admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-14T21:00:33.250916+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-14 21:00:36 +00:00
parent fa0d5d8e7a
commit 1c96b7a4f3
42 changed files with 2745 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2009/CVE-2009-24xx/CVE-2009-2403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2403",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-07-09T16:30:00.877",
"lastModified": "2017-09-19T01:29:05.577",
"vulnStatus": "Modified",
"lastModified": "2024-02-14T20:40:22.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-787"
}
]
}
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shinji-chiba:scmpx:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB26549-E975-4B7D-9D89-FD9C479E5A70"
"criteria": "cpe:2.3:a:shinjichiba:scmpx:1.5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "2A278B47-0C76-499A-BA99-6374253B534D"
}
]
}
@ -71,14 +71,27 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/35596",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.exploit-db.com/exploits/9033",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/1729",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}

6
CVE-2021/CVE-2021-374xx/CVE-2021-37415.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-37415",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-09-01T06:15:06.530",
"lastModified": "2022-07-12T17:42:04.277",
"lastModified": "2024-02-14T20:40:33.860",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2021-12-01",
"cisaActionDue": "2021-12-15",
@ -421,14 +421,14 @@
"url": "https://www.manageengine.com",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
"Product"
]
},
{
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
"Release Notes"
]
}
]

7
CVE-2022/CVE-2022-15xx/CVE-2022-1509.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-1509",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-04-28T10:15:07.870",
"lastModified": "2022-05-06T19:44:52.753",
"lastModified": "2024-02-14T20:40:46.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -92,7 +92,7 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-77"
}
]
},
@ -130,8 +130,7 @@
"url": "https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745bd60",
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{

10
CVE-2022/CVE-2022-430xx/CVE-2022-43085.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43085",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-01T14:15:14.707",
"lastModified": "2022-11-02T15:35:31.770",
"lastModified": "2024-02-14T19:10:06.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en add_product.php de Restaurant POS System v1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PHP manipulado."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:restaurant_pos_system_project:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9491502-1DDB-4C94-9B11-810573C25F34"
"criteria": "cpe:2.3:a:codeastro:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD641F5C-6CEC-419E-B2ED-488EE08F8E65"
}
]
}

10
CVE-2022/CVE-2022-430xx/CVE-2022-43086.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43086",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-01T14:15:14.753",
"lastModified": "2022-11-01T23:33:16.097",
"lastModified": "2024-02-14T19:10:06.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Restaurant POS System v1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de update_customer.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:restaurant_pos_system_project:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9491502-1DDB-4C94-9B11-810573C25F34"
"criteria": "cpe:2.3:a:codeastro:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD641F5C-6CEC-419E-B2ED-488EE08F8E65"
}
]
}

65
CVE-2023/CVE-2023-469xx/CVE-2023-46914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46914",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T09:15:15.633",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:27:09.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo RM bookingcalendar para PrestaShop versiones 2.7.9 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de ics_export.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bookingcalendar_project:bookingcalendar:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "2.7.9",
"matchCriteriaId": "4B1490CC-8F45-4861-8803-2D9CBE01C3FC"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-482xx/CVE-2023-48229.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-48229",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T19:15:08.893",
"lastModified": "2024-02-14T19:15:08.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the \"develop\" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2741",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-503xx/CVE-2023-50387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50387",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T16:15:45.300",
"lastModified": "2024-02-14T18:04:50.373",
"lastModified": "2024-02-14T20:15:45.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
"url": "https://news.ycombinator.com/item?id=39367411",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=39372384",
"source": "cve@mitre.org"
},
{
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/",
"source": "cve@mitre.org"

59
CVE-2023/CVE-2023-509xx/CVE-2023-50926.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50926",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T20:15:45.163",
"lastModified": "2024-02-14T20:15:45.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2721",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-509xx/CVE-2023-50927.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50927",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T20:15:45.367",
"lastModified": "2024-02-14T20:15:45.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2484",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw",
"source": "security-advisories@github.com"
}
]
}

