admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-08T17:01:07.115353+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-08 17:01:10 +00:00
parent 3a578617ca
commit 1f24870b3f
89 changed files with 4299 additions and 912 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-1999/CVE-1999-04xx/CVE-1999-0426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-1999-0426",
"sourceIdentifier": "cve@mitre.org",
"published": "1999-03-01T05:00:00.000",
"lastModified": "2022-08-17T08:15:11.937",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:50:30.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-276"
}
]
}
@ -69,7 +91,11 @@
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0426",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

33
CVE-2001/CVE-2001-04xx/CVE-2001-0497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2001-0497",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-07-21T04:00:00.000",
"lastModified": "2018-09-20T18:45:26.173",
"lastModified": "2024-02-08T15:49:28.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-276"
}
]
}
@ -75,6 +97,13 @@
}
],
"references": [
{
"url": "http://www.osvdb.org/5609",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://xforce.iss.net/alerts/advise78.php",
"source": "cve@mitre.org",

50
CVE-2002/CVE-2002-17xx/CVE-2002-1713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2002-1713",
"sourceIdentifier": "cve@mitre.org",
"published": "2002-12-31T05:00:00.000",
"lastModified": "2017-07-11T01:29:21.820",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:50:05.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-276"
}
]
}
@ -67,6 +89,15 @@
}
],
"references": [
{
"url": "http://online.securityfocus.com/archive/1/277515",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.kb.cert.org/vuls/id/455323",
"source": "cve@mitre.org",
@ -77,11 +108,20 @@
},
{
"url": "http://www.securityfocus.com/bid/5050",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9389",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
CVE-2002/CVE-2002-18xx/CVE-2002-1844.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2002-1844",
"sourceIdentifier": "cve@mitre.org",
"published": "2002-12-31T05:00:00.000",
"lastModified": "2008-09-05T20:31:39.763",
"lastModified": "2024-02-08T15:50:01.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,13 +66,14 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -58,8 +81,19 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:windows_media_player:6.3:*:solaris:*:*:*:*:*",
"matchCriteriaId": "D072CEC5-3646-4264-B56E-0A1DCC37129B"
"criteria": "cpe:2.3:a:microsoft:windows_media_player:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5341552-9A9B-4F79-906B-E58E302CCE7E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796"
}
]
}
@ -69,15 +103,26 @@
"references": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0260.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.iss.net/security_center/static/10398.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/6003",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

476
CVE-2003/CVE-2003-04xx/CVE-2003-0466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2003-0466",
"sourceIdentifier": "cve@mitre.org",
"published": "2003-08-27T04:00:00.000",
"lastModified": "2018-05-03T01:29:20.520",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:50:15.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-193"
}
]
}
@ -62,53 +84,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:*",
"matchCriteriaId": "F69B3E90-FB3A-4D9F-B0EB-0681AF6131A6"
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD51CE3-B104-4BB8-AD8E-3C2F60D2D9F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "D3805141-B6A9-4DD6-99B9-65284CD39864"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:*",
"matchCriteriaId": "E2382495-2EC3-4A1E-9662-CE4F65630731"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:*",
"matchCriteriaId": "A9BB080D-B46A-4040-879D-F1E1222DEA30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:*",
"matchCriteriaId": "DE2084B6-6855-447D-83BD-1825AA3D1D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:*",
"matchCriteriaId": "FB3965F4-B617-4AF9-8115-40F1688B5775"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6"
"criteria": "cpe:2.3:a:wuftpd:wu-ftpd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "3C3191BF-240C-423E-91F5-6DECC66CC708"
}
]
}
@ -132,258 +116,29 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816"
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "5.0",
"matchCriteriaId": "4EE1CD4D-5EE1-4B2B-B049-052CBC09A943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E3F7EB61-55A5-4776-B0E7-3508920A6CEA"
"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "55D58961-14E5-485B-AABE-4355537111C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5"
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndIncluding": "3.3",
"matchCriteriaId": "50F2F4A9-5EA3-47DF-B583-AE8C8AFA636D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"matchCriteriaId": "1E8A6564-129A-4555-A5ED-6F65C56AE7B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "237174A4-E030-4A0B-AD0B-5C463603EAA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "5D7F8F11-1869-40E2-8478-28B4E946D3CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"matchCriteriaId": "9062BAB5-D437-49BE-A384-39F62434B70B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "21B69535-4FB6-4FAD-AAA6-C790FF82EFAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "6E53C673-9D6D-42C8-A502-033E1FC28D97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"matchCriteriaId": "2FE1009B-371A-48E2-A456-935A1F0B7D0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "C844A170-B5A7-4703-AF3B-67366D44EA8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"matchCriteriaId": "3D41CB12-7894-4D25-80EC-23C56171D973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "09789843-6A1A-4CDB-97E8-89E82B79DDB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"matchCriteriaId": "E5612FB0-8403-4A7E-B89A-D7BDFAC00078"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"matchCriteriaId": "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "09BFA20B-2F31-4246-8F74-63DF1DB884EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3B13D898-C1B6-44B9-8432-7DDB8A380E9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF0D51-FCFA-46A3-B834-E80DFA91DFDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB726CF-ADA2-4CDA-9786-1E84AC53740A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC373FC-88AC-4B6D-A289-51881ACD57F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DA7F0-E3C0-447A-A2B0-ECC928389D84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBE290B-5EC6-4BBA-B645-294C150E417A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7FDFB-C6A6-4B58-B0B4-236E4EA76EF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF053A1-C252-427E-9EEF-27240F422976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48A9C344-45AA-47B9-B35A-1A62E220D9C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB24F0-46A7-481B-83ED-8BB012AE0C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6AEAF0-FA61-4A3F-A083-1218C2027781"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1957B3C0-7F25-469B-BC3F-7B09260837ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7"
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:*:*:*:sparc:*:*",
"matchCriteriaId": "BCA7836E-A936-4832-81A2-2D31F0642ABE"
}
]
}
@ -393,51 +148,112 @@
"references": [
{
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=105967301604815&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=106001410028809&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=106001702232325&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=106002488209129&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://secunia.com/advisories/9423",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/9446",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/9447",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/9535",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1007380",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2003/dsa-357",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.kb.cert.org/vuls/id/743092",
@ -449,48 +265,90 @@
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.osvdb.org/6602",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/8315",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

198
CVE-2004/CVE-2004-08xx/CVE-2004-0816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2004-0816",
"sourceIdentifier": "cve@mitre.org",
"published": "2004-12-23T05:00:00.000",
"lastModified": "2017-07-11T01:30:30.043",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:28:22.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-191"
}
]
}
@ -62,143 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*",
"matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*",
"matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*",
"matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*",
"matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*",
"matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*",
"matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*",
"matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*",
"matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*",
"matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*",
"matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*",
"matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8220D81-9065-471F-9256-CFE7B9941555"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB445E3E-CCBD-4737-BE30-841B9A79D558"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5301E27-8021-467C-A9A2-AF2137EF0299"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79787868-2D77-4B55-AD61-C2B357CCE047"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3F27D3-8F1D-4576-A584-1E2059CC67B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5D260C-AE1C-47E9-A88C-B9C2B4349249"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0934C49-5F88-4189-BD88-2F32C39C2F25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9958C6-AB7D-4B67-9AA7-42B628CBC391"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14B0A230-4054-4483-A3A7-9A5A286C7552"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F90242EF-048B-4539-AA41-87AA84875A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C4E9325-2A70-4E15-9AAF-5588BF218055"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "01402A85-B681-4DE0-B7BB-F52567DA29E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "608FDE1E-B02A-45A2-8877-0E52A5BD0963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.6.8",
"matchCriteriaId": "B83B7802-ED98-4D90-9EFB-74FB7BC18B2A"
}
]
}
@ -206,21 +94,43 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/11202/",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.novell.com/linux/security/advisories/2004_37_kernel.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/11488",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17800",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2004/CVE-2004-10xx/CVE-2004-1002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2004-1002",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-03-01T05:00:00.000",
"lastModified": "2020-02-24T15:55:35.100",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:43:39.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -18,6 +18,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -51,7 +73,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-191"
}
]
}
@ -65,8 +87,23 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1616F663-E821-4CC2-A62F-3F4010F62084"
"criteria": "cpe:2.3:a:samba:ppp:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287DEBB4-8BD5-40DE-8386-59B87412EE39"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E"
}
]
}
@ -76,15 +113,27 @@
"references": [
{
"url": "http://www.securityfocus.com/archive/1/379450",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17874",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.ubuntu.com/usn/usn-12-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

