admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-25T17:00:25.107913+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-25 17:00:28 +00:00
parent cf3a0b8356
commit 1ff64f4630
34 changed files with 1929 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:42:55.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.\n\nThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de desreferencia de puntero NULL en el kernel openEuler en Linux (m\u00f3dulos de red) permite la manipulaci\u00f3n de puntero. Esta vulnerabilidad est\u00e1 asociada con los archivos de programa net/sched/sch_cbs.C. Este problema afecta al kernel de openEuler: desde 4.19.90 antes de 4.19.90-2401.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -46,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:openeuler:*:*:*:*:-:*:*:*",
"versionStartIncluding": "4.19.90",
"versionEndExcluding": "4.19.90-2401.3",
"matchCriteriaId": "9550E465-CD37-4936-8E17-0EB0B17E66FC"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/src-openeuler/kernel/pulls/1389",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-450xx/CVE-2022-45083.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45083",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-19T15:15:08.247",
"lastModified": "2024-01-19T15:56:19.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:42:27.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress: from n/a through 4.3.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en el complemento ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress. Este problema afecta a Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress desde n/a hasta 4.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.4.0",
"matchCriteriaId": "B07531B7-A02D-4C7A-95F1-A9B90DCBF0E9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-3-2-auth-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-31xx/CVE-2023-3181.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3181",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-01-25T16:15:07.400",
"lastModified": "2024-01-25T16:15:07.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\uninst.exe process creates a folder at C:\\Windows\\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\\Windows\\Temp~nsu.tmp\\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer\u2019s Windows Installer. Since the C:\\Windows\\Temp~nsu.tmp folder inherits permissions from C:\\Windows\\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-379"
}
]
}
],
"references": [
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md",
"source": "cve-coordination@google.com"
}
]
}

114
CVE-2023/CVE-2023-340xx/CVE-2023-34063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34063",
"sourceIdentifier": "security@vmware.com",
"published": "2024-01-16T10:15:07.347",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:22:30.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,98 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183DC197-4FF2-4B84-B0E8-666E49CC9DDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2849AEA0-B419-4096-B1D8-796686CE4C56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFC657E-8780-46FE-AC01-22F8CFF196C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91E0F535-5F30-495E-9974-2C2F65ED94EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B7BAD1-8544-491E-B41F-B4CD4E2B3754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9CA281-ACE8-4768-A5EC-EB29111CD3EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB173C24-3DDA-46CA-9B80-9A2C4EB73768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24986636-3F4B-46CF-A374-0D006216731F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6E2175-E4C2-46A7-9D37-E37A8239B16D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F48CE31-68D2-4FE8-9BB2-ADC85259552A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D640F9-7733-415F-8BA7-DC41658EDC76"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-405xx/CVE-2023-40547.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-40547",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-25T16:15:07.717",
"lastModified": "2024-01-25T16:15:07.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40547",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589",
"source": "secalert@redhat.com"
}
]
}

51
CVE-2023/CVE-2023-424xx/CVE-2023-42463.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42463",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:09.117",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:09:07.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3."
},
{
"lang": "es",
"value": "Wazuh es una plataforma gratuita y de c\u00f3digo abierto que se utiliza para la prevenci\u00f3n, detecci\u00f3n y respuesta a amenazas. Este error introdujo peligro por desbordamiento de pila que podr\u00eda permitir una escalada de privilegios locales. Esta vulnerabilidad fue parcheada en la versi\u00f3n 4.5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.3",
"matchCriteriaId": "1C2583AD-D217-4828-B92E-504DA7961B9B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-482xx/CVE-2023-48297.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48297",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:09.340",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:42:48.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.\n"
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. El serializador de mensajes utiliza la lista completa de menciones de chat ampliadas (@all y @here), lo que puede conducir a una gran variedad de usuarios. Este problema se solucion\u00f3 en las versiones 3.1.4 y beta 3.2.0.beta5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-490xx/CVE-2023-49098.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49098",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:09.540",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:44:43.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939."
},
{
"lang": "es",
"value": "Discourse-reactions es un complemento que permite al usuario agregar sus reacciones a la publicaci\u00f3n. Los datos sobre las notificaciones de reacci\u00f3n de un usuario podr\u00edan quedar expuestos. Esta vulnerabilidad fue parcheada en el commit 2c26939."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse_reactions:*:*:*:*:*:discourse:*:*",
"versionEndIncluding": "0.4",
"matchCriteriaId": "6D7031E2-271E-43D4-98C0-21804A0D5358"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-490xx/CVE-2023-49099.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49099",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:09.747",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:32:52.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. En circunstancias muy espec\u00edficas, los usuarios invitados pueden acceder a las URL de carga segura asociadas con las publicaciones incluso cuando se requiere iniciar sesi\u00f3n. Esta vulnerabilidad ha sido parcheada en 3.2.0.beta4 y 3.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-499xx/CVE-2023-49943.json
View File