44
CVE-2023/CVE-2023-63xx/CVE-2023-6388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6388",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-02-07T03:15:49.857",
"lastModified": "2024-02-07T13:41:21.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:15:52.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +48,50 @@
"value": "CWE-918"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salesagility:suitecrm:7.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC1DD91-E390-4D4E-A727-5D40127DA0C0"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/leon/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/salesagility/SuiteCRM/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

748
CVE-2023/CVE-2023-70xx/CVE-2023-7077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7077",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2024-02-05T07:15:09.690",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:14:00.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551 S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) permite a un atacante ejecutar c\u00f3digo remoto enviando par\u00e1metros no deseados en una solicitud http."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary",
@ -27,10 +60,717 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_e705_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C120DB1-F486-43FB-9324-5E4F14E67C94"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_e705:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6360B5C-24A9-4D01-B799-58BF555662DE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_e805_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE57C71-303F-476A-A459-0B6E97EA6E29"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_e805:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86A76EBA-7A91-40A5-A4D3-578E3F71BDAC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_e905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC2AE11-3B19-479C-880E-E4E1ACAB8B33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_e905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D9AC4E-607F-4FC5-A7A0-8BC8EB6BF4BF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_md551c8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2872F9-E9CF-40FC-8720-713001BBA245"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_md551c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22B3A8A2-7BC1-48C3-AAD4-A30033D39D6D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_p403_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6569274-749A-464D-843D-AB23E5CF103D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_p403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD0E69-06DF-4F40-AC3B-049C862FB7AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_p463_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B7B7BC-6053-4366-AC1B-816023DE4FBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_p463:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8167A24-ACBF-4829-B545-E2F67350B953"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_p553_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7EA4DE-9D91-4506-A3A1-401E370BC87D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_p553:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8508626-5879-478A-81A6-3F74293DF6D9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_p703_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA0A922-4290-4C5C-B983-4F2AF07CD793"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_p703:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F39E9-AE1E-492D-B771-DF3C77E0591B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_p801_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC23A84-F5B9-4E63-9947-3902FC935006"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_p801:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA28F7A6-26F4-40F1-BFC9-51ECED6081EB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_un551s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532E8B17-EBA4-4D1A-AF5C-432F11FFBC92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_un551s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044D46DD-9007-42E0-A144-A37E5678BE23"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_un551vs_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C360287C-0FCB-43D7-93A7-F4368CCB89F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_un551vs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF299059-BA47-4336-8274-B3D6EAC6C914"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x464un_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11520897-1D67-4E3F-9CDF-CB4A8E4FBF8F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x464un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDC0E10-266A-436C-9CA2-323FF7F02401"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x464uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024805-3830-49DB-9CE5-3CF97628E616"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x464uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAF9DA1-3D52-4B99-B413-DEF67A061B83"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x464unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "946BD29D-6E04-483D-920E-EDF2462FB029"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x464unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DEE2858-B1DA-40AE-81D4-A549FE3AD829"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x474hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E62E4C-B7A5-474A-92E8-CDAC61643E8E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x474hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D697B555-8419-4AE5-8222-29F10AFF743F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x551uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F36CC853-D2E6-4CE2-960D-F43159CB5BA6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x551uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83C1CB05-6C17-492E-B963-54ADDBC802E9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x554hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA58CEB-C0BA-42A0-A6E3-325BEC876E82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x554hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D487BF3D-94AA-4D9D-AB20-F026D889D12A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x554un_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208F0248-2638-484C-B2AD-02C635083D09"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x554un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89B210A7-91F0-47A7-BA2E-EEC67EEC9AF6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x554uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8723D2-7FD5-4631-A9DC-01C43A7746F