diff --git a/CVE-2021/CVE-2021-227xx/CVE-2021-22763.json b/CVE-2021/CVE-2021-227xx/CVE-2021-22763.json index 68684011969..4dfcd826539 100644 --- a/CVE-2021/CVE-2021-227xx/CVE-2021-22763.json +++ b/CVE-2021/CVE-2021-227xx/CVE-2021-22763.json @@ -2,9 +2,8 @@ "id": "CVE-2021-22763", "sourceIdentifier": "cybersecurity@se.com", "published": "2021-06-11T16:15:10.320", - "lastModified": "2023-11-07T03:30:24.917", + "lastModified": "2024-11-24T15:15:04.450", "vulnStatus": "Modified", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", - "availabilityImpact": "COMPLETE", - "baseScore": 10.0 + "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, @@ -67,7 +66,7 @@ "weaknesses": [ { "source": "cybersecurity@se.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -219,8 +218,12 @@ ], "references": [ { - "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf", "source": "cybersecurity@se.com" + }, + { + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-227xx/CVE-2021-22764.json b/CVE-2021/CVE-2021-227xx/CVE-2021-22764.json index 3b16079de18..203df78b025 100644 --- a/CVE-2021/CVE-2021-227xx/CVE-2021-22764.json +++ b/CVE-2021/CVE-2021-227xx/CVE-2021-22764.json @@ -2,9 +2,8 @@ "id": "CVE-2021-22764", "sourceIdentifier": "cybersecurity@se.com", "published": "2021-06-11T16:15:10.390", - "lastModified": "2023-11-07T03:30:25.010", + "lastModified": "2024-11-24T15:15:04.637", "vulnStatus": "Modified", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "LOW" }, "exploitabilityScore": 3.9, "impactScore": 1.4 @@ -45,13 +44,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "PARTIAL", - "baseScore": 5.0 + "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, @@ -67,7 +66,7 @@ "weaknesses": [ { "source": "cybersecurity@se.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -192,8 +191,12 @@ ], "references": [ { - "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf", "source": "cybersecurity@se.com" + }, + { + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3758.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3758.json index cc4db66fdcd..a176399722b 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3758.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3758.json @@ -2,9 +2,8 @@ "id": "CVE-2023-3758", "sourceIdentifier": "secalert@redhat.com", "published": "2024-04-18T19:15:08.597", - "lastModified": "2024-09-16T19:16:05.550", + "lastModified": "2024-11-24T16:15:03.767", "vulnStatus": "Awaiting Analysis", - "cveTags": [], "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +31,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 @@ -46,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-285" + "value": "CWE-362" } ] } @@ -87,6 +86,54 @@ { "url": "https://github.com/SSSD/sssd/pull/7302", "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1919", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1920", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1921", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1922", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:2571", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3270", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3758", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://github.com/SSSD/sssd/pull/7302", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json index 3d96a56446b..8a927ed570a 100644 --- a/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json @@ -2,13 +2,8 @@ "id": "CVE-2024-0012", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-11-18T16:15:11.683", - "lastModified": "2024-11-19T17:17:29.723", - "vulnStatus": "Analyzed", - "cveTags": [], - "cisaExploitAdd": "2024-11-18", - "cisaActionDue": "2024-12-09", - "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.", - "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability", + "lastModified": "2024-11-24T15:15:05.