@ -2,23 +2,106 @@
"id": "CVE-2023-49943",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T19:15:09.340",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:35:06.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus MSP anterior a 14504 permite almacenar XSS (por parte de un t\u00e9cnico con pocos privilegios) a trav\u00e9s del nombre de una tarea en una hoja de horas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.5",
"matchCriteriaId": "5E945E82-198D-40EB-A8D8-68AC8ACF2763"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.5:14500:*:*:*:*:*:*",
"matchCriteriaId": "64AE8DDD-9D30-407A-9C94-40E7DB30DAC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.5:14501:*:*:*:*:*:*",
"matchCriteriaId": "DEA7F624-6FD3-4435-A3AA-D276EFA08EA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.5:14502:*:*:*:*:*:*",
"matchCriteriaId": "6780D0E6-6096-4368-BCFF-2F3155472140"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.5:14503:*:*:*:*:*:*",
"matchCriteriaId": "695D1501-DFAE-49BD-93C1-A179BE969F45"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://manageengine.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.manageengine.com/products/service-desk-msp/CVE-2023-49943.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-519xx/CVE-2023-51946.json
View File

@ -2,27 +2,105 @@
"id": "CVE-2023-51946",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.500",
"lastModified": "2024-01-19T15:56:19.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:52:22.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) Reflejadas en nasSvr.php en actidata actiNAS-SL-2U-8 3.2.03-SP1 permiten a atacantes remotos inyectar script web o HTML arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:actidata:actinas_sl_2u-8_rdx_firmware:3.2.03:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FCCAA0EE-7B45-4A77-9BC9-5758C529CDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:actidata:actinas_sl_2u-8_rdx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E538A0F-3B62-4176-AAF2-1599FA199CA1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://actidata.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51946/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-520xx/CVE-2023-52076.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-52076",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-25T16:15:07.930",
"lastModified": "2024-01-25T16:15:07.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-24"
},
{
"lang": "en",
"value": "CWE-25"
},
{
"lang": "en",
"value": "CWE-27"
}
]
}
],
"references": [
{
"url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37",
"source": "security-advisories@github.com"
}
]
}

125
CVE-2023/CVE-2023-63xx/CVE-2023-6395.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6395",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T15:15:08.657",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:59:51.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server."
},
{
"lang": "es",
"value": "El software Mock contiene una vulnerabilidad en la que un atacante podr\u00eda explotar la escalada de privilegios, permitiendo la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de usuario root. Esta debilidad se debe a la ausencia de una sandbox adecuada durante la expansi\u00f3n y ejecuci\u00f3n de las plantillas de Jinja2, que pueden incluirse en ciertos par\u00e1metros de configuraci\u00f3n. Si bien la documentaci\u00f3n de Mock recomienda tratar a los usuarios agregados al grupo simulado como privilegiados, ciertos sistemas de compilaci\u00f3n que invocan simulacros en nombre de los usuarios podr\u00edan permitir sin darse cuenta que usuarios con menos privilegios definan etiquetas de configuraci\u00f3n. Luego, estas etiquetas podr\u00edan pasarse como par\u00e1metros para simular durante la ejecuci\u00f3n, lo que podr\u00eda llevar a la utilizaci\u00f3n de plantillas Jinja2 para la escalada remota de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario como usuario ra\u00edz en el servidor de compilaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,30 +80,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rpm-software-management:mock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A69BF0B-E00C-4F4B-8E0B-765B82A5560A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C30C1AC-01E4-4D7C-B03A-8EEEF3FC8C2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6395",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252206",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