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x554uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CD8355-4B38-4DD4-A02D-CBB0FC86751B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x554unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF42956F-1910-4897-A98F-1FD72BA99C61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x554unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D65923F-A62B-4CCF-9ED2-BDF3C2062CDC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x555uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A75783E-0F9D-4637-988F-18BC7F5E7AA6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x555uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0F8AD9-94B5-4905-A90A-CB05CBD5578B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x555unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "757DDD56-ABAD-4D82-BF4F-3D6524CAC262"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x555unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15EFCA4E-D639-4BD6-AE46-6E2D452EB2BC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x651uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30112680-A382-4518-8158-1F4193BAB2BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x651uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B22300-FFB3-4BAC-A73A-D959A64A0277"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x754hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC54BA7-DF14-4B30-8D96-D62CDC85DD7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x754hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481F5FFA-BA7E-4604-B523-51F0D8CAA40E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x841uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "774044DF-DCB5-4785-9B5D-E6D48042FB80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x841uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4522E14C-57AD-4A1F-B1DD-14D66ECEA379"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:nec_x981uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7CA050-2E5B-4458-9149-E41DA7757DE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:nec_x981uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932677E-D6D2-4238-90EA-1BA752693A06"
}
]
}
]
}
],
"references": [
{
"url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html",
"source": "psirt-info@cyber.jp.nec.com"
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-02xx/CVE-2024-0256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0256",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-07T05:15:08.037",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:17:28.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "18C0B1DD-5845-4E1F-A70E-B562EB702A28"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3029599/starbox",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-10xx/CVE-2024-1037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1037",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-07T07:15:08.877",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:09:45.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:updraftplus:all-in-one_security:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.2.6",
"matchCriteriaId": "E01B5CA9-0531-4FC4-ABB2-B84762320930"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-10xx/CVE-2024-1079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1079",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-07T08:15:43.500",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:33:09.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.5.2.5",
"matchCriteriaId": "341E87A0-CCF1-40F0-A865-CA0FE3C33E50"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-12xx/CVE-2024-1255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1255",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T19:15:10.270",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:40:00.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en sepidz SepidzDigitalMenu hasta 7.1.0728.1 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /Waiters. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252994 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +95,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sepidz:sepidzdigitalmenu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.1.0728.1",
"matchCriteriaId": "A70AB9C7-25F3-4B78-A73E-F26015C06F67"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252994",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252994",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-12xx/CVE-2024-1266.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1266",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-07T01:15:07.800",
"lastModified": "2024-02-07T13:41:21.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:12:16.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:university_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F259F379-EE7F-468E-A76C-1AF4219D4108"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/16a9lQqUFBICw-Hhbe9bT5sSB7qwZjMwA/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253009",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.253009",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-12xx/CVE-2024-1267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1267",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-07T01:15:08.060",
"lastModified": "2024-02-07T13:41:21.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:11:41.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD641F5C-6CEC-419E-B2ED-488EE08F8E65"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.253010",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.253010",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-12xx/CVE-2024-1268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1268",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-07T02:15:55.520",
"lastModified": "2024-02-07T13:41:21.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:39:19.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:restaurant_pos_system_project:restaurant_pos_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9491502-1DDB-4C94-9B11-810573C25F34"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1utXNnlH67FjUaBsYhw1cQWyZsO9MLy1i?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.253011",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.253011",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-14xx/CVE-2024-1482.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-1482",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-02-14T20:15:45.690",
"lastModified": "2024-02-14T20:15:45.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10",
"source": "product-cna@github.com"
}
]
}