111
CVE-2005/CVE-2005-01xx/CVE-2005-0199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-0199",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-02T04:00:00.000",
"lastModified": "2017-07-11T01:32:08.407",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:43:49.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-191"
}
]
}
@ -58,48 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "210988F2-A886-4B40-BC8F-6B3C44DCAB87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4DE0F3E-779A-49DA-8581-456116B5C207"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD611B4-80D9-41BE-A6C7-66F58FCDD5C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93CED84A-87B0-4033-98E1-CFB132CFAAF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD38AB3F-23B5-49C5-8A2A-858397056050"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E06A467-1B5C-453F-8A45-F3F7CEA869D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "57C8FE95-1D91-4FBE-922F-040613DADA41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "343993AE-A62F-4C58-BAA5-648D5CF74642"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ngircd:ngircd:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B611F0F-B716-49CF-8137-4EA82E9486C7"
"criteria": "cpe:2.3:a:barton:ngircd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.2",
"matchCriteriaId": "6BAD97DE-3E0A-4D1B-87DF-DE3C30E812BB"
}
]
}
@ -111,6 +94,7 @@
"url": "http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
]
},
@ -118,31 +102,58 @@
"url": "http://bugs.gentoo.org/show_bug.cgi?id=79705",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
"Issue Tracking"
]
},
{
"url": "http://secunia.com/advisories/14056",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/14059",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1013047",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/12397",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch"
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19143",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2005/CVE-2005-18xx/CVE-2005-1891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-1891",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-06-09T04:00:00.000",
"lastModified": "2016-10-18T03:23:11.980",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:44:05.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,13 +66,14 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-191"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -58,38 +81,20 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.0.2938:*:*:*:*:*:*:*",
"matchCriteriaId": "81FDEE59-4E96-4AA7-BE33-9199CF9EA9BB"
},
"criteria": "cpe:2.3:a:aol:aim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.9.3797",
"matchCriteriaId": "85974BBB-6030-4982-9CFC-388EBFE2FE3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.1.3036:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9C099B-C975-46A4-A9A2-F1160DDC0242"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.2.3292:*:*:*:*:*:*:*",
"matchCriteriaId": "43DE333F-6793-4A80-8B61-3AF5EFD1B52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6955CC4D-1130-46DB-819A-EAFB3BBDAB74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.5.3415_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDD88ED-D59C-4EA3-8C33-E255A39DC2F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.5.3595:*:*:*:*:*:*:*",
"matchCriteriaId": "3331131F-F11D-4F6B-9C61-710030273D44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aol:instant_messenger:5.9.3797:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7C99C9-08DD-4073-92F3-275178BB0694"
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
@ -99,19 +104,35 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=111816939928640&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=111817881214343&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://securitytracker.com/id?1014145",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/13880",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

54
CVE-2008/CVE-2008-33xx/CVE-2008-3324.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-3324",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-08-18T17:41:00.000",
"lastModified": "2018-10-11T20:47:58.317",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T13:54:56.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-94"
"value": "CWE-494"
}
]
}
@ -73,19 +95,37 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2008/Aug/0302.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/495724/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/30693",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44477",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2009/CVE-2009-32xx/CVE-2009-3289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-3289",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-09-22T10:30:00.703",
"lastModified": "2010-05-20T05:44:21.517",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T14:56:57.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -22,6 +22,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -55,7 +77,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-732"
}
]
}
@ -75,33 +97,76 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "DE5FEEB4-95BC-47AF-A6EA-FEF4C2AF1A2C"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/39656",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.vupen.com/english/advisories/2010/1001",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Issue Tracking"
]
}
]

102
CVE-2009/CVE-2009-34xx/CVE-2009-3482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-3482",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-09-30T15:30:00.390",
"lastModified": "2018-10-10T19:43:34.863",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:10:29.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-732"
}
]
}
@ -63,64 +85,14 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:antivirus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.8.0.2265",
"matchCriteriaId": "78CE909A-D097-41D6-8A44-A8134147F70B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:antivirus:2.8.0.1844:*:*:*:*:*:*:*",
"matchCriteriaId": "BB130280-C4BD-4A56-BB91-B4A3CAD17E7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:antivirus:2.8.0.2218:*:*:*:*:*:*:*",
"matchCriteriaId": "63C1E89A-970F-4033-AD57-5439F7B647EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:antivirus:2.8.0.2245:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD4970A-2820-4F55-95C5-F95441879CDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:antivirus:2.8.0.2263:*:*:*:*:*:*:*",
"matchCriteriaId": "C413B881-72F5-408F-ACFF-BCF39F6BDD71"
"versionEndExcluding": "2.8.0.2266",
"matchCriteriaId": "A3491438-D727-4570-9F06-2139AF4A7A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0.1290",
"matchCriteriaId": "E51ECD94-F052-4225-952B-A3912C60313A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:1.5.4.1060:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CC4D1D-FDBB-40DF-8AE3-4E487794E8BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:2.0.0.1247:*:*:*:*:*:*:*",
"matchCriteriaId": "F85CD265-D7D7-48B6-8EB1-DC33674FAE02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:2.0.0.1259:*:*:*:*:*:*:*",
"matchCriteriaId": "9F78D7F4-8A0F-4679-9025-725E0ACE5426"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:2.0.0.1269:*:*:*:*:*:*:*",
"matchCriteriaId": "AF81D957-375E-4E65-A7FB-F5AA7D6BD176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:2.0.0.1278:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2C7FA4-5788-4C8A-BBED-58F2AF644FFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustport:pc_security:2.0.0.1290:*:business:*:*:*:*:*",
"matchCriteriaId": "82AB4A7F-9309-4390-8C5A-46251D5152E6"
"versionEndExcluding": "2.0.0.1291",
"matchCriteriaId": "4F10BB6D-0F52-4CB1-82BB-1EC91C7DF580"
}
]
}
@ -128,14 +100,28 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/36880",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/506751/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.trustport.com/en/notices/security-update-of-trustport-products",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}

65
CVE-2009/CVE-2009-34xx/CVE-2009-3489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-3489",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-09-30T15:30:00.593",
"lastModified": "2018-10-10T19:43:35.160",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:21:27.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-16"
"value": "CWE-732"
}
]
}
@ -73,33 +95,60 @@
"references": [
{
"url": "http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://retrogod.altervista.org/9sg_adobe_pe_local.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/36895",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/archive/1/506806/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/36542",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1022963",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/2798",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

119
CVE-2009/CVE-2009-38xx/CVE-2009-3897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-3897",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-11-24T17:30:00.407",
"lastModified": "2017-08-17T01:31:19.320",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T15:21:34.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-732"
}
]
}
@ -62,43 +84,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B"
"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.8",
"matchCriteriaId": "A697E475-79C0-45FD-9529-022CBC15921D"
}
]
}
@ -108,47 +97,80 @@
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=oss-security&m=125871729029145&w=2",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://marc.info/?l=oss-security&m=125881481222441&w=2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://marc.info/?l=oss-security&m=125900267208712&w=2",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://marc.info/?l=oss-security&m=125900271508796&w=2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://secunia.com/advisories/37443",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.dovecot.org/list/dovecot-news/2009-November/000143.html",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:306",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://www.osvdb.org/60316",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/37084",
"source": "secalert@redhat.com",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
@ -156,12 +178,17 @@
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54363",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