114
CVE-2023/CVE-2023-65xx/CVE-2023-6548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6548",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T20:15:50.627",
"lastModified": "2024-01-19T02:00:01.863",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:45:58.287",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-17",
"cisaActionDue": "2024-01-24",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -20,6 +20,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@citrix.com",
"type": "Secondary",
@ -43,6 +63,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "secure@citrix.com",
"type": "Secondary",
@ -54,10 +84,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"versionStartIncluding": "12.1",
"versionEndExcluding": "12.1-55.302",
"matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
"versionStartIncluding": "12.1",
"versionEndExcluding": "12.1-55.302",
"matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.0-92.21",
"matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-37.176",
"matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-51.15",
"matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"versionStartIncluding": "14.1",
"versionEndExcluding": "14.1-12.35",
"matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.0-92.21",
"matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-51.15",
"matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1",
"versionEndExcluding": "14.1-12.35",
"matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
"source": "secure@citrix.com"
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-69xx/CVE-2023-6944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6944",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-04T10:15:11.517",
"lastModified": "2024-01-10T17:04:57.170",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-25T16:15:08.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
"impactScore": 3.6
}
]
},

62
CVE-2023/CVE-2023-70xx/CVE-2023-7031.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7031",
"sourceIdentifier": "securityalerts@avaya.com",
"published": "2024-01-17T19:15:08.293",
"lastModified": "2024-01-17T19:22:17.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:32:53.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support."
},
{
"lang": "es",
"value": "Se descubrieron vulnerabilidades de referencia directa de objetos inseguros en Avaya Aura Experience Portal Manager que pueden permitir la divulgaci\u00f3n parcial de informaci\u00f3n a un usuario autenticado sin privilegios. Las versiones afectadas incluyen 8.0.x y 8.1.x, anteriores al parche 0402 8.1.2. Las versiones anteriores a 8.0 finalizan el soporte del fabricante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "securityalerts@avaya.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "securityalerts@avaya.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.1.2.0.0402",
"matchCriteriaId": "35815AA6-118C-450E-9661-5CA22D009D98"
}
]
}
]
}
],
"references": [
{
"url": "https://support.avaya.com/css/public/documents/101088063",
"source": "securityalerts@avaya.com"
"source": "securityalerts@avaya.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-02xx/CVE-2024-0217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0217",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-03T17:15:12.110",
"lastModified": "2024-01-10T18:10:24.033",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-25T16:15:08.390",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79",
"source": "secalert@redhat.com"
}
]
}

14
CVE-2024/CVE-2024-05xx/CVE-2024-0567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T14:15:48.527",
"lastModified": "2024-01-24T14:13:44.900",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-25T16:15:08.510",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]

8
CVE-2024/CVE-2024-07xx/CVE-2024-0784.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0784",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T18:15:20.623",
"lastModified": "2024-01-22T19:10:26.333",
"lastModified": "2024-01-25T15:15:07.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in biantaibao octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700."
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en biantaibao octopus 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /system/role/list es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento dataScope conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Este producto utiliza un lanzamiento continuo para proporcionar una entrega continua. Por lo tanto, no hay detalles disponibles para las versiones afectadas ni actualizadas. El identificador de esta vulnerabilidad es VDB-251700."
}
],
"metrics": {

59
CVE-2024/CVE-2024-08xx/CVE-2024-0822.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0822",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-25T16:15:08.743",
"lastModified": "2024-01-25T16:15:08.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0822",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2024/CVE-2024-08xx/CVE-2024-0879.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0879",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2024-01-25T15:15:07.713",
"lastModified": "2024-01-25T15:15:07.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAuthentication bypass in vector-admin allows a user to register to a vector-admin server while \u201cdomain restriction\u201d is active, even when not owning an authorized email address.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "reefs@jfrog.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "reefs@jfrog.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41",
"source": "reefs@jfrog.com"
},
{
"url": "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/",
"source": "reefs@jfrog.com"
}
]
}