34
CVE-2024/CVE-2024-209xx/CVE-2024-20932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20932",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:40.763",
"lastModified": "2024-02-01T17:15:09.190",
"vulnStatus": "Modified",
"lastModified": "2024-02-14T20:46:22.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -85,12 +85,40 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",

10
CVE-2024/CVE-2024-213xx/CVE-2024-21357.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21357",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:52.373",
"lastModified": "2024-02-13T18:22:58.333",
"lastModified": "2024-02-14T19:15:09.520",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -17,8 +17,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
@ -26,10 +26,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]

267
CVE-2024/CVE-2024-223xx/CVE-2024-22388.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22388",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T23:15:08.707",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:59:09.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nCertain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.\n\n"
},
{
"lang": "es",
"value": "Cierta configuraci\u00f3n disponible en el canal de comunicaci\u00f3n para codificadores podr\u00eda exponer datos confidenciales cuando se programan las tarjetas de configuraci\u00f3n del lector. Estos datos podr\u00edan incluir claves de administraci\u00f3n de dispositivos y credenciales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,239 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7199D9-8A09-4ABF-926C-BF4739222282"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB854B8-F5E0-4A00-922C-5B62564DB158"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F84C363-45B4-40F9-8C8F-93394F2AF318"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08AA1F70-0EDD-498D-A60A-D7E769765A1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F3AFC-7213-41E7-800A-78BE8CA53515"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B620F5-3B4E-4728-9066-506105282B91"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA7393-0EF9-43A4-9F26-DB48FDC3DAE7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029F78BB-6EFE-4CD1-80F3-2B5D476D049C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70382765-8BA5-4114-9681-BC4118FD6E24"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*",
"matchCriteriaId": "095B970F-BDB3-449D-8859-ED942B68EC99"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD6E73F-E3CA-412B-986F-8582269C2FC1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB1E42B-DDCE-4333-B9A3-56E046988E40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9661B3-E09D-4A88-AB61-C68E3EC7024C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7B4826-9C1C-4685-AD9A-B2A89069A03F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1833B4BD-0205-412A-BDEE-FE993620C941"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71567BE0-8B74-4AF2-840C-E52A31A95BC2"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hidglobal.com/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22519.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22519",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:14.913",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:47:52.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets."
},
{
"lang": "es",
"value": "Un problema descubierto en OpenDroneID OSM 3.5.1 permite a los atacantes hacerse pasar por otros drones mediante la transmisi\u00f3n de paquetes de datos manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sorenfriis:opendroneid_osm:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7269351E-0CEB-43CD-A5A2-6B8F49CE8767"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Drone-Lab/opendroneid-vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22520.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:14.960",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:45:35.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets."
},
{
"lang": "es",
"value": "Un problema descubierto en Dronetag Drone Scanner 1.5.2 permite a los atacantes hacerse pasar por otros drones mediante la transmisi\u00f3n de paquetes de datos manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dronetag:drone_scanner:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03CEE719-49A9-4DF0-939B-E33BCB6275EC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Drone-Lab/Dronetag-vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-225xx/CVE-2024-22567.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22567",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T20:15:55.620",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:54:19.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do."
},
{
"lang": "es",
"value": "La vulnerabilidad de carga de archivos en MCMS 5.3.5 permite a los atacantes cargar archivos arbitrarios mediante una solicitud POST manipulada en /ms/file/upload.do."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mingsoft:mcms:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6803B1-AC14-4EC0-8164-1928BF6E7EA6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/h3ak/MCMS-CVE-Request/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-226xx/CVE-2024-22667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T08:15:44.110",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:49:17.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Vim anterior a 9.0.2142 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria porque did_set_langmap en map.c llama a sprintf para escribir en el b\u00fafer de error que se pasa a las funciones de devoluci\u00f3n de llamada de opci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2142",
"matchCriteriaId": "2893A4C7-7F1B-4C81-87E0-D19175D4AA6A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

63
CVE-2024/CVE-2024-234xx/CVE-2024-23446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23446",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-02-07T04:15:07.470",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:10:24.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.12.1",
"matchCriteriaId": "F1742708-C04A-4A6D-838E-93E29B7EF104"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-01/352686",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-234xx/CVE-2024-23447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23447",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-02-07T04:15:07.687",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:02:00.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:network_drive_connector:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.12.1",
"matchCriteriaId": "F5E54B7D-6061-43A3-BDF9-121F4A356E99"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-241xx/CVE-2024-24130.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24130",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.720",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:38:39.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mail2World v12 Business Control Center conten\u00eda una vulnerabilidad de cross-site scripting (XSS) reflejada a trav\u00e9s del par\u00e1metro Usr en resellercenter/login.asp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mail2world:mail2world:12:*:*:*:*:*:*:*",
"matchCriteriaId": "814F8AA9-4951-4025-A7F3-A434BE630122"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Hebing123/cve/issues/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

