "APIIDA API Gateway Manager para Broadcom Layer7 v2023.2.2 es vulnerable a la inyecci\u00f3n de encabezado de host."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-502xx/CVE-2023-50253.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50253",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:11.387",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/labring/laf/pull/1468",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f",
"source": "security-advisories@github.com"
}
]
}

62
CVE-2023/CVE-2023-513xx/CVE-2023-51387.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51387",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T21:15:08.790",
"lastModified": "2023-12-25T03:08:20.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T17:43:59.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1."
},
{
"lang": "es",
"value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Hertzbeat utiliza aviatorscript para evaluar expresiones de alerta. Se supone que las expresiones de alerta son expresiones simples. Sin embargo, debido a una sanitizaci\u00f3n inadecuada de las expresiones de alerta en versiones anteriores a la 1.4.1, un usuario malintencionado puede utilizar una expresi\u00f3n de alerta manipulada para ejecutar cualquier comando en el servidor hertzbeat. Un usuario malintencionado que tenga acceso a la funci\u00f3n de definici\u00f3n de alertas puede ejecutar cualquier comando en la instancia de Hertzbeat. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "FA9DA6B7-E31D-4037-BB20-38E777BF59BF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-514xx/CVE-2023-51449.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51449",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T21:15:09.000",
"lastModified": "2023-12-25T03:08:20.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T17:57:42.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0."
},
{
"lang": "es",
"value": "Gradio es un paquete Python de c\u00f3digo abierto que le permite crear r\u00e1pidamente una demostraci\u00f3n o una aplicaci\u00f3n web para su modelo de aprendizaje autom\u00e1tico, API o cualquier funci\u00f3n arbitraria de Python. Las versiones de `gradio` anteriores a la 4.11.0 conten\u00edan una vulnerabilidad en la ruta `/file` que las hac\u00eda susceptibles a ataques transversales de archivos en los que un atacante pod\u00eda acceder a archivos arbitrarios en una m\u00e1quina que ejecutaba una aplicaci\u00f3n Gradio con una URL p\u00fablica (por ejemplo, si la demostraci\u00f3n se cre\u00f3 con `share=True`, o en Hugging Face Spaces) si conoc\u00edan la ruta de los archivos a buscar. Este problema se solucion\u00f3 en la versi\u00f3n 4.11.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "4.11.0",
"matchCriteriaId": "2ED6F199-2E15-4A3C-978D-0F6712D53C4C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-516xx/CVE-2023-51651.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51651",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T21:15:09.700",
"lastModified": "2023-12-25T03:08:20.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T18:32:41.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1."
},
{
"lang": "es",
"value": "AWS SDK para PHP es el kit de desarrollo de software de Amazon Web Services para PHP. Dentro del alcance de las solicitudes a claves de objeto S3 y/o prefijos que contienen un doble punto Unix, es posible un path traversal URI. El problema existe en el m\u00e9todo `buildEndpoint` en el componente RestSerializer del AWS SDK para PHP v3 anterior a 3.288.1. El m\u00e9todo `buildEndpoint` se basa en la utilidad Guzzle Psr7 UriResolver, que elimina segmentos de puntos de la ruta de solicitud de acuerdo con RFC 3986. Bajo ciertas condiciones, esto podr\u00eda conducir a que se acceda a un objeto arbitrario. Este problema se solucion\u00f3 en la versi\u00f3n 3.288.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_software_development_kit:*:*:*:*:*:php:*:*",
"versionEndExcluding": "3.288.1",
"matchCriteriaId": "0082C8EC-989B-4F0B-9A53-EF54687E1880"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-60xx/CVE-2023-6004.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6004",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-03T17:15:11.623",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6004",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251110",
"source": "secalert@redhat.com"
},
{
"url": "https://www.libssh.org/security/advisories/CVE-2023-6004.txt",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-63xx/CVE-2023-6348.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6348",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-29T12:15:07.403",
"lastModified": "2023-12-05T17:15:08.840",
"lastModified": "2024-01-03T17:15:11.823",
"vulnStatus": "Modified",
"descriptions": [
{
@ -94,6 +94,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176368/Chrome-BindTextSuggestionHostForFrame-Type-Confusion.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html",
"source": "chrome-cve-admin@google.com",