77
CVE-2020/CVE-2020-295xx/CVE-2020-29504.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2020-29504",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-02T16:15:44.860",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:26:12.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\u00a0versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.\n\n"
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.2, contienen una vulnerabilidad de paso criptogr\u00e1fico requerido faltante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.5",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.2",
"matchCriteriaId": "84735DD4-8297-4476-9013-967E9E323D9F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

23
CVE-2022/CVE-2022-25xx/CVE-2022-2591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2591",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-08-01T11:15:13.460",
"lastModified": "2023-05-15T17:15:09.673",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T13:48:01.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -68,6 +68,16 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
@ -102,7 +112,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/172323/FLEX-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.205344",

4
CVE-2022/CVE-2022-27xx/CVE-2022-2732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2732",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-08-09T12:15:08.357",
"lastModified": "2023-08-02T09:15:13.307",
"vulnStatus": "Modified",
"lastModified": "2024-02-08T13:54:15.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-470xx/CVE-2023-47020.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47020",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T16:15:46.377",
"lastModified": "2024-02-08T16:15:46.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/pGB3LKdf64w",
"source": "cve@mitre.org"
}
]
}

78
CVE-2023/CVE-2023-496xx/CVE-2023-49610.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49610",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T23:15:10.003",
"lastModified": "2024-02-02T01:58:03.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T15:50:19.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nMachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Los dispositivos basados en MachineSense FeverWarn Raspberry Pi carecen de sanitizaci\u00f3n de entrada, lo que podr\u00eda permitir que un atacante en una red adyacente env\u00ede un mensaje ejecutando comandos o podr\u00eda desbordar la pila."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"
}
]
}
]
}
],
"references": [
{
"url": "https://machinesense.com/pages/about-machinesense",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

78
CVE-2023/CVE-2023-496xx/CVE-2023-49617.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49617",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T23:15:10.227",
"lastModified": "2024-02-02T01:58:03.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T15:55:41.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nThe MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "La interfaz programable de la aplicaci\u00f3n (API) de MachineSense no est\u00e1 protegida adecuadamente y se puede acceder a ella sin autenticaci\u00f3n. Un atacante remoto podr\u00eda recuperar y modificar informaci\u00f3n confidencial sin ning\u00fan tipo de autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"
}
]
}
]
}
],
"references": [
{
"url": "https://machinesense.com/pages/about-machinesense",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2023/CVE-2023-511xx/CVE-2023-51197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51197",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T22:15:52.613",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:31:17.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Un problema descubierto en la ejecuci\u00f3n de comandos de shell en ROS2 (Robot Operating System 2) Foxy Fitzroy, con ROS_VERSION=2 y ROS_PYTHON_VERSION=3 permite a un atacante ejecutar comandos arbitrarios y causar otros impactos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*",
"matchCriteriaId": "53A6F65F-8E6F-4F7E-B357-0D2E450667B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/16yashpatel/CVE-2023-51197",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-511xx/CVE-2023-51198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51198",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T22:15:52.670",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:09:00.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Un problema en los componentes de permiso y control de acceso dentro de ROS2 Foxy Fitzroy ROS_VERSION=2 y ROS_PYTHON_VERSION=3 permite a los atacantes obtener privilegios elevados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*",
"matchCriteriaId": "53A6F65F-8E6F-4F7E-B357-0D2E450667B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/16yashpatel/CVE-2023-51198",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-512xx/CVE-2023-51202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T22:15:52.720",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:04:46.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el procesamiento de comandos o componentes de llamadas al sistema ROS2 (Robot Operating System 2) Foxy Fitzroy, con ROS_VERSION=2 y ROS_PYTHON_VERSION=3 permite a los atacantes ejecutar comandos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*",
"matchCriteriaId": "53A6F65F-8E6F-4F7E-B357-0D2E450667B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/16yashpatel/CVE-2023-51202",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-512xx/CVE-2023-51204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51204",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T22:15:52.767",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:31:04.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "La deserializaci\u00f3n insegura en ROS2 Foxy Fitzroy ROS_VERSION=2 y ROS_PYTHON_VERSION=3 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una entrada manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*",
"matchCriteriaId": "53A6F65F-8E6F-4F7E-B357-0D2E450667B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/16yashpatel/CVE-2023-51204",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-523xx/CVE-2023-52389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52389",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T03:15:07.883",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:43:22.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,103 @@
"value": "UTF32Encoding.cpp en POCO tiene Poco::UTF32Encoding un desbordamiento de enteros y un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria resultante porque Poco::UTF32Encoding::convert() y Poco::UTF32::queryConvert() pueden devolver un entero negativo si una secuencia de bytes UTF-32 se eval\u00faa a un valor de 0x80000000 o superior. Esto se solucion\u00f3 en 1.11.8p2, 1.12.5p2 y 1.13.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.8",
"matchCriteriaId": "62FA172D-0501-4F88-A7FC-39ECF76B75FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.5",
"matchCriteriaId": "71360510-BDF2-4B65-93F7-8296374B559E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pocoproject:poco:1.11.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EE83B800-24BC-4AEF-BAC9-3792724E29BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pocoproject:poco:1.11.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C8EB8268-CB82-40E3-9AC2-D0DD448ED5C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pocoproject:poco:1.12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "50F93DF4-2202-4BA2-9E7B-AA6097C20D34"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pocoproject/poco/issues/4320",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://pocoproject.org/blog/?p=1226",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-53xx/CVE-2023-5345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5345",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-03T03:15:09.750",
"lastModified": "2023-10-24T17:51:46.700",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T16:15:46.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -139,6 +139,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705",
"source": "cve-coordination@google.com",

100
CVE-2023/CVE-2023-53xx/CVE-2023-5389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5389",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2024-01-30T20:15:45.420",
"lastModified": "2024-01-31T18:15:46.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T15:20:04.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -50,14 +80,76 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:controledge_unit_operations_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B528F553-0D96-4A1D-9ABE-DA9555534BB2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:controledge_unit_operations_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E30EFCB6-6534-46EE-A743-2218FD0DAA81"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:controledge_virtual_unit_operations_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67C0BF18-A928-4A47-A71E-2216BE4ECB90"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:controledge_virtual_unit_operations_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F436C92C-7EED-44A5-B53D-12B54652D0A1"
}
]
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
},
{
"url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Not Applicable"
]
}
]
}

8
CVE-2023/CVE-2023-56xx/CVE-2023-5665.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5665",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T04:15:07.527",
"lastModified": "2024-02-08T04:15:07.527",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Payment Forms for Paystack para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 3.4.1 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6040",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-12T02:15:44.683",
"lastModified": "2024-01-22T16:00:28.223",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T16:15:46.600",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html",
"source": "security@ubuntu.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1",
"source": "security@ubuntu.com",

6
CVE-2023/CVE-2023-61xx/CVE-2023-6176.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6176",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-16T18:15:07.483",
"lastModified": "2024-02-01T19:15:08.180",
"lastModified": "2024-02-08T16:15:46.960",
"vulnStatus": "Modified",
"descriptions": [
{
@ -108,6 +108,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6176",
"source": "secalert@redhat.com",

78
CVE-2023/CVE-2023-62xx/CVE-2023-6221.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6221",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T23:15:10.510",
"lastModified": "2024-02-02T01:58:03.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:01:16.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThe cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.\n\n"
},
{
"lang": "es",
"value": "El proveedor de nube que MachineSense utiliza para la integraci\u00f3n y la implementaci\u00f3n de m\u00faltiples dispositivos MachineSense, como el controlador l\u00f3gico programable (PLC), PumpSense, PowerAnalyzer, FeverWarn y otros, no est\u00e1 suficientemente protegido contra el acceso no autorizado. Un atacante con acceso a los procedimientos internos podr\u00eda ver el c\u00f3digo fuente, credenciales secretas y m\u00e1s."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"
}
]
}
]
}
],
"references": [
{
"url": "https://machinesense.com/pages/about-machinesense",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