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -27,6 +22,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -58,9 +55,7 @@ "recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", - "providerUrgency": "RED", - "baseScore": 9.3, - "baseSeverity": "CRITICAL" + "providerUrgency": "RED" } } ], @@ -71,6 +66,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -78,19 +75,21 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, + "cisaExploitAdd": "2024-11-18", + "cisaActionDue": "2024-12-09", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.", + "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability", "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -99,8 +98,8 @@ ] }, { - "source": "psirt@paloaltonetworks.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -181,6 +180,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json index eb7331a95e4..a9f8226b9f2 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json @@ -2,9 +2,8 @@ "id": "CVE-2024-10914", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T14:15:05.310", - "lastModified": "2024-11-08T19:53:04.793", - "vulnStatus": "Analyzed", - "cveTags": [], + "lastModified": "2024-11-24T15:15:06.090", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -23,6 +22,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.2, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", @@ -54,39 +55,19 @@ "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", - "providerUrgency": "NOT_DEFINED", - "baseScore": 9.2, - "baseSeverity": "CRITICAL" + "providerUrgency": "NOT_DEFINED" } } ], "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -94,12 +75,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.2, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -109,13 +108,13 @@ "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "baseScore": 7.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", - "availabilityImpact": "COMPLETE", - "baseScore": 7.6 + "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 4.9, @@ -131,12 +130,8 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ - { - "lang": "en", - "value": "CWE-707" - }, { "lang": "en", "value": "CWE-74" @@ -144,6 +139,10 @@ { "lang": "en", "value": "CWE-78" + }, + { + "lang": "en", + "value": "CWE-707" } ] } @@ -295,6 +294,10 @@ "tags": [ "Product" ] + }, + { + "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json index d13339926c9..4190502d5c4 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11066", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:07.730", - "lastModified": "2024-11-15T18:22:45.323", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-24T15:15:06.387", + "vulnStatus": "Modified", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -26,10 +26,12 @@ "cvssMetricV31": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -37,9 +39,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 @@ -49,7 +49,7 @@ "weaknesses": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -101,6 +101,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json index d1d2022ec07..6af874aaa47 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11067", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:08.263", - "lastModified": "2024-11-15T18:23:32.557", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-24T15:15:06.567", + "vulnStatus": "Modified", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -26,10 +26,12 @@ "cvssMetricV31": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -37,9 +39,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -49,7 +49,7 @@ "weaknesses": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -101,6 +101,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json index bf196cf982a..917aad10475 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11068", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:08.850", - "lastModified": "2024-11-15T18:24:25.127", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-24T15:15:06.707", + "vulnStatus": "Modified", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -26,10 +26,12 @@ "cvssMetricV31": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -37,9 +39,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -49,7 +49,7 @@ "weaknesses": [ { "source": "twcert@cert.org.tw", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -101,6 +101,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53899.