71
CVE-2023/CVE-2023-70xx/CVE-2023-7042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7042",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:09.267",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T17:05:12.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,31 @@
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de desreferencia de puntero null en ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() en drivers/net/wireless/ath/ath10k/wmi-tlv.c en el kernel de Linux. Este problema podr\u00eda aprovecharse para provocar una denegaci\u00f3n de servicio."
"value": "Se encontr\u00f3 una vulnerabilidad de desreferencia de puntero nulo en ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() en drivers/net/wireless/ath/ath10k/wmi-tlv.c en el kernel de Linux. Este problema podr\u00eda aprovecharse para provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7042",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

6
CVE-2023/CVE-2023-71xx/CVE-2023-7101.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7101",
"sourceIdentifier": "mandiant-cve@google.com",
"published": "2023-12-24T22:15:07.983",
"lastModified": "2024-01-03T02:00:01.237",
"lastModified": "2024-01-03T17:15:11.930",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2024-01-02",
"cisaActionDue": "2024-01-23",
@ -48,6 +48,10 @@
"url": "https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc",
"source": "mandiant-cve@google.com"
},
{
"url": "https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc",
"source": "mandiant-cve@google.com"
},
{
"url": "https://https://metacpan.org/dist/Spreadsheet-ParseExcel",
"source": "mandiant-cve@google.com"

8
CVE-2024/CVE-2024-01xx/CVE-2024-0193.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0193",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T18:15:08.287",
"lastModified": "2024-01-02T19:36:26.333",
"lastModified": "2024-01-03T17:15:12.000",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user to escalate their privileges on the system."
"value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de use after free en el subsistema netfilter del kernel de Linux. Si el elemento general se recolecta como basura cuando se retira el conjunto de pipapo, el elemento se puede desactivar dos veces. Esto puede causar un problema de uso despu\u00e9s de la liberaci\u00f3n en un objeto NFT_CHAIN o NFT_OBJECT, lo que permite a un usuario local sin privilegios escalar sus privilegios en el sistema."
}
],
"metrics": {

59
CVE-2024/CVE-2024-02xx/CVE-2024-0217.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0217",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-03T17:15:12.110",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0217",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624",
"source": "secalert@redhat.com"
}
]
}

79
CVE-2024/CVE-2024-216xx/CVE-2024-21622.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2024-21622",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:12.330",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/pull/13931",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/pull/13932",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-216xx/CVE-2024-21631.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-21631",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:12.790",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1104"
},
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21633.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:13.103",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2024/CVE-2024-219xx/CVE-2024-21907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21907",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.793",
"lastModified": "2024-01-03T16:15:08.793",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-219xx/CVE-2024-21908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21908",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.913",
"lastModified": "2024-01-03T16:15:08.913",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-219xx/CVE-2024-21909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21909",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.003",
"lastModified": "2024-01-03T16:15:09.003",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-219xx/CVE-2024-21910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21910",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.090",
"lastModified": "2024-01-03T16:15:09.090",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-219xx/CVE-2024-21911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21911",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.170",
"lastModified": "2024-01-03T16:15:09.170",
"vulnStatus": "Received",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