10
CVE-2023/CVE-2023-65xx/CVE-2023-6515.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6515",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T10:15:11.047",
"lastModified": "2024-02-08T10:15:11.047",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Mia Technology Inc. M?A-MED permite el abuso de autenticaci\u00f3n. Este problema afecta a M?A-MED: versiones anteriores a 1.0.7."
}
],
"metrics": {

10
CVE-2023/CVE-2023-65xx/CVE-2023-6517.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6517",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.087",
"lastModified": "2024-02-08T12:15:55.087",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial debido a una vulnerabilidad de pol\u00edticas incompatibles en Mia Technology Inc. M?A-MED permite recopilar datos proporcionados por los usuarios. Este problema afecta a M?A-MED: antes de 1.0.7."
}
],
"metrics": {

10
CVE-2023/CVE-2023-65xx/CVE-2023-6518.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6518",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.350",
"lastModified": "2024-02-08T12:15:55.350",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de almacenamiento de texto plano de una contrase\u00f1a en Mia Technology Inc. M?A-MED permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a M?A-MED: versiones anteriores a 1.0.7."
}
],
"metrics": {

10
CVE-2023/CVE-2023-65xx/CVE-2023-6519.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6519",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.563",
"lastModified": "2024-02-08T12:15:55.563",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de elemento de datos a sesi\u00f3n incorrecta en Mia Technology Inc. M?A-MED permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a M?A-MED: versiones anteriores a 1.0.7."
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6564.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6564",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-08T12:15:55.767",
"lastModified": "2024-02-08T12:15:55.767",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE Premium y Ultimate que afecta las versiones 16.4.3, 16.5.3 y 16.6.1. En proyectos que utilizan subgrupos para definir qui\u00e9n puede enviar o fusionar ramas protegidas, es posible que haya habido casos en los que los miembros del subgrupo con el rol de Desarrollador pudieron enviar o fusionar ramas protegidas."
}
],
"metrics": {

6
CVE-2023/CVE-2023-68xx/CVE-2023-6817.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6817",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-18T15:15:10.210",
"lastModified": "2024-01-11T21:15:11.647",
"lastModified": "2024-02-08T16:15:47.270",
"vulnStatus": "Modified",
"descriptions": [
{
@ -141,6 +141,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/22/13",
"source": "cve-coordination@google.com"

6
CVE-2023/CVE-2023-69xx/CVE-2023-6932.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6932",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-12-19T14:15:08.460",
"lastModified": "2024-01-11T21:15:11.910",
"lastModified": "2024-02-08T16:15:47.590",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,6 +100,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1",
"source": "cve-coordination@google.com",

106
CVE-2023/CVE-2023-69xx/CVE-2023-6942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6942",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.757",
"lastModified": "2024-01-31T09:15:44.390",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:42:15.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@ -50,18 +70,94 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"matchCriteriaId": "C6096E48-9ECD-48FF-9F5E-D182E42D41C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31EFBDE-DE71-46F3-97A1-CABC037FC31D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D887323-BBDD-41ED-82B8-66DE412666F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11m",
"matchCriteriaId": "B73766EB-FF3E-495E-B1C1-5D49A1569696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5790F2E-5511-46F6-94E5-F3E1A2367662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.04e",
"matchCriteriaId": "5F3C096D-D510-46F4-B46A-A234CA630227"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC0ACF4-C303-4EC0-A755-1F9AE4152DDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.00a",
"matchCriteriaId": "407781DB-9AF9-4E3A-BF24-1787ADB33F42"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU95103362",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-69xx/CVE-2023-6943.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6943",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.960",
"lastModified": "2024-01-31T09:15:44.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:41:51.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@ -50,18 +70,94 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"matchCriteriaId": "C6096E48-9ECD-48FF-9F5E-D182E42D41C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31EFBDE-DE71-46F3-97A1-CABC037FC31D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D887323-BBDD-41ED-82B8-66DE412666F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11m",
"matchCriteriaId": "B73766EB-FF3E-495E-B1C1-5D49A1569696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5790F2E-5511-46F6-94E5-F3E1A2367662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.04e",
"matchCriteriaId": "5F3C096D-D510-46F4-B46A-A234CA630227"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC0ACF4-C303-4EC0-A755-1F9AE4152DDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.00a",
"matchCriteriaId": "407781DB-9AF9-4E3A-BF24-1787ADB33F42"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU95103362",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-71xx/CVE-2023-7169.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-7169",
"sourceIdentifier": "security@snowsoftware.com",
"published": "2024-02-08T13:15:08.417",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante suplantaci\u00f3n de identidad en Snow Software Snow Inventory Agent en Windows permite la suplantaci\u00f3n de firma. Este problema afecta a Snow Inventory Agent: hasta 6.14.5. Se recomienda a los clientes actualizar a la versi\u00f3n 7.0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK",
"source": "security@snowsoftware.com"
}
]
}

8
CVE-2024/CVE-2024-05xx/CVE-2024-0511.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0511",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T06:15:51.423",
"lastModified": "2024-02-08T06:15:51.423",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Royal Elementor Addons and Templates para WordPress es vulnerable a la cross-site request forgery en todas las versiones hasta la 1.3.87 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n wpr_update_form_action_meta. Esto hace posible que atacantes no autenticados publiquen metadatos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

101
CVE-2024/CVE-2024-05xx/CVE-2024-0564.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0564",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-30T15:15:08.687",
"lastModified": "2024-02-01T10:15:11.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:36:48.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,26 +58,93 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0-96.119",
"versionEndIncluding": "5.15.0-58",
"matchCriteriaId": "13C802F5-27EF-43DE-AD8A-2AEAB52A9CCB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0564",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258514",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://link.springer.com/conference/wisa",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://wisa.or.kr/accepted",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
}
]
}

101
CVE-2024/CVE-2024-06xx/CVE-2024-0674.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0674",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.330",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:39:59.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios en m\u00e1quinas Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, que podr\u00eda permitir a un usuario local adquirir permisos root modificando el updatescript.js, insertando un c\u00f3digo especial dentro del script y creando el archivo done.txt. Esto har\u00eda que el proceso de vigilancia se ejecutara como root y ejecutarael payload almacenado en updatescript.js."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-06xx/CVE-2024-0675.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0675",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.667",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:39:42.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of improper checking for unusual or exceptional conditions\n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version,\n\n the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de comprobaci\u00f3n inadecuada de condiciones inusuales o excepcionales en los cajeros autom\u00e1ticos Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, cuya explotaci\u00f3n podr\u00eda permitir a un atacante con acceso f\u00edsico al cajero escapar del modo quiosco, acceder a la interfaz Xwindow subyacente y ejecutar comandos arbitrarios como un usuario sin privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-06xx/CVE-2024-0676.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0676",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.913",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:39:00.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Weak password requirement vulnerability \n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version\n\n, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack."
},
{
"lang": "es",
"value": "Vulnerabilidad de requisito de contrase\u00f1a d\u00e9bil en m\u00e1quinas Lamassu Bitcoin ATM Douro, en su versi\u00f3n 7.1, que permite a un usuario local interactuar con la m\u00e1quina donde est\u00e1 instalada la aplicaci\u00f3n, recuperar hashes almacenados de la m\u00e1quina y descifrar contrase\u00f1as largas de 4 caracteres mediante un ataque de diccionario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +70,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91DE83C-3B58-41AA-BD7E-3894617B9740"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "827786B5-C5F1-4F98-95EC-DCF681683ECA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3355BA32-76B3-4245-9C31-1F778B7D1848"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14DA65BF-520F-415F-8A4C-CF06DDCC147C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-07xx/CVE-2024-0788.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2024-0788",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-29T17:15:09.520",
"lastModified": "2024-01-29T17:39:52.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:42:27.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver."
},
{
"lang": "es",
"value": "SUPERAntiSpyware Pro X v10.0.1260 es vulnerable a la manipulaci\u00f3n de par\u00e1metros API a nivel de kernel y vulnerabilidades de denegaci\u00f3n de servicio al activar el c\u00f3digo IOCTL 0x9C402140 del controlador saskutil64.sys."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realdefen:superantispyware:10.0.1260:*:*:*:professional_x:*:*:*",
"matchCriteriaId": "7EE9DF85-B0A8-4EB9-A6BD-4573CF23CD03"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/brubeck/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.superantispyware.com/professional-x-edition.html",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