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53899.json new file mode 100644 index 00000000000..0eaf93aa112 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53899.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-53899", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-24T16:15:06.647", + "lastModified": "2024-11-24T16:15:06.647", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/pypa/virtualenv/issues/2768", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pypa/virtualenv/pull/2771", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pypa/virtualenv/releases/tag/20.26.6", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json index 01f1c5741de..215cbe1b8ca 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json @@ -2,13 +2,8 @@ "id": "CVE-2024-9474", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-11-18T16:15:29.780", - "lastModified": "2024-11-19T17:16:40.513", - "vulnStatus": "Analyzed", - "cveTags": [], - "cisaExploitAdd": "2024-11-18", - "cisaActionDue": "2024-12-09", - "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.", - "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", + "lastModified": "2024-11-24T15:15:08.457", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -27,6 +22,8 @@ "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", @@ -58,9 +55,7 @@ "recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", - "providerUrgency": "RED", - "baseScore": 6.9, - "baseSeverity": "MEDIUM" + "providerUrgency": "RED" } } ], @@ -71,6 +66,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -78,19 +75,21 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } ] }, + "cisaExploitAdd": "2024-11-18", + "cisaActionDue": "2024-12-09", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.", + "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -99,8 +98,8 @@ ] }, { - "source": "psirt@paloaltonetworks.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -203,6 +202,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 9f9dd4f03d3..1213a35b3ff 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-24T15:00:50.643147+00:00 +2024-11-24T17:02:02.021537+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-24T14:15:04.850000+00:00 +2024-11-24T16:15:06.647000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -271197 +271198 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +- [CVE-2024-53899](CVE-2024/CVE-2024-538xx/CVE-2024-53899.json) (`2024-11-24T16:15:06.647`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `9` -- [CVE-2024-1753](CVE-2024/CVE-2024-17xx/CVE-2024-1753.json) (`2024-11-24T14:15:04.850`) +- [CVE-2021-22763](CVE-2021/CVE-2021-227xx/CVE-2021-22763.json) (`2024-11-24T15:15:04.450`) +- [CVE-2021-22764](CVE-2021/CVE-2021-227xx/CVE-2021-22764.json) (`2024-11-24T15:15:04.637`) +- [CVE-2023-3758](CVE-2023/CVE-2023-37xx/CVE-2023-3758.json) (`2024-11-24T16:15:03.767`) +- [CVE-2024-0012](CVE-2024/CVE-2024-00xx/CVE-2024-0012.json) (`2024-11-24T15:15:05.860`) +- [CVE-2024-10914](CVE-2024/CVE-2024-109xx/CVE-2024-10914.json) (`2024-11-24T15:15:06.090`) +- [CVE-2024-11066](CVE-2024/CVE-2024-110xx/CVE-2024-11066.json) (`2024-11-24T15:15:06.387`) +- [CVE-2024-11067](CVE-2024/CVE-2024-110xx/CVE-2024-11067.json) (`2024-11-24T15:15:06.567`) +- [CVE-2024-11068](CVE-2024/CVE-2024-110xx/CVE-2024-11068.json) (`2024-11-24T15:15:06.707`) +- [CVE-2024-9474](CVE-2024/CVE-2024-94xx/CVE-2024-9474.json) (`2024-11-24T15:15:08.457`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d8b77d5a841..de944ddd8cb 100644 --- a/_state.csv +++ b/_state.csv @@ -169090,8 +169090,8 @@ CVE-2021-2276,0,0,b5dae63cf39bc17db33d4e293b32b17614540e5a0409c0fe2eac092f495973 CVE-2021-22760,0,0,b29711f35512f6cce26b485013501672e80fea0e135a3d322599bd897d7e92fb,2021-06-15T19:12:35.493000 CVE-2021-22761,0,0,9e6cb14c6689375fe1509ddd0e9b8627b5d88801ed42d79ee336f03fecc1ab84,2021-06-15T19:15:09.343000 