54
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-03T17:00:25.062796+00:00
2024-01-03T19:00:24.743087+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-03T16:15:09.170000+00:00
2024-01-03T18:55:45.153000+00:00
```
### Last Data Feed Release
@ -29,31 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234804
234814
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `10`
* [CVE-2023-45559](CVE-2023/CVE-2023-455xx/CVE-2023-45559.json) (`2024-01-03T15:15:09.670`)
* [CVE-2023-30617](CVE-2023/CVE-2023-306xx/CVE-2023-30617.json) (`2024-01-03T16:15:08.117`)
* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-03T16:15:08.470`)
* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-03T16:15:08.793`)
* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-03T16:15:08.913`)
* [CVE-2024-21909](CVE-2024/CVE-2024-219xx/CVE-2024-21909.json) (`2024-01-03T16:15:09.003`)
* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-03T16:15:09.090`)
* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-03T16:15:09.170`)
* [CVE-2023-46739](CVE-2023/CVE-2023-467xx/CVE-2023-46739.json) (`2024-01-03T17:15:10.303`)
* [CVE-2023-46740](CVE-2023/CVE-2023-467xx/CVE-2023-46740.json) (`2024-01-03T17:15:10.590`)
* [CVE-2023-46741](CVE-2023/CVE-2023-467xx/CVE-2023-46741.json) (`2024-01-03T17:15:10.797`)
* [CVE-2023-46742](CVE-2023/CVE-2023-467xx/CVE-2023-46742.json) (`2024-01-03T17:15:11.010`)
* [CVE-2023-50253](CVE-2023/CVE-2023-502xx/CVE-2023-50253.json) (`2024-01-03T17:15:11.387`)
* [CVE-2023-6004](CVE-2023/CVE-2023-60xx/CVE-2023-6004.json) (`2024-01-03T17:15:11.623`)
* [CVE-2024-0217](CVE-2024/CVE-2024-02xx/CVE-2024-0217.json) (`2024-01-03T17:15:12.110`)
* [CVE-2024-21622](CVE-2024/CVE-2024-216xx/CVE-2024-21622.json) (`2024-01-03T17:15:12.330`)
* [CVE-2024-21631](CVE-2024/CVE-2024-216xx/CVE-2024-21631.json) (`2024-01-03T17:15:12.790`)
* [CVE-2024-21633](CVE-2024/CVE-2024-216xx/CVE-2024-21633.json) (`2024-01-03T17:15:13.103`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `22`
* [CVE-2023-7039](CVE-2023/CVE-2023-70xx/CVE-2023-7039.json) (`2024-01-03T15:03:23.020`)
* [CVE-2023-40058](CVE-2023/CVE-2023-400xx/CVE-2023-40058.json) (`2024-01-03T15:08:28.433`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2024-01-03T15:15:09.770`)
* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-01-03T15:20:36.160`)
* [CVE-2014-125108](CVE-2014/CVE-2014-1251xx/CVE-2014-125108.json) (`2024-01-03T18:34:51.040`)
* [CVE-2019-15592](CVE-2019/CVE-2019-155xx/CVE-2019-15592.json) (`2024-01-03T18:55:45.153`)
* [CVE-2021-45967](CVE-2021/CVE-2021-459xx/CVE-2021-45967.json) (`2024-01-03T18:55:26.920`)
* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-03T17:05:12.947`)
* [CVE-2023-6348](CVE-2023/CVE-2023-63xx/CVE-2023-6348.json) (`2024-01-03T17:15:11.823`)
* [CVE-2023-7101](CVE-2023/CVE-2023-71xx/CVE-2023-7101.json) (`2024-01-03T17:15:11.930`)
* [CVE-2023-41097](CVE-2023/CVE-2023-410xx/CVE-2023-41097.json) (`2024-01-03T17:22:03.797`)
* [CVE-2023-37607](CVE-2023/CVE-2023-376xx/CVE-2023-37607.json) (`2024-01-03T17:26:57.957`)
* [CVE-2023-50093](CVE-2023/CVE-2023-500xx/CVE-2023-50093.json) (`2024-01-03T17:26:57.957`)
* [CVE-2023-45559](CVE-2023/CVE-2023-455xx/CVE-2023-45559.json) (`2024-01-03T17:26:57.957`)
* [CVE-2023-30617](CVE-2023/CVE-2023-306xx/CVE-2023-30617.json) (`2024-01-03T17:26:57.957`)
* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-03T17:26:57.957`)
* [CVE-2023-42465](CVE-2023/CVE-2023-424xx/CVE-2023-42465.json) (`2024-01-03T17:40:23.540`)
* [CVE-2023-51387](CVE-2023/CVE-2023-513xx/CVE-2023-51387.json) (`2024-01-03T17:43:59.510`)
* [CVE-2023-51449](CVE-2023/CVE-2023-514xx/CVE-2023-51449.json) (`2024-01-03T17:57:42.490`)
* [CVE-2023-51651](CVE-2023/CVE-2023-516xx/CVE-2023-51651.json) (`2024-01-03T18:32:41.760`)
* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-03T17:15:12.000`)
* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-03T17:26:57.957`)
* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-03T17:26:57.957`)
* [CVE-2024-21909](CVE-2024/CVE-2024-219xx/CVE-2024-21909.json) (`2024-01-03T17:26:57.957`)
* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-03T17:26:57.957`)
* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-03T17:26:57.957`)
## Download and Usage