18
CVE-2024/CVE-2024-08xx/CVE-2024-0822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0822",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-25T16:15:08.743",
"lastModified": "2024-01-31T19:06:11.587",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T13:15:08.643",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
"impactScore": 3.6
}
]
},
@ -113,6 +113,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/oVirt/ovirt-engine/pull/914",
"source": "secalert@redhat.com"
}
]
}

64
CVE-2024/CVE-2024-08xx/CVE-2024-0844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0844",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T12:15:49.000",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:15:39.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:felixmoira:popup_more_popups\\,_lightboxes\\,_and_more_popup_modules:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.6",
"matchCriteriaId": "072DB0F6-110B-4383-9CD9-787CD99DA2D1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-09xx/CVE-2024-0963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0963",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T12:15:49.183",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:37:57.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.52",
"matchCriteriaId": "97CDEA51-01FF-4F7A-B3D5-15DC4A852FFC"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-09xx/CVE-2024-0965.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0965",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T09:15:46.047",
"lastModified": "2024-02-08T09:15:46.047",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content."
},
{
"lang": "es",
"value": "El complemento Simple Page Access Restriction para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.0.21 incluida, a trav\u00e9s de la API REST. Esto hace posible que atacantes no autenticados eviten la restricci\u00f3n de p\u00e1gina del complemento y vean el contenido de la p\u00e1gina."
}
],
"metrics": {

59
CVE-2024/CVE-2024-09xx/CVE-2024-0985.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0985",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-02-08T13:15:08.927",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability."
},
{
"lang": "es",
"value": "La ca\u00edda tard\u00eda de privilegios en ACTUALIZAR VISTA MATERIALIZADA CONCURRENTE en PostgreSQL permite a un creador de objetos ejecutar funciones SQL arbitrarias como emisor de comandos. El comando pretende ejecutar funciones SQL como propietario de la vista materializada, lo que permite una actualizaci\u00f3n segura de vistas materializadas que no son de confianza. La v\u00edctima es un superusuario o miembro de uno de los roles del atacante. El ataque requiere atraer a la v\u00edctima para que ejecute ACTUALIZAR VISTA MATERIALIZADA CONCURRENTE en la vista materializada del atacante. Como parte de la explotaci\u00f3n de esta vulnerabilidad, el atacante crea funciones que utilizan CREATE RULE para convertir la tabla temporal creada internamente en una vista. Las versiones anteriores a PostgreSQL 15.6, 14.11, 13.14 y 12.18 se ven afectadas. El \u00fanico exploit conocido no funciona en PostgreSQL 16 y posteriores. Para una defensa en profundidad, PostgreSQL 16.2 agrega las protecciones que utilizan las ramas m\u00e1s antiguas para corregir su vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-271"
}
]
}
],
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/",
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"
}
]
}

63
CVE-2024/CVE-2024-10xx/CVE-2024-1019.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1019",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2024-01-30T16:15:47.123",
"lastModified": "2024-01-30T20:49:05.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:35:08.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.\n"
},
{
"lang": "es",
"value": "ModSecurity/libModSecurity 3.0.0 a 3.0.11 se ve afectado por una omisi\u00f3n de WAF para payloads basados en rutas enviados a trav\u00e9s de URL de solicitud especialmente manipuladas. ModSecurity v3 decodifica los caracteres codificados en porcentaje presentes en las URL de solicitud antes de separar el componente de ruta URL del componente de cadena de consulta opcional. Esto da como resultado una discrepancia de impedancia en comparaci\u00f3n con las aplicaciones de back-end que cumplen con RFC. La vulnerabilidad oculta un payload de ataque en el componente de ruta de la URL de las reglas WAF que la inspeccionan. Un back-end puede ser vulnerable si utiliza el componente de ruta de las URL de solicitud para construir consultas. Se recomienda a los integradores y usuarios que actualicen a 3.0.12. La l\u00ednea de lanzamiento ModSecurity v2 no se ve afectada por esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -46,10 +80,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.12",
"matchCriteriaId": "52EBFAFE-523F-46B7-9631-4FA866ABC2D0"
}
]
}
]
}
],
"references": [
{
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-10xx/CVE-2024-1047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1047",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T06:15:45.190",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T14:20:23.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10.28",
"matchCriteriaId": "182BF634-C957-4A73-A92F-4F5949A6B503"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-11xx/CVE-2024-1149.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1149",
"sourceIdentifier": "security@snowsoftware.com",
"published": "2024-02-08T13:15:09.147",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.\n\n"
},
{
"lang": "es",
"value": "Verificaci\u00f3n incorrecta de la vulnerabilidad de firma criptogr\u00e1fica en Snow Software Inventory Agent en MacOS, Snow Software Inventory Agent en Windows y Snow Software Inventory Agent en Linux permite la manipulaci\u00f3n de archivos a trav\u00e9s de paquetes de actualizaci\u00f3n Snow. Este problema afecta a Inventory Agent: hasta 6.12.0; Agente de Inventario: hasta 6.14.5; Agente de Inventario: hasta 6.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK",
"source": "security@snowsoftware.com"
}
]
}

59
CVE-2024/CVE-2024-11xx/CVE-2024-1150.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1150",
"sourceIdentifier": "security@snowsoftware.com",
"published": "2024-02-08T13:15:09.320",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.\n\n"
},
{
"lang": "es",
"value": "La verificaci\u00f3n incorrecta de la vulnerabilidad de la firma criptogr\u00e1fica en Snow Software Inventory Agent en Unix permite la manipulaci\u00f3n de archivos a trav\u00e9s de los paquetes de actualizaci\u00f3n de Snow. Este problema afecta al Inventory Agent: hasta 7.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK",
"source": "security@snowsoftware.com"
}
]
}

64
CVE-2024/CVE-2024-11xx/CVE-2024-1162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1162",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T06:15:45.407",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T14:22:37.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10.29",
"matchCriteriaId": "08259C57-C6F9-4D09-AB32-FFF838CFD126"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-12xx/CVE-2024-1207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1207",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T09:15:46.253",
"lastModified": "2024-02-08T09:15:46.253",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2024/CVE-2024-13xx/CVE-2024-1312.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-1312",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-08T13:15:09.500",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de use-after-free en el subsistema de administraci\u00f3n de memoria del kernel de Linux cuando un usuario gana dos carreras al mismo tiempo con una falla en la funci\u00f3n mas_prev_slot. Este problema podr\u00eda permitir que un usuario local bloquee el sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1312",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225569",
"source": "secalert@redhat.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2024/CVE-2024-214xx/CVE-2024-21484.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21484",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-22T05:15:08.720",
"lastModified": "2024-01-29T19:29:03.967",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T14:15:42.853",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThis vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
"value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
},
{
"lang": "es",

6
CVE-2024/CVE-2024-214xx/CVE-2024-21488.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21488",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-30T05:15:09.277",
"lastModified": "2024-02-06T18:56:43.787",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T13:15:09.700",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on."
"value": "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on."
},
{
"lang": "es",