78
CVE-2024/CVE-2024-216xx/CVE-2024-21655.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21655",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:11.510",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:36:21.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4."
},
{
"lang": "es",
"value": "Discourse es una plataforma para la discusi\u00f3n comunitaria. Para los campos que el cliente puede editar, no se imponen l\u00edmites de tama\u00f1o. Esto permite que un actor malintencionado haga que una instancia de Discourse utilice espacio en disco excesivo y, a menudo, tambi\u00e9n ancho de banda excesivo. El problema est\u00e1 parcheado en 3.1.4 y 3.2.0.beta4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "A51406A4-A2FE-4BFE-8EA0-58359582D6A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "C62C36D4-6CE7-4A57-BBF7-8066CFAE342A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-222xx/CVE-2024-22213.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22213",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T20:15:08.113",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:10:41.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Deck es una herramienta de organizaci\u00f3n estilo kanban destinada a la planificaci\u00f3n personal y organizaci\u00f3n de proyectos para equipos integrada con Nextcloud. En las versiones afectadas, los usuarios podr\u00edan ser enga\u00f1ados para que ejecutaran c\u00f3digo malicioso que se ejecutar\u00eda en su navegador a trav\u00e9s de HTML enviado como comentario. Se recomienda actualizar Nextcloud Deck a la versi\u00f3n 1.9.5 o 1.11.2. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.9.0",
"versionEndExcluding": "1.9.5",
"matchCriteriaId": "87E47A95-E854-4410-AEB6-0004AD2EA4AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndExcluding": "1.11.2",
"matchCriteriaId": "5A613E75-64F4-4FBD-A6AD-2F1357B76D01"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2058556",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-224xx/CVE-2024-22409.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22409",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T23:15:08.900",
"lastModified": "2024-01-17T00:03:29.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T16:08:58.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade."
},
{
"lang": "es",
"value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. En las versiones afectadas, un usuario con pocos privilegios pod\u00eda eliminar a un usuario, editar miembros del grupo o editar la informaci\u00f3n del perfil de otro usuario. Los privilegios predeterminados otorgaban demasiados permisos amplios a usuarios con pocos privilegios. Estos se han restringido en el PR #9067 para evitar abusos. Este problema puede provocar una escalada de privilegios para usuarios con privilegios inferiores hasta privilegios de administrador, potencialmente, si existe un grupo con privilegios de administrador. Puede que no afecte a las instancias que han modificado los privilegios predeterminados. Este problema se solucion\u00f3 en la versi\u00f3n 0.12.1 de DataHub. Se recomienda a los usuarios que actualicen."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.1",
"matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/datahub-project/datahub/pull/9067",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-224xx/CVE-2024-22432.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22432",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-01-25T15:15:07.923",
"lastModified": "2024-01-25T15:15:07.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nNetworker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22529.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22529",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T16:15:08.960",
"lastModified": "2024-01-25T16:15:08.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/unpWn4bL3/iot-security/blob/main/29.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-227xx/CVE-2024-22729.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22729",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T15:15:08.133",
"lastModified": "2024-01-25T15:15:08.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_MW5360/blind%20command%20injection%20in%20password%20parameter%20in%20initial%20settings.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-227xx/CVE-2024-22749.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-22749",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T16:15:09.010",
"lastModified": "2024-01-25T16:15:09.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/issues/2713",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md",
"source": "cve@mitre.org"
}
]
}