CVE-2021-22762,0,0,2e0ce445fae3a9758a1de38793a8ef207fe838a7d2c09e0ec875502c68a987db,2021-06-15T19:15:49.320000 -CVE-2021-22763,0,0,44f96c4fd8185dc38ffb7908a057c75bb0b57c4a2b56b0476f20f8b9293a2499,2023-11-07T03:30:24.917000 -CVE-2021-22764,0,0,9cc1607fac0cc0ac231a3ba5687cea43d83f3ca3b983322aff2cac846b2391ae,2023-11-07T03:30:25.010000 +CVE-2021-22763,0,1,a4cc75c063bad05ec3e779428767eaf223978dad8c1da900e1f47cdb264e0d6b,2024-11-24T15:15:04.450000 +CVE-2021-22764,0,1,1b6552a824c5bc87d7edb6ccd3b8668991bd905413cc57021104f97cb0ff64bb,2024-11-24T15:15:04.637000 CVE-2021-22765,0,0,2945810356a8ce07a452d343212ec346293056bc0f079dd95a11ea1461a3d4e4,2024-08-03T19:15:36.717000 CVE-2021-22766,0,0,dca50b4700ed62e6f8130a3ce0048b263acd8da492199a8d7fce9f74f0a3f799,2024-08-03T19:15:36.837000 CVE-2021-22767,0,0,13da2f53546b87232a1dcb5085025bb468bb8503eb2c38bb145258a9fc5303ae,2024-08-03T19:15:36.920000 @@ -228697,7 +228697,7 @@ CVE-2023-37576,0,0,4a409ec25780249cc0ff6f23d32922308c9f3c2b2689d74d87cb8d1aeaec0 CVE-2023-37577,0,0,a293b5eb89e08f69573f2ec2c78f4feb2107da3c4f4cd3b13788154956d92cf7,2024-04-09T21:15:12.807000 CVE-2023-37578,0,0,5863500d4e6f44cfaec0e44ca8823a8ae6381bb626af944090671981a260740c,2024-04-09T21:15:12.900000 CVE-2023-37579,0,0,a63fb411059bff24e213440071988a2fa34bfcab1ad38988a1b4395e6f50415a,2023-07-20T17:37:20.790000 -CVE-2023-3758,0,0,5e7c51c95b06afb5f93dc396881d2d7e840eae0205e8aa2365b463fcb422d6ad,2024-09-16T19:16:05.550000 +CVE-2023-3758,0,1,cc607726e8bfc6077701ee5b75676d356684272a193d08c8b957f1b078031661,2024-11-24T16:15:03.767000 CVE-2023-37580,0,0,d3cfc7b4ec72ffd9baf1a5b22c0bdbdda2d0ea14fe3b55cfed5838ffc96ddfbf,2023-12-22T15:16:27.810000 CVE-2023-37581,0,0,1c75a6cf8f939f7c4339d9b8f28fdeb814489847df1a596417daedd7dc8b0938,2023-11-07T04:17:00.163000 CVE-2023-37582,0,0,6dfe2fccb93b11bec98905f8f33254af75b92e55efe584ad73a13ffb87cc6ed4,2023-07-20T02:11:34.330000 @@ -241723,7 +241723,7 @@ CVE-2024-0008,0,0,899bae3dea0b6932a6d046356f47764b32f025595d0eef60d8e0e433b2b040 CVE-2024-0009,0,0,31a37345511ab8f9e782cdcb9d09dfe3dad4751b5c25ab7a9b1c5c74d0c64c05,2024-02-15T06:23:39.303000 CVE-2024-0010,0,0,0619a8beffc460e406861d5436887a98d4820a4ca409aea20f604a00879fcec0,2024-02-15T06:23:39.303000 CVE-2024-0011,0,0,871bd2790e1644ed9a3dece6c89b7131ea036c72c23f82726bf2a5f6003f50ac,2024-02-15T06:23:39.303000 -CVE-2024-0012,0,0,ef6b6a85e60b444c75bd6e36f09d9f6606b5fae6d330768e6b835d3fd04fb999,2024-11-19T17:17:29.723000 +CVE-2024-0012,0,1,a829f0a1b8deec54ca601ead0c28902fa355408a33946fb830573636d19968e5,2024-11-24T15:15:05.860000 CVE-2024-0014,0,0,57b1d977bcf36a4089ab5ef9c9905bf2b69a9e66b00e8c3e91bd20eccc0f8b75,2024-08-26T18:35:03.770000 CVE-2024-0015,0,0,00e8b369d8c884be684dc161c3d8d59320e06337f56989191711b768cfe02c9b,2024-08-28T17:35:03.353000 CVE-2024-0016,0,0,07b99aa38f7f021ca30f24587ae8679400297ca98f5e8da8ccc928cbae430ba9,2024-10-31T15:35:18.640000 @@ -243241,7 +243241,7 @@ CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb CVE-2024-10900,0,0,f0a1068a03da92137242d5778d1db0773cba2fb63def13779ff35e3410d8f989,2024-11-20T07:15:08.690000 CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000 CVE-2024-10913,0,0,4e9b29333972ed20a30c4eccde2c9645761370bd1f3d0211dcdd27a3f9c3d9cf,2024-11-20T14:15:17.253000 -CVE-2024-10914,0,0,a19349a4797c04ddb77f70975a0145b559e2c17ff8d6db53557df6669e0449a1,2024-11-08T19:53:04.793000 +CVE-2024-10914,0,1,0e11c1731905763ffc173784369687971adc0677422c26a81c4aa2918d85e560,2024-11-24T15:15:06.090000 CVE-2024-10915,0,0,b06bfc4427bf3f30a98b7ce390941759d780f67755e284354baa2af5087ffe27,2024-11-08T20:11:10.973000 CVE-2024-10916,0,0,bc544f9bd284df1d2cb2c93c5b72a85d457acf8720f73da6b50b8a164264f036,2024-11-08T20:11:37.567000 CVE-2024-10917,0,0,1eea699579f5dcb0f1ea716ba091b6b657cbea6b54620c9aa27bd72862f79a0d,2024-11-12T13:55:21.227000 @@ -243339,9 +243339,9 @@ CVE-2024-11062,0,0,382398a254813285a8ce00b946267d17abf1e43f0a04fb87d058a641703cc CVE-2024-11063,0,0,c82d798dd5590a078b5d7d26840dc30b4d0e6afdb1c08ee601fbc34cd61d9b36,2024-11-15T18:21:55.407000 