64
CVE-2024/CVE-2024-243xx/CVE-2024-24303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24303",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T09:15:15.780",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:38:18.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo HiPresta \"Gift Wrapping Pro\" (hiadvancedgiftwrapping) para PrestaShop anterior a la versi\u00f3n 1.4.1, permite a atacantes remotos escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hipresta:gift_wrapping_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "442585B7-98E8-48A4-B8A5-DF0B7FFD8107"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-243xx/CVE-2024-24304.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24304",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T09:15:15.913",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:54:48.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "En el m\u00f3dulo \"Mailjet\" (mailjet) de Mailjet para PrestaShop anteriores a la versi\u00f3n 3.5.1, un invitado puede descargar informaci\u00f3n t\u00e9cnica sin restricciones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sinch:mailjet:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "3.5.1",
"matchCriteriaId": "10E359EC-00C2-4D9D-8E3D-B1171B565854"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mailjet/prestashop-mailjet-plugin-apiv3/releases/tag/v3.5.1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2024/02/06/mailjet.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-248xx/CVE-2024-24810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T03:15:50.273",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:12:54.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.14.0",
"matchCriteriaId": "AA99C3FD-4CDC-4DE0-9A04-0421E520E349"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.4",
"matchCriteriaId": "1A6D8FCB-7ED5-4BD7-9B4F-1678DC7A1519"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-248xx/CVE-2024-24811.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24811",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.507",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:26:39.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem."
},
{
"lang": "es",
"value": "SQLAlchemyDA es un adaptador de base de datos gen\u00e9rico para m\u00e9todos ZSQL. Una vulnerabilidad encontrada en versiones anteriores a la 2.2 permite la ejecuci\u00f3n no autenticada de sentencias SQL arbitrarias en la base de datos a la que est\u00e1 conectada la instancia de SQLAlchemyDA. Todos los usuarios se ven afectados. El problema se solucion\u00f3 en la versi\u00f3n 2.2. No existe ning\u00fan workaround para el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:sqlalchemyda:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "26CB0366-8070-4564-8D4B-285BE5CB4C96"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-248xx/CVE-2024-24812.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.703",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T20:22:02.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available."
},
{
"lang": "es",
"value": "Frappe es un framework de aplicaci\u00f3n web completo que utiliza Python y MariaDB en el lado del servidor y una librer\u00eda del lado del cliente estrechamente integrada. Antes de las versiones 14.59.0 y 15.5.0, las p\u00e1ginas del portal eran susceptibles a Cross-Site Scripting (XSS), que se puede utilizar para inyectar c\u00f3digo JS malicioso si el usuario hace clic en un enlace malicioso. Esta vulnerabilidad ha sido parcheada en las versiones 14.59.0 y 15.5.0. No hay workarounds disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +84,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.59.0",
"matchCriteriaId": "81278517-B286-4C42-8320-A19A817D1705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.5.0",
"matchCriteriaId": "88151956-39A0-4C8E-8025-DCE54D8AE90B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/frappe/releases/tag/v14.59.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/frappe/frappe/releases/tag/v15.5.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-248xx/CVE-2024-24860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24860",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.077",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-14T19:50:10.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security@openanolis.org",
"type": "Secondary",
@ -39,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "security@openanolis.org",
"type": "Secondary",
@ -50,10 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.5.19",
"matchCriteriaId": "114DE1A5-BAA4-4498-B1FE-AB7D6AA51AF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndIncluding": "6.7.2",
"matchCriteriaId": "531D8406-3925-4647-9961-38BC93A02F16"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151",
"source": "security@openanolis.org"
"source": "security@openanolis.org",
"tags": [
"Issue Tracking"
]
}
]
}

8
CVE-2024/CVE-2024-250xx/CVE-2024-25003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25003",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T07:16:00.807",
"lastModified": "2024-02-14T14:03:25.237",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-14T20:15:45.910",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html",
"source": "cve@mitre.org",

8
CVE-2024/CVE-2024-250xx/CVE-2024-25004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25004",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T07:16:00.930",
"lastModified": "2024-02-14T14:02:58.033",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-14T20:15:45.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html",
"source": "cve@mitre.org",

20
CVE-2024/CVE-2024-251xx/CVE-2024-25165.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25165",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T20:15:46.057",
"lastModified": "2024-02-14T20:15:46.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/217",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-253xx/CVE-2024-25300.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25300",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T19:15:10.213",
"lastModified": "2024-02-14T19:15:10.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/XSS.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-253xx/CVE-2024-25301.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T19:15:10.277",
"lastModified": "2024-02-14T19:15:10.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459",
"source": "cve@mitre.org"
}
]
}