68
CVE-2024/CVE-2024-229xx/CVE-2024-22911.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22911",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T18:15:08.680",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:26:07.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en SWFTools v0.9.2, en la funci\u00f3n parseExpression en src/swfc.c:2602."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/216",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-229xx/CVE-2024-22912.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22912",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T18:15:08.723",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:26:24.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer global en SWFTools v0.9.2, en la l\u00ednea de recuento de funciones en swf5compiler.flex:327. Permite que un atacante provoque la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/212",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-229xx/CVE-2024-22913.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22913",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T18:15:08.767",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:26:40.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en SWFTools v0.9.2, en la funci\u00f3n swf5lex en lex.swf5.c:1321. Permite que un atacante provoque la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/213",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-229xx/CVE-2024-22914.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22914",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T18:15:08.807",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:25:00.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un use-after-free de almacenamiento din\u00e1mico en SWFTools v0.9.2, en la entrada de funci\u00f3n en lex.swf5.c:2620. Permite que un atacante provoque denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/214",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-229xx/CVE-2024-22915.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22915",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T18:15:08.847",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T15:25:19.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un use-after-free de almacenamiento din\u00e1mico en SWFTools v0.9.2, en la funci\u00f3n swf_DeleteTag en rfxswf.c:1193. Permite que un atacante provoque la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/215",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-25T15:00:24.541894+00:00
2024-01-25T17:00:25.107913+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-25T14:59:59.737000+00:00
2024-01-25T16:59:51.593000+00:00
```
### Last Data Feed Release
@ -29,45 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236784
236793
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `9`
* [CVE-2024-23855](CVE-2024/CVE-2024-238xx/CVE-2024-23855.json) (`2024-01-25T14:15:27.183`)
* [CVE-2023-3181](CVE-2023/CVE-2023-31xx/CVE-2023-3181.json) (`2024-01-25T16:15:07.400`)
* [CVE-2023-40547](CVE-2023/CVE-2023-405xx/CVE-2023-40547.json) (`2024-01-25T16:15:07.717`)
* [CVE-2023-52076](CVE-2023/CVE-2023-520xx/CVE-2023-52076.json) (`2024-01-25T16:15:07.930`)
* [CVE-2024-0879](CVE-2024/CVE-2024-08xx/CVE-2024-0879.json) (`2024-01-25T15:15:07.713`)
* [CVE-2024-22432](CVE-2024/CVE-2024-224xx/CVE-2024-22432.json) (`2024-01-25T15:15:07.923`)
* [CVE-2024-22729](CVE-2024/CVE-2024-227xx/CVE-2024-22729.json) (`2024-01-25T15:15:08.133`)
* [CVE-2024-0822](CVE-2024/CVE-2024-08xx/CVE-2024-0822.json) (`2024-01-25T16:15:08.743`)
* [CVE-2024-22529](CVE-2024/CVE-2024-225xx/CVE-2024-22529.json) (`2024-01-25T16:15:08.960`)
* [CVE-2024-22749](CVE-2024/CVE-2024-227xx/CVE-2024-22749.json) (`2024-01-25T16:15:09.010`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `24`
* [CVE-2023-33202](CVE-2023/CVE-2023-332xx/CVE-2023-33202.json) (`2024-01-25T14:15:25.783`)
* [CVE-2023-3628](CVE-2023/CVE-2023-36xx/CVE-2023-3628.json) (`2024-01-25T14:15:25.900`)
* [CVE-2023-3629](CVE-2023/CVE-2023-36xx/CVE-2023-3629.json) (`2024-01-25T14:15:26.017`)
* [CVE-2023-46218](CVE-2023/CVE-2023-462xx/CVE-2023-46218.json) (`2024-01-25T14:15:26.117`)