66
CVE-2024/CVE-2024-216xx/CVE-2024-21649.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21649",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:47.653",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:43:53.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0."
},
{
"lang": "es",
"value": "La tecnolog\u00eda vantage6 permite gestionar e implementar tecnolog\u00edas que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios autenticados pod\u00edan inyectar c\u00f3digo en variables de entorno de algoritmos, lo que daba como resultado la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad est\u00e1 parcheada en 4.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.0",
"matchCriteriaId": "A9E3A3A7-C004-4E76-B2A3-46F0F1C68AD4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-216xx/CVE-2024-21671.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:48.090",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:42:41.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability."
},
{
"lang": "es",
"value": "La tecnolog\u00eda vantage6 permite gestionar e implementar tecnolog\u00edas que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Es posible averiguar los nombres de usuario a partir del tiempo de respuesta de las solicitudes de inicio de sesi\u00f3n. Esto podr\u00eda ayudar a los atacantes en ataques de credenciales. La versi\u00f3n 4.2.0 parchea esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.0",
"matchCriteriaId": "A9E3A3A7-C004-4E76-B2A3-46F0F1C68AD4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-221xx/CVE-2024-22193.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22193",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:48.310",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:41:38.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0."
},
{
"lang": "es",
"value": "La tecnolog\u00eda vantage6 permite gestionar e implementar tecnolog\u00edas que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). No se comprueba si la entrada est\u00e1 cifrada si se crea una tarea en una colaboraci\u00f3n cifrada. Por lo tanto, un usuario puede crear accidentalmente una tarea con datos de entrada confidenciales que luego se almacenar\u00e1n sin cifrar en una base de datos. Los usuarios deben asegurarse de configurar correctamente la configuraci\u00f3n de cifrado. Esta vulnerabilidad est\u00e1 parcheada en 4.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.0",
"matchCriteriaId": "A9E3A3A7-C004-4E76-B2A3-46F0F1C68AD4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-224xx/CVE-2024-22464.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22464",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-08T10:15:14.183",
"lastModified": "2024-02-08T10:15:14.183",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n"
},
{
"lang": "es",
"value": "Dell EMC AppSync, versiones de 4.2.0.0 a 4.6.0.0, incluidas todas las versiones de Service Pack, contienen una exposici\u00f3n de vulnerabilidad de informaci\u00f3n confidencial en los registros del servidor de AppSync. Un atacante remoto con privilegios elevados podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la divulgaci\u00f3n de determinadas credenciales de usuario. Es posible que el atacante pueda utilizar las credenciales expuestas para acceder al sistema vulnerable con los privilegios de la cuenta comprometida."
}
],
"metrics": {

139
CVE-2024/CVE-2024-228xx/CVE-2024-22894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T10:15:09.833",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:40:42.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,144 @@
"value": "Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de contrase\u00f1a en el archivo sombra."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.88.3",
"matchCriteriaId": "0748DE3E-9C10-4E55-9CE2-2FC142C70AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.89.0",
"matchCriteriaId": "1AB21F68-A56D-44F4-9E8F-35FE4F633276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.81.3",
"matchCriteriaId": "AF001062-843A-48C0-BBB1-39EF0169FF04"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alpha-innotec:heat_pumps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D87D8C1B-B1F7-4FC4-B857-5BEEA2A8C74F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.88.3",
"matchCriteriaId": "DDDB466A-0CC1-4C7B-914A-BEC7A3AFA835"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.89.0",
"matchCriteriaId": "F60C4875-FB5D-41A8-8FCC-EEF050BDE9A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.81.3",
"matchCriteriaId": "9DFEEE56-A799-4CCD-A33B-83A0177FCF71"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:novelan:heat_pumps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BCEF4F-B08E-4776-94D9-EABA4F3BE412"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Jaarden/CVE-2024-22894",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-234xx/CVE-2024-23452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23452",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-08T09:15:46.420",
"lastModified": "2024-02-08T09:15:46.420",
"vulnStatus": "Received",
"lastModified": "2024-02-08T14:15:42.980",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/1",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/brpc/pull/2518",
"source": "security@apache.org"

69
CVE-2024/CVE-2024-238xx/CVE-2024-23826.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T16:15:09.640",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:43:13.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release."
},
{
"lang": "es",
"value": "spbu_se_site es el sitio web del Departamento de Programaci\u00f3n de Sistemas de la Universidad Estatal de San Petersburgo. Antes del 29/01/2024, al cargar una imagen de avatar, un usuario autenticado puede utilizar intencionalmente un nombre de archivo Unicode grande, lo que provocar\u00eda una denegaci\u00f3n de servicio del lado del servidor en Windows. Esto se debe a la falta de limitaci\u00f3n de la longitud del nombre del archivo y al costoso uso de la normalizaci\u00f3n Unicode con el formato NFKD en el sistema operativo Windows. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 2024.01.29."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +68,51 @@
"value": "CWE-770"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:se.math.spbu:spbu_se_site:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.01.29",
"matchCriteriaId": "1FF8CD3A-E3DF-4A93-BE6F-8057AD60ED84"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