92
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-14T19:01:05.917533+00:00
2024-02-14T21:00:33.250916+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-14T18:59:33.780000+00:00
2024-02-14T20:59:09.660000+00:00
```
### Last Data Feed Release
@ -29,69 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238585
238592
```
### CVEs added in the last Commit
Recently added CVEs: `65`
Recently added CVEs: `7`
* [CVE-2024-21771](CVE-2024/CVE-2024-217xx/CVE-2024-21771.json) (`2024-02-14T17:15:11.827`)
* [CVE-2024-21782](CVE-2024/CVE-2024-217xx/CVE-2024-21782.json) (`2024-02-14T17:15:12.023`)
* [CVE-2024-21789](CVE-2024/CVE-2024-217xx/CVE-2024-21789.json) (`2024-02-14T17:15:12.220`)
* [CVE-2024-21849](CVE-2024/CVE-2024-218xx/CVE-2024-21849.json) (`2024-02-14T17:15:12.417`)
* [CVE-2024-22093](CVE-2024/CVE-2024-220xx/CVE-2024-22093.json) (`2024-02-14T17:15:12.607`)
* [CVE-2024-22389](CVE-2024/CVE-2024-223xx/CVE-2024-22389.json) (`2024-02-14T17:15:12.803`)
* [CVE-2024-23306](CVE-2024/CVE-2024-233xx/CVE-2024-23306.json) (`2024-02-14T17:15:13.007`)
* [CVE-2024-23308](CVE-2024/CVE-2024-233xx/CVE-2024-23308.json) (`2024-02-14T17:15:13.200`)
* [CVE-2024-23314](CVE-2024/CVE-2024-233xx/CVE-2024-23314.json) (`2024-02-14T17:15:13.387`)
* [CVE-2024-23603](CVE-2024/CVE-2024-236xx/CVE-2024-23603.json) (`2024-02-14T17:15:13.587`)
* [CVE-2024-23607](CVE-2024/CVE-2024-236xx/CVE-2024-23607.json) (`2024-02-14T17:15:13.857`)
* [CVE-2024-23805](CVE-2024/CVE-2024-238xx/CVE-2024-23805.json) (`2024-02-14T17:15:14.073`)
* [CVE-2024-23976](CVE-2024/CVE-2024-239xx/CVE-2024-23976.json) (`2024-02-14T17:15:14.273`)
* [CVE-2024-23979](CVE-2024/CVE-2024-239xx/CVE-2024-23979.json) (`2024-02-14T17:15:14.457`)
* [CVE-2024-23982](CVE-2024/CVE-2024-239xx/CVE-2024-23982.json) (`2024-02-14T17:15:14.637`)
* [CVE-2024-24775](CVE-2024/CVE-2024-247xx/CVE-2024-24775.json) (`2024-02-14T17:15:14.973`)
* [CVE-2024-24966](CVE-2024/CVE-2024-249xx/CVE-2024-24966.json) (`2024-02-14T17:15:15.213`)
* [CVE-2024-24989](CVE-2024/CVE-2024-249xx/CVE-2024-24989.json) (`2024-02-14T17:15:15.513`)
* [CVE-2024-24990](CVE-2024/CVE-2024-249xx/CVE-2024-24990.json) (`2024-02-14T17:15:15.713`)
* [CVE-2024-0568](CVE-2024/CVE-2024-05xx/CVE-2024-0568.json) (`2024-02-14T17:15:11.440`)
* [CVE-2024-0007](CVE-2024/CVE-2024-00xx/CVE-2024-0007.json) (`2024-02-14T18:15:47.110`)
* [CVE-2024-0008](CVE-2024/CVE-2024-00xx/CVE-2024-0008.json) (`2024-02-14T18:15:47.310`)
* [CVE-2024-0009](CVE-2024/CVE-2024-00xx/CVE-2024-0009.json) (`2024-02-14T18:15:47.503`)
* [CVE-2024-0010](CVE-2024/CVE-2024-00xx/CVE-2024-0010.json) (`2024-02-14T18:15:47.703`)