* [CVE-2023-46672](CVE-2023/CVE-2023-466xx/CVE-2023-46672.json) (`2024-01-25T14:15:26.207`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2024-01-25T14:15:26.360`)
* [CVE-2023-51767](CVE-2023/CVE-2023-517xx/CVE-2023-51767.json) (`2024-01-25T14:15:26.530`)
* [CVE-2023-5236](CVE-2023/CVE-2023-52xx/CVE-2023-5236.json) (`2024-01-25T14:15:26.617`)
* [CVE-2023-5384](CVE-2023/CVE-2023-53xx/CVE-2023-5384.json) (`2024-01-25T14:15:26.733`)
* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2024-01-25T14:15:26.840`)
* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2024-01-25T14:15:27.010`)
* [CVE-2024-0617](CVE-2024/CVE-2024-06xx/CVE-2024-0617.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-0624](CVE-2024/CVE-2024-06xx/CVE-2024-0624.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-0688](CVE-2024/CVE-2024-06xx/CVE-2024-0688.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-0625](CVE-2024/CVE-2024-06xx/CVE-2024-0625.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-23985](CVE-2024/CVE-2024-239xx/CVE-2024-23985.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-22099](CVE-2024/CVE-2024-220xx/CVE-2024-22099.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-23307](CVE-2024/CVE-2024-233xx/CVE-2024-23307.json) (`2024-01-25T13:38:33.693`)
* [CVE-2024-0726](CVE-2024/CVE-2024-07xx/CVE-2024-0726.json) (`2024-01-25T13:59:44.110`)
* [CVE-2024-0735](CVE-2024/CVE-2024-07xx/CVE-2024-0735.json) (`2024-01-25T14:17:15.930`)
* [CVE-2024-22919](CVE-2024/CVE-2024-229xx/CVE-2024-22919.json) (`2024-01-25T14:54:29.357`)
* [CVE-2024-22955](CVE-2024/CVE-2024-229xx/CVE-2024-22955.json) (`2024-01-25T14:54:48.427`)
* [CVE-2024-22956](CVE-2024/CVE-2024-229xx/CVE-2024-22956.json) (`2024-01-25T14:55:01.053`)
* [CVE-2024-23659](CVE-2024/CVE-2024-236xx/CVE-2024-23659.json) (`2024-01-25T14:58:22.470`)
* [CVE-2024-22957](CVE-2024/CVE-2024-229xx/CVE-2024-22957.json) (`2024-01-25T14:59:59.737`)
* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-25T16:42:55.503`)
* [CVE-2022-45083](CVE-2022/CVE-2022-450xx/CVE-2022-45083.json) (`2024-01-25T15:42:27.457`)
* [CVE-2023-49099](CVE-2023/CVE-2023-490xx/CVE-2023-49099.json) (`2024-01-25T15:32:52.503`)
* [CVE-2023-49943](CVE-2023/CVE-2023-499xx/CVE-2023-49943.json) (`2024-01-25T15:35:06.977`)
* [CVE-2023-48297](CVE-2023/CVE-2023-482xx/CVE-2023-48297.json) (`2024-01-25T15:42:48.877`)
* [CVE-2023-49098](CVE-2023/CVE-2023-490xx/CVE-2023-49098.json) (`2024-01-25T15:44:43.440`)
* [CVE-2023-51946](CVE-2023/CVE-2023-519xx/CVE-2023-51946.json) (`2024-01-25T15:52:22.730`)
* [CVE-2023-42463](CVE-2023/CVE-2023-424xx/CVE-2023-42463.json) (`2024-01-25T16:09:07.937`)
* [CVE-2023-6944](CVE-2023/CVE-2023-69xx/CVE-2023-6944.json) (`2024-01-25T16:15:08.177`)
* [CVE-2023-34063](CVE-2023/CVE-2023-340xx/CVE-2023-34063.json) (`2024-01-25T16:22:30.063`)
* [CVE-2023-7031](CVE-2023/CVE-2023-70xx/CVE-2023-7031.json) (`2024-01-25T16:32:53.153`)
* [CVE-2023-6548](CVE-2023/CVE-2023-65xx/CVE-2023-6548.json) (`2024-01-25T16:45:58.287`)
* [CVE-2023-6395](CVE-2023/CVE-2023-63xx/CVE-2023-6395.json) (`2024-01-25T16:59:51.593`)
* [CVE-2024-22213](CVE-2024/CVE-2024-222xx/CVE-2024-22213.json) (`2024-01-25T15:10:41.767`)
* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-25T15:15:07.607`)
* [CVE-2024-22914](CVE-2024/CVE-2024-229xx/CVE-2024-22914.json) (`2024-01-25T15:25:00.303`)
* [CVE-2024-22915](CVE-2024/CVE-2024-229xx/CVE-2024-22915.json) (`2024-01-25T15:25:19.217`)
* [CVE-2024-22911](CVE-2024/CVE-2024-229xx/CVE-2024-22911.json) (`2024-01-25T15:26:07.957`)
* [CVE-2024-22912](CVE-2024/CVE-2024-229xx/CVE-2024-22912.json) (`2024-01-25T15:26:24.400`)
* [CVE-2024-22913](CVE-2024/CVE-2024-229xx/CVE-2024-22913.json) (`2024-01-25T15:26:40.197`)
* [CVE-2024-21655](CVE-2024/CVE-2024-216xx/CVE-2024-21655.json) (`2024-01-25T15:36:21.337`)
* [CVE-2024-22409](CVE-2024/CVE-2024-224xx/CVE-2024-22409.json) (`2024-01-25T16:08:58.740`)
* [CVE-2024-0217](CVE-2024/CVE-2024-02xx/CVE-2024-0217.json) (`2024-01-25T16:15:08.390`)
* [CVE-2024-0567](CVE-2024/CVE-2024-05xx/CVE-2024-0567.json) (`2024-01-25T16:15:08.510`)
## Download and Usage