457
CVE-2024/CVE-2024-238xx/CVE-2024-23827.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23827",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T16:15:09.867",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:42:39.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
},
{
"lang": "es",
"value": "Nginx-UI es una interfaz web para administrar configuraciones de Nginx. La funci\u00f3n Import Certificate permite la escritura arbitraria en el sistema. La funci\u00f3n no verifica si la entrada del usuario proporcionada es una certificaci\u00f3n/clave y permite escribir en rutas arbitrarias en el sistema. Es posible aprovechar la vulnerabilidad para ejecutar c\u00f3digo remoto sobrescribiendo el archivo de configuraci\u00f3n app.ini. La versi\u00f3n 2.0.0.beta.12 solucion\u00f3 el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,437 @@
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5EB4B0D-CE6A-45CE-8971-15BBB0722394"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "347055AA-23A7-4D03-A46B-0A51A0357EFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "9D17A6DA-3309-4029-9DAD-76ABAA1EA38A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "2E720E78-E724-4E65-9AFC-BC83E2B6405F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F445EB2-0B0B-44D1-9A6F-A23BB7CBA264"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D4CD22F-4078-4EA1-8790-D6FD110A2893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FE185FE-3B3F-4E46-8812-2512B25E3AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861646B0-3CD6-4037-9EE4-550B9B7E5FFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D82994-E977-4148-9E6D-EB87E77EC702"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B30244FF-039B-44F2-AC1A-5FDB7F98A2C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "45F8125A-57BE-4E62-94A2-FBDD0BCB67E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "73DB5C6F-0F75-44F4-B47F-44F3805C0E09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:fix:*:*:*:*:*:*",
"matchCriteriaId": "D9D6B6EA-823D-4D36-84DC-69CB14AA3120"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B31BCF4-F00E-42E1-9BCA-F7C0D164FB7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B098A3C6-DFE3-41C5-AADB-52C36A08F566"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5F5057DF-FA0A-4A41-BC6F-0F20529BACAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7F7B02B-C43C-4E57-B844-F1708125BAB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6CBAAD-0A17-4E43-965B-C525DADCA3F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBA5C6E-25FC-4952-BA2C-6C44770D8861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BDA3575B-E64E-42AD-A12C-ADD2BD61065C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "659E6E9F-A297-4115-884B-C4D7EE2CB155"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4E1A2B34-9B82-429D-83E4-951344B31CAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B43B60D3-743D-4965-B0FF-3FBDA3DFB7B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "36DB77DA-4ED4-4800-8251-EB4F4BBA4A1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4_fix:*:*:*:*:*:*",
"matchCriteriaId": "E9596AB0-0985-45A3-9EC4-4331A62E59D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A7659CD3-117A-427A-BDAB-E9580D0CE0A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "8D398E64-80C0-4E7F-9BAB-37200FE42EFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "9CF56792-52E6-4A24-8488-8DBCE0DF2E69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2D59E88D-CFF0-4039-A236-86AEFA9D6135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F6C8AFA8-8F62-43A3-99E3-D2BA31B94AF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED48548E-A6AB-4AE7-B70F-540F13FA3171"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C645D38E-9AF7-4334-96B0-B674A2DD0E01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B3B50213-0F6A-4C86-A819-BC4CEC4CD6A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:fix:*:*:*:*:*:*",
"matchCriteriaId": "5EAB6269-238F-4342-BFF3-8D52E068A797"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "830987AC-8021-4898-B031-5D158A2EBFA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C48387B2-B727-4184-9AEE-F2641F14B96F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF0BF25-8BBD-408E-AD26-2F5A5A7A8799"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E90DD77-C9D3-418B-A77D-6B6513F1B2CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F01E473A-7007-43B3-8801-4EDCB94433B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5C23AA-D701-4153-A798-BC62D2227E4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3E2589-AA3E-4FBD-9BE0-8C6343AA2D5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F287D86-DE0B-4EFA-A59B-26142539F4C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "F6CA517E-298A-4594-A5C3-01D714B45FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988C01A-A8E8-4A78-86FE-D479E85D1C57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3089766-C08D-46ED-96CD-FBD23918CE91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7556CA53-63DB-456A-9F4F-D2216577214B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7D3809-15E2-46D7-B655-872D39516423"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10DF1FCF-60F0-4E1E-B527-038D62D70061"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "692F6EB8-A3DA-41D4-ADC0-A62475056CCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB220C58-FEB5-4D00-856A-B8F02089EC69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F256AE5-04EC-4F8E-BBC4-76F16736E275"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5878D75-96C7-44AB-8982-705FBC2A7825"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2FBE3D-3B56-4E56-8156-63FE4F1B8CF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B0C7D6-30BF-4ABD-A72C-795D60DC5CC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05EA49-627E-4A40-ABB0-E590623C0B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47930D99-B18D-4A65-B49E-060B661919E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:-:*:*:*:*:*:*",
"matchCriteriaId": "6C3B1880-D8EB-40CA-B241-02B3C8B49869"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:patch:*:*:*:*:*:*",
"matchCriteriaId": "E7700F38-C7DD-4F86-B3DE-C3C9A28370A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C994DA95-D877-4319-911A-90918A9C566F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB27842-9235-4E3D-9E07-5DC873560D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-2:*:*:*:*:*:*:*",
"matchCriteriaId": "598FBDD0-E019-4AA5-B561-65B4D1BE084A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-3:*:*:*:*:*:*:*",
"matchCriteriaId": "489C42D9-39E2-4491-B318-18A20732ED62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E801BBB-76D3-4873-A431-549FE7DE5451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D684FFEF-4451-49ED-A04D-CF74F45A2F40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*",
"matchCriteriaId": "D5984B3A-40C9-4188-976C-E9EB166FA624"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*",
"matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*",
"matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*",
"matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*",
"matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*",
"matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B52F973F-A2F2-40C2-9936-9447B5803CFB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-238xx/CVE-2024-23834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23834",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T22:15:53.307",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-08T16:39:31.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"versionEndExcluding": "3.1.5",
"matchCriteriaId": "64C82627-1660-4628-8F03-A8D148EACDA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "E10444D1-B4E6-4EA7-A56E-95BD0FA3E39D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "84DF2347-8189-4983-BD23-3E43050C6795"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-240xx/CVE-2024-24034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24034",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T09:15:46.537",
"lastModified": "2024-02-08T09:15:46.537",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-240xx/CVE-2024-24091.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24091",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T06:15:51.690",
"lastModified": "2024-02-08T06:15:51.690",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Yealink Meeting Server anterior a v26.0.0.66 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de la interfaz de carga de archivos."
}
],
"metrics": {},

24
CVE-2024/CVE-2024-241xx/CVE-2024-24113.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24113",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T13:15:09.807",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE."
},
{
"lang": "es",
"value": "xxl-job =&lt; 2.4.1 tiene una vulnerabilidad de Server-Side Request Forgery (SSRF), que hace que los usuarios con pocos privilegios controlen el ejecutor de RCE."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xuxueli/xxl-job/issues/3375",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-242xx/CVE-2024-24202.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T05:15:08.593",
"lastModified": "2024-02-08T05:15:08.593",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en /upgrade/control.php de ZenTao Community Edition v18.10, ZenTao Biz v8.10 y ZenTao Max v4.10 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo .txt manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-242xx/CVE-2024-24216.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24216",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T06:15:51.750",
"lastModified": "2024-02-08T06:15:51.750",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Zentao v18.0 a v18.10 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del m\u00e9todo checkConnection de /app/zentao/module/repo/model.php."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-248xx/CVE-2024-24834.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T14:15:43.083",
"lastModified": "2024-02-08T14:15:43.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-248xx/CVE-2024-24836.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24836",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T13:15:09.857",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Audrasjb GDPR Data Request Form permite almacenar XSS. Este problema afecta a GDPR Data Request Form: desde n/a hasta 1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gdpr-data-request-form/wordpress-gdpr-data-request-form-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-248xx/CVE-2024-24871.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24871",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T13:15:10.060",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Creative Themes Blocksy permite almacenar XSS. Este problema afecta a Blocksy: desde n/a hasta 2.0.19."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-248xx/CVE-2024-24877.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24877",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T13:15:10.253",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Magic Hills Pty Ltd Wonder Slider Lite permite Reflected XSS. Este problema afecta a Wonder Slider Lite: desde n/a hasta 13.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-248xx/CVE-2024-24878.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24878",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T13:15:10.457",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce permite XSS reflejado. Este problema afecta a Portugal CTT Tracking for WooCommerce: desde n/a hasta 2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-248xx/CVE-2024-24879.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24879",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T12:15:55.973",
"lastModified": "2024-02-08T12:15:55.973",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Yannick Lefebvre Link Library permite el XSS reflejado. Este problema afecta a Link Library: desde n/a hasta 7.5.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24880",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T12:15:56.170",
"lastModified": "2024-02-08T12:15:56.170",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Apollo13Themes Apollo13 Framework Extensions permite almacenar XSS. Este problema afecta a Apollo13 Framework Extensions: desde n/a hasta 1.9.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24881.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24881",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T12:15:56.373",
"lastModified": "2024-02-08T12:15:56.373",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en VeronaLabs WP SMS \u2013 Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc. permite XSS reflejado. Este problema afecta a WP SMS \u2013 Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc.: desde n/a hasta 6.5.2."
}
],
"metrics": {