* [CVE-2024-0011](CVE-2024/CVE-2024-00xx/CVE-2024-0011.json) (`2024-02-14T18:15:47.897`)
* [CVE-2023-48229](CVE-2023/CVE-2023-482xx/CVE-2023-48229.json) (`2024-02-14T19:15:08.893`)
* [CVE-2023-50926](CVE-2023/CVE-2023-509xx/CVE-2023-50926.json) (`2024-02-14T20:15:45.163`)
* [CVE-2023-50927](CVE-2023/CVE-2023-509xx/CVE-2023-50927.json) (`2024-02-14T20:15:45.367`)
* [CVE-2024-25300](CVE-2024/CVE-2024-253xx/CVE-2024-25300.json) (`2024-02-14T19:15:10.213`)
* [CVE-2024-25301](CVE-2024/CVE-2024-253xx/CVE-2024-25301.json) (`2024-02-14T19:15:10.277`)
* [CVE-2024-1482](CVE-2024/CVE-2024-14xx/CVE-2024-1482.json) (`2024-02-14T20:15:45.690`)
* [CVE-2024-25165](CVE-2024/CVE-2024-251xx/CVE-2024-25165.json) (`2024-02-14T20:15:46.057`)
### CVEs modified in the last Commit
Recently modified CVEs: `43`
Recently modified CVEs: `34`
* [CVE-2023-41706](CVE-2023/CVE-2023-417xx/CVE-2023-41706.json) (`2024-02-14T17:15:09.317`)
* [CVE-2023-41707](CVE-2023/CVE-2023-417xx/CVE-2023-41707.json) (`2024-02-14T17:15:09.390`)
* [CVE-2023-41708](CVE-2023/CVE-2023-417xx/CVE-2023-41708.json) (`2024-02-14T17:15:09.467`)
* [CVE-2023-51951](CVE-2023/CVE-2023-519xx/CVE-2023-51951.json) (`2024-02-14T17:34:18.490`)
* [CVE-2023-50782](CVE-2023/CVE-2023-507xx/CVE-2023-50782.json) (`2024-02-14T17:52:10.027`)
* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-14T18:04:50.373`)
* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-14T18:04:50.373`)
* [CVE-2023-0687](CVE-2023/CVE-2023-06xx/CVE-2023-0687.json) (`2024-02-14T18:47:42.920`)
* [CVE-2023-40355](CVE-2023/CVE-2023-403xx/CVE-2023-40355.json) (`2024-02-14T18:49:39.177`)
* [CVE-2024-24543](CVE-2024/CVE-2024-245xx/CVE-2024-24543.json) (`2024-02-14T17:13:32.827`)
* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-14T17:15:14.840`)
* [CVE-2024-1210](CVE-2024/CVE-2024-12xx/CVE-2024-1210.json) (`2024-02-14T17:26:54.873`)
* [CVE-2024-24396](CVE-2024/CVE-2024-243xx/CVE-2024-24396.json) (`2024-02-14T17:58:05.850`)
* [CVE-2024-1263](CVE-2024/CVE-2024-12xx/CVE-2024-1263.json) (`2024-02-14T18:05:47.527`)
* [CVE-2024-1262](CVE-2024/CVE-2024-12xx/CVE-2024-1262.json) (`2024-02-14T18:06:27.733`)
* [CVE-2024-0955](CVE-2024/CVE-2024-09xx/CVE-2024-0955.json) (`2024-02-14T18:15:04.450`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-14T18:15:48.077`)
* [CVE-2024-0971](CVE-2024/CVE-2024-09xx/CVE-2024-0971.json) (`2024-02-14T18:17:13.660`)
* [CVE-2024-1264](CVE-2024/CVE-2024-12xx/CVE-2024-1264.json) (`2024-02-14T18:17:58.123`)
* [CVE-2024-1265](CVE-2024/CVE-2024-12xx/CVE-2024-1265.json) (`2024-02-14T18:18:24.667`)
* [CVE-2024-1284](CVE-2024/CVE-2024-12xx/CVE-2024-1284.json) (`2024-02-14T18:19:17.177`)