CVE-2024-11064,0,0,7bc630a0bda7c8d299c9c3d34681318b70b580b6ee835e3a35824920be4cbd1c,2024-11-15T18:22:07.027000 CVE-2024-11065,0,0,07ecc20a5dd82ce3ecccd8bd16ce6c9c834a7ee14450b7b733f59e01e4d5af6b,2024-11-15T18:22:28.430000 -CVE-2024-11066,0,0,e16818aa9ce80078f2734ac486cf4eb542ac5bd17e4c391662d4998111e3a483,2024-11-15T18:22:45.323000 -CVE-2024-11067,0,0,56467501c947edd55cd4613fd2ef381247159c27f7d35a83af06c94b6a86acf3,2024-11-15T18:23:32.557000 -CVE-2024-11068,0,0,f7e9062074774d089c911b3e1747ffd8f63444b7d0cb3b7ce8ded4e6fed69b57,2024-11-15T18:24:25.127000 +CVE-2024-11066,0,1,f4d151e860fcc30f331de0b3259e95fc93fee25887e290628c9592c7621bf101,2024-11-24T15:15:06.387000 +CVE-2024-11067,0,1,4a05e809a23a9c2fd51ee2a338a74c410821f5f8b3eb662012c0500c1f8e7025,2024-11-24T15:15:06.567000 +CVE-2024-11068,0,1,50b063d7b829f002a85ab8473e50676a97f317c1df5a32b45c3ec0d0a11d73d9,2024-11-24T15:15:06.707000 CVE-2024-11069,0,0,7bbe444b414130d646e6e97abbee4066ed9cb9bd98d21c276eb448b361350d82,2024-11-19T21:57:32.967000 CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000 CVE-2024-11070,0,0,d26f54343d51f320ddc8212a815842d989a89842dd5b089d23a372fee3847ed9,2024-11-23T01:31:09.333000 @@ -244181,7 +244181,7 @@ CVE-2024-1749,0,0,f620be6c4367805be5c83719352e695698d105470ce084642dece004f1c7c3 CVE-2024-1750,0,0,7f9ce3864064263c9a72249a090e6a4b7033b154fc6d744d107ff4cdf65d126b,2024-05-17T02:35:35.177000 CVE-2024-1751,0,0,154c401fe290eec38fd9c24bb6a8378784a8ac703cfa36934de32237c4b2fc0e,2024-03-13T18:15:58.530000 CVE-2024-1752,0,0,ebd28678960fb125918a034bc6797117b5ad867c71cd1502baeff6b2a6777f59,2024-10-27T23:35:02.790000 -CVE-2024-1753,0,1,f8a25262c3f86133c866f1e07d45759b1904f223f4c08dde686d2805e8b195d9,2024-11-24T14:15:04.850000 +CVE-2024-1753,0,0,f8a25262c3f86133c866f1e07d45759b1904f223f4c08dde686d2805e8b195d9,2024-11-24T14:15:04.850000 CVE-2024-1754,0,0,6d02707455f72bdff06cdba8f236495298ba067f3e3a9d1cc5b84a96ef4c9f88,2024-04-15T13:15:31.997000 CVE-2024-1755,0,0,3d3eb53461864a2d0b6846883348dbee673cb6d9a59185cf31292954d770d20b,2024-07-08T14:17:11.257000 CVE-2024-1756,0,0,3e84813a966b3d138c76e22bdd3fcd8ab2964d96bf9c77ed86651d769e5bb5a7,2024-04-24T13:39:42.883000 @@ -267409,6 +267409,7 @@ CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce CVE-2024-5387,0,0,d7455745fd4e2043656d894120ace9fd562ab2b459405f5c80fb87774616ea6e,2024-06-03T19:15:09.500000 CVE-2024-5388,0,0,88068f2d18329bc2e1ad4660154ccfa55826fed94a4e1660b5757c6715c273a8,2024-06-03T19:15:09.557000 CVE-2024-5389,0,0,f6aaaf23dff2a1d7f90a7950cdbb76e8322ef8c0ff1bf8f6173fe4634d169b69,2024-07-09T19:15:13.853000 +CVE-2024-53899,1,1,8776b881d1b526af943acee6a5cbe80910701b0a63f07ded2f56c709b69dc1d7,2024-11-24T16:15:06.647000 CVE-2024-5390,0,0,577e03013c579fd5ea5c07b95a092cd4d32be3fa4130d25da9e61ffe468007ab,2024-06-04T19:21:08.020000 CVE-2024-5391,0,0,a7c29f93c1b76aed47351138468a6c5b251b9f9a4ad39cf688118719a36ed1c7,2024-06-07T20:15:12.687000 CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c8352c,2024-06-04T19:21:08.117000 @@ -270803,7 +270804,7 @@ CVE-2024-9470,0,0,13c3a583553fbf2e90723a5a0ed6f2354808c5a1753993b658aba04d0ed9b2 CVE-2024-9471,0,0,2517c360d1e41d9c7ea79e15df7f34465e8f98b985f9011876ffa34a1656df21,2024-10-15T16:55:45.090000 CVE-2024-9472,0,0,6dc75bb8c902376e1f062a26c7a99982f272de37330a03e0fbfe9796bed76fac,2024-11-15T13:58:08.913000 CVE-2024-9473,0,0,2610a860a1ec132e11b499793a273ee08374ba46887944874ff47b7b5fdd4588,2024-10-17T06:15:04.983000 -CVE-2024-9474,0,0,3fef1f3c76f5f634d1a88c922559de94af3e45f4090a5ae04eeaeea76b5e73d0,2024-11-19T17:16:40.513000 +CVE-2024-9474,0,1,0dc6a815c47b3272133aac475d6df665490f19d640f5fad98ce6cd8890e5d35b,2024-11-24T15:15:08.457000 CVE-2024-9475,0,0,273622ecfea8dd0cb8d3a034084a5946e50b2bee83443e844bae24857067e968,2024-10-28T13:58:09.230000 CVE-2024-9476,0,0,e9d7dbd43229ebc9ea9972271d753666a58d144ea232688064d92b4b52fc9277,2024-11-15T14:00:09.720000 CVE-2024-9477,0,0,cf43e95350fa7037b016e95ffdd76723a0091878a7d1f39dfbb116076ef07df2,2024-11-15T22:54:21.233000