10
CVE-2024/CVE-2024-248xx/CVE-2024-24885.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24885",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T12:15:56.560",
"lastModified": "2024-02-08T12:15:56.560",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in L\u00ea V\u0103n To\u1ea3n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.\n\n"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in L\u00ea V?n To?n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en L\u00ea V?n To?n Woocommerce Vietnam Checkout permite almacenar XSS. Este problema afecta a Woocommerce Vietnam Checkout: desde n/a hasta 2.0.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24886.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24886",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T11:15:08.207",
"lastModified": "2024-02-08T11:15:08.207",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Acowebs Product Labels For Woocommerce (Sale Badges) permite almacenar XSS. Este problema afecta a Product Labels For Woocommerce (Sale Badges): desde n/a hasta 1.5. 3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25144.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25144",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:07.763",
"lastModified": "2024-02-08T04:15:07.763",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame."
},
{
"lang": "es",
"value": "El widget IFrame en Liferay Portal 7.2.0 a 7.4.3.26 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 27, 7.3 antes de la actualizaci\u00f3n 6, 7.2 antes del fixpack 19 y versiones anteriores no compatibles no comprueba la URL del IFrame , que permite a los usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un IFrame de autorreferencia."
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25146",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:08.040",
"lastModified": "2024-02-08T04:15:08.040",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used."
},
{
"lang": "es",
"value": "Liferay Portal 7.2.0 a 7.4.1 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al service pack 3, 7.2 anterior al fix pack 18 y versiones anteriores no compatibles devuelven respuestas diferentes dependiendo de si un sitio no existe o si el usuario no tiene permiso para acceder al sitio, lo que permite a atacantes remotos descubrir la existencia de sitios enumerando las URL. Esta vulnerabilidad ocurre si locale.prepend.friendly.url.style=2 y si se utiliza una p\u00e1gina 404 personalizada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25148.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25148",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:08.240",
"lastModified": "2024-02-08T04:15:08.240",
"vulnStatus": "Received",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content."
},
{
"lang": "es",
"value": "En Liferay Portal 7.2.0 a 7.4.1 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al service pack 3, 7.2 anterior al fix pack 15 y versiones anteriores no compatibles, el par\u00e1metro URL `doAsUserId` puede filtrarse al crear contenido vinculado mediante el editor WYSIWYG y mientras se hace pasar por un usuario. Esto puede permitir que los usuarios autenticados remotamente se hagan pasar por un usuario despu\u00e9s de acceder al contenido vinculado."
}
],
"metrics": {

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-08T13:00:31.149876+00:00
2024-02-08T17:01:07.115353+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-08T12:15:56.560000+00:00
2024-02-08T16:43:53.780000+00:00
```
### Last Data Feed Release
@ -29,28 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237939
237951
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `12`
* [CVE-2023-6517](CVE-2023/CVE-2023-65xx/CVE-2023-6517.json) (`2024-02-08T12:15:55.087`)
* [CVE-2023-6518](CVE-2023/CVE-2023-65xx/CVE-2023-6518.json) (`2024-02-08T12:15:55.350`)
* [CVE-2023-6519](CVE-2023/CVE-2023-65xx/CVE-2023-6519.json) (`2024-02-08T12:15:55.563`)
* [CVE-2023-6564](CVE-2023/CVE-2023-65xx/CVE-2023-6564.json) (`2024-02-08T12:15:55.767`)
* [CVE-2024-24886](CVE-2024/CVE-2024-248xx/CVE-2024-24886.json) (`2024-02-08T11:15:08.207`)
* [CVE-2024-24879](CVE-2024/CVE-2024-248xx/CVE-2024-24879.json) (`2024-02-08T12:15:55.973`)
* [CVE-2024-24880](CVE-2024/CVE-2024-248xx/CVE-2024-24880.json) (`2024-02-08T12:15:56.170`)
* [CVE-2024-24881](CVE-2024/CVE-2024-248xx/CVE-2024-24881.json) (`2024-02-08T12:15:56.373`)
* [CVE-2024-24885](CVE-2024/CVE-2024-248xx/CVE-2024-24885.json) (`2024-02-08T12:15:56.560`)
* [CVE-2023-7169](CVE-2023/CVE-2023-71xx/CVE-2023-7169.json) (`2024-02-08T13:15:08.417`)
* [CVE-2023-47020](CVE-2023/CVE-2023-470xx/CVE-2023-47020.json) (`2024-02-08T16:15:46.377`)
* [CVE-2024-0985](CVE-2024/CVE-2024-09xx/CVE-2024-0985.json) (`2024-02-08T13:15:08.927`)
* [CVE-2024-1149](CVE-2024/CVE-2024-11xx/CVE-2024-1149.json) (`2024-02-08T13:15:09.147`)
* [CVE-2024-1150](CVE-2024/CVE-2024-11xx/CVE-2024-1150.json) (`2024-02-08T13:15:09.320`)
* [CVE-2024-1312](CVE-2024/CVE-2024-13xx/CVE-2024-1312.json) (`2024-02-08T13:15:09.500`)
* [CVE-2024-24113](CVE-2024/CVE-2024-241xx/CVE-2024-24113.json) (`2024-02-08T13:15:09.807`)
* [CVE-2024-24836](CVE-2024/CVE-2024-248xx/CVE-2024-24836.json) (`2024-02-08T13:15:09.857`)
* [CVE-2024-24871](CVE-2024/CVE-2024-248xx/CVE-2024-24871.json) (`2024-02-08T13:15:10.060`)
* [CVE-2024-24877](CVE-2024/CVE-2024-248xx/CVE-2024-24877.json) (`2024-02-08T13:15:10.253`)
* [CVE-2024-24878](CVE-2024/CVE-2024-248xx/CVE-2024-24878.json) (`2024-02-08T13:15:10.457`)
* [CVE-2024-24834](CVE-2024/CVE-2024-248xx/CVE-2024-24834.json) (`2024-02-08T14:15:43.083`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `76`
* [CVE-2024-0511](CVE-2024/CVE-2024-05xx/CVE-2024-0511.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-24091](CVE-2024/CVE-2024-240xx/CVE-2024-24091.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-24216](CVE-2024/CVE-2024-242xx/CVE-2024-24216.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-0965](CVE-2024/CVE-2024-09xx/CVE-2024-0965.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-1207](CVE-2024/CVE-2024-12xx/CVE-2024-1207.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-24034](CVE-2024/CVE-2024-240xx/CVE-2024-24034.json) (`2024-02-08T13:44:21.670`)
* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-02-08T14:15:42.853`)
* [CVE-2024-23452](CVE-2024/CVE-2024-234xx/CVE-2024-23452.json) (`2024-02-08T14:15:42.980`)
* [CVE-2024-1047](CVE-2024/CVE-2024-10xx/CVE-2024-1047.json) (`2024-02-08T14:20:23.387`)
* [CVE-2024-1162](CVE-2024/CVE-2024-11xx/CVE-2024-1162.json) (`2024-02-08T14:22:37.180`)
* [CVE-2024-0844](CVE-2024/CVE-2024-08xx/CVE-2024-0844.json) (`2024-02-08T16:15:39.903`)
* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-02-08T16:35:08.863`)
* [CVE-2024-0564](CVE-2024/CVE-2024-05xx/CVE-2024-0564.json) (`2024-02-08T16:36:48.837`)
* [CVE-2024-0963](CVE-2024/CVE-2024-09xx/CVE-2024-0963.json) (`2024-02-08T16:37:57.733`)
* [CVE-2024-0676](CVE-2024/CVE-2024-06xx/CVE-2024-0676.json) (`2024-02-08T16:39:00.907`)
* [CVE-2024-23834](CVE-2024/CVE-2024-238xx/CVE-2024-23834.json) (`2024-02-08T16:39:31.963`)
* [CVE-2024-0675](CVE-2024/CVE-2024-06xx/CVE-2024-0675.json) (`2024-02-08T16:39:42.950`)
* [CVE-2024-0674](CVE-2024/CVE-2024-06xx/CVE-2024-0674.json) (`2024-02-08T16:39:59.450`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-02-08T16:40:42.490`)
* [CVE-2024-22193](CVE-2024/CVE-2024-221xx/CVE-2024-22193.json) (`2024-02-08T16:41:38.277`)
* [CVE-2024-0788](CVE-2024/CVE-2024-07xx/CVE-2024-0788.json) (`2024-02-08T16:42:27.363`)
* [CVE-2024-23827](CVE-2024/CVE-2024-238xx/CVE-2024-23827.json) (`2024-02-08T16:42:39.110`)
* [CVE-2024-21671](CVE-2024/CVE-2024-216xx/CVE-2024-21671.json) (`2024-02-08T16:42:41.923`)
* [CVE-2024-23826](CVE-2024/CVE-2024-238xx/CVE-2024-23826.json) (`2024-02-08T16:43:13.403`)
* [CVE-2024-21649](CVE-2024/CVE-2024-216xx/CVE-2024-21649.json) (`2024-02-08T16:43:53.780`)
## Download and Usage