* [CVE-2024-1283](CVE-2024/CVE-2024-12xx/CVE-2024-1283.json) (`2024-02-14T18:19:42.423`)
* [CVE-2024-1078](CVE-2024/CVE-2024-10xx/CVE-2024-1078.json) (`2024-02-14T18:39:51.437`)
* [CVE-2024-0977](CVE-2024/CVE-2024-09xx/CVE-2024-0977.json) (`2024-02-14T18:46:52.707`)
* [CVE-2024-1055](CVE-2024/CVE-2024-10xx/CVE-2024-1055.json) (`2024-02-14T18:59:33.780`)
* [CVE-2024-1037](CVE-2024/CVE-2024-10xx/CVE-2024-1037.json) (`2024-02-14T19:09:45.253`)
* [CVE-2024-1267](CVE-2024/CVE-2024-12xx/CVE-2024-1267.json) (`2024-02-14T19:11:41.217`)
* [CVE-2024-1266](CVE-2024/CVE-2024-12xx/CVE-2024-1266.json) (`2024-02-14T19:12:16.803`)
* [CVE-2024-21357](CVE-2024/CVE-2024-213xx/CVE-2024-21357.json) (`2024-02-14T19:15:09.520`)
* [CVE-2024-0256](CVE-2024/CVE-2024-02xx/CVE-2024-0256.json) (`2024-02-14T19:17:28.387`)
* [CVE-2024-1079](CVE-2024/CVE-2024-10xx/CVE-2024-1079.json) (`2024-02-14T19:33:09.977`)
* [CVE-2024-24303](CVE-2024/CVE-2024-243xx/CVE-2024-24303.json) (`2024-02-14T19:38:18.727`)
* [CVE-2024-1255](CVE-2024/CVE-2024-12xx/CVE-2024-1255.json) (`2024-02-14T19:40:00.650`)
* [CVE-2024-22520](CVE-2024/CVE-2024-225xx/CVE-2024-22520.json) (`2024-02-14T19:45:35.337`)
* [CVE-2024-22519](CVE-2024/CVE-2024-225xx/CVE-2024-22519.json) (`2024-02-14T19:47:52.893`)
* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-14T19:49:17.490`)
* [CVE-2024-24860](CVE-2024/CVE-2024-248xx/CVE-2024-24860.json) (`2024-02-14T19:50:10.803`)
* [CVE-2024-22567](CVE-2024/CVE-2024-225xx/CVE-2024-22567.json) (`2024-02-14T19:54:19.663`)
* [CVE-2024-24304](CVE-2024/CVE-2024-243xx/CVE-2024-24304.json) (`2024-02-14T19:54:48.247`)
* [CVE-2024-23447](CVE-2024/CVE-2024-234xx/CVE-2024-23447.json) (`2024-02-14T20:02:00.753`)
* [CVE-2024-23446](CVE-2024/CVE-2024-234xx/CVE-2024-23446.json) (`2024-02-14T20:10:24.323`)
* [CVE-2024-24810](CVE-2024/CVE-2024-248xx/CVE-2024-24810.json) (`2024-02-14T20:12:54.643`)
* [CVE-2024-25003](CVE-2024/CVE-2024-250xx/CVE-2024-25003.json) (`2024-02-14T20:15:45.910`)
* [CVE-2024-25004](CVE-2024/CVE-2024-250xx/CVE-2024-25004.json) (`2024-02-14T20:15:45.980`)
* [CVE-2024-24812](CVE-2024/CVE-2024-248xx/CVE-2024-24812.json) (`2024-02-14T20:22:02.537`)
* [CVE-2024-24811](CVE-2024/CVE-2024-248xx/CVE-2024-24811.json) (`2024-02-14T20:26:39.143`)
* [CVE-2024-24130](CVE-2024/CVE-2024-241xx/CVE-2024-24130.json) (`2024-02-14T20:38:39.543`)
* [CVE-2024-1268](CVE-2024/CVE-2024-12xx/CVE-2024-1268.json) (`2024-02-14T20:39:19.037`)
* [CVE-2024-20932](CVE-2024/CVE-2024-209xx/CVE-2024-20932.json) (`2024-02-14T20:46:22.083`)
* [CVE-2024-22388](CVE-2024/CVE-2024-223xx/CVE-2024-22388.json) (`2024-02-14T20:59:09.660`)
## Download and Usage