From 2120003296121045538f338f7d2ab9ff61f46e5a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 7 Feb 2024 19:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-07T19:00:25.333795+00:00 --- CVE-1999/CVE-1999-02xx/CVE-1999-0293.json | 13 +- CVE-2009/CVE-2009-13xx/CVE-2009-1377.json | 192 +++++++++---------- CVE-2009/CVE-2009-13xx/CVE-2009-1378.json | 197 ++++++++++---------- CVE-2009/CVE-2009-13xx/CVE-2009-1386.json | 104 ++++++----- CVE-2009/CVE-2009-13xx/CVE-2009-1387.json | 61 +++++- CVE-2019/CVE-2019-17xx/CVE-2019-1749.json | 19 +- CVE-2021/CVE-2021-12xx/CVE-2021-1220.json | 23 ++- CVE-2021/CVE-2021-346xx/CVE-2021-34699.json | 13 +- CVE-2021/CVE-2021-347xx/CVE-2021-34705.json | 13 +- CVE-2022/CVE-2022-206xx/CVE-2022-20679.json | 13 +- CVE-2022/CVE-2022-206xx/CVE-2022-20681.json | 13 +- CVE-2022/CVE-2022-207xx/CVE-2022-20718.json | 18 +- CVE-2022/CVE-2022-207xx/CVE-2022-20719.json | 18 +- CVE-2022/CVE-2022-207xx/CVE-2022-20720.json | 8 +- CVE-2022/CVE-2022-207xx/CVE-2022-20721.json | 18 +- CVE-2022/CVE-2022-207xx/CVE-2022-20722.json | 18 +- CVE-2022/CVE-2022-207xx/CVE-2022-20723.json | 18 +- CVE-2022/CVE-2022-36xx/CVE-2022-3647.json | 26 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31002.json | 47 +++++ CVE-2023/CVE-2023-323xx/CVE-2023-32328.json | 59 ++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32330.json | 59 ++++++ CVE-2023/CVE-2023-383xx/CVE-2023-38369.json | 59 ++++++ CVE-2023/CVE-2023-405xx/CVE-2023-40547.json | 6 +- CVE-2023/CVE-2023-430xx/CVE-2023-43017.json | 59 ++++++ CVE-2023/CVE-2023-457xx/CVE-2023-45734.json | 58 +++++- CVE-2023/CVE-2023-472xx/CVE-2023-47256.json | 73 +++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47561.json | 64 ++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47562.json | 64 ++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47700.json | 59 ++++++ CVE-2023/CVE-2023-491xx/CVE-2023-49118.json | 58 +++++- CVE-2023/CVE-2023-515xx/CVE-2023-51536.json | 51 ++++- CVE-2023/CVE-2023-515xx/CVE-2023-51540.json | 51 ++++- CVE-2023/CVE-2023-515xx/CVE-2023-51548.json | 51 ++++- CVE-2023/CVE-2023-516xx/CVE-2023-51666.json | 61 +++++- CVE-2023/CVE-2023-516xx/CVE-2023-51669.json | 51 ++++- CVE-2023/CVE-2023-516xx/CVE-2023-51674.json | 51 ++++- CVE-2023/CVE-2023-516xx/CVE-2023-51677.json | 51 ++++- CVE-2024/CVE-2024-02xx/CVE-2024-0285.json | 63 ++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0685.json | 64 ++++++- CVE-2024/CVE-2024-10xx/CVE-2024-1040.json | 73 +++++++- CVE-2024/CVE-2024-202xx/CVE-2024-20252.json | 55 ++++++ CVE-2024/CVE-2024-202xx/CVE-2024-20254.json | 55 ++++++ CVE-2024/CVE-2024-202xx/CVE-2024-20255.json | 55 ++++++ CVE-2024/CVE-2024-202xx/CVE-2024-20290.json | 55 ++++++ CVE-2024/CVE-2024-217xx/CVE-2024-21764.json | 67 ++++++- CVE-2024/CVE-2024-217xx/CVE-2024-21794.json | 67 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21845.json | 63 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21851.json | 63 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21852.json | 67 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21860.json | 63 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21863.json | 63 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21866.json | 67 ++++++- CVE-2024/CVE-2024-218xx/CVE-2024-21869.json | 67 ++++++- CVE-2024/CVE-2024-220xx/CVE-2024-22012.json | 4 +- CVE-2024/CVE-2024-220xx/CVE-2024-22016.json | 67 ++++++- CVE-2024/CVE-2024-220xx/CVE-2024-22096.json | 67 ++++++- CVE-2024/CVE-2024-228xx/CVE-2024-22899.json | 80 +++++++- CVE-2024/CVE-2024-229xx/CVE-2024-22900.json | 80 +++++++- CVE-2024/CVE-2024-229xx/CVE-2024-22901.json | 80 +++++++- CVE-2024/CVE-2024-229xx/CVE-2024-22902.json | 85 ++++++++- CVE-2024/CVE-2024-229xx/CVE-2024-22903.json | 80 +++++++- CVE-2024/CVE-2024-238xx/CVE-2024-23806.json | 59 ++++++ CVE-2024/CVE-2024-240xx/CVE-2024-24041.json | 73 +++++++- CVE-2024/CVE-2024-241xx/CVE-2024-24130.json | 4 +- CVE-2024/CVE-2024-241xx/CVE-2024-24131.json | 4 +- CVE-2024/CVE-2024-241xx/CVE-2024-24133.json | 4 +- CVE-2024/CVE-2024-241xx/CVE-2024-24186.json | 4 +- CVE-2024/CVE-2024-241xx/CVE-2024-24188.json | 4 +- CVE-2024/CVE-2024-241xx/CVE-2024-24189.json | 4 +- CVE-2024/CVE-2024-245xx/CVE-2024-24563.json | 63 +++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24571.json | 57 +++++- CVE-2024/CVE-2024-245xx/CVE-2024-24572.json | 57 +++++- CVE-2024/CVE-2024-245xx/CVE-2024-24573.json | 67 ++++++- CVE-2024/CVE-2024-247xx/CVE-2024-24706.json | 59 ++++++ CVE-2024/CVE-2024-247xx/CVE-2024-24771.json | 4 +- CVE-2024/CVE-2024-248xx/CVE-2024-24811.json | 4 +- CVE-2024/CVE-2024-248xx/CVE-2024-24812.json | 4 +- CVE-2024/CVE-2024-248xx/CVE-2024-24815.json | 6 +- CVE-2024/CVE-2024-248xx/CVE-2024-24816.json | 63 +++++++ CVE-2024/CVE-2024-248xx/CVE-2024-24822.json | 63 +++++++ CVE-2024/CVE-2024-248xx/CVE-2024-24823.json | 63 +++++++ CVE-2024/CVE-2024-248xx/CVE-2024-24824.json | 71 +++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24945.json | 73 +++++++- CVE-2024/CVE-2024-251xx/CVE-2024-25143.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25145.json | 4 +- CVE-2024/CVE-2024-252xx/CVE-2024-25200.json | 4 +- CVE-2024/CVE-2024-252xx/CVE-2024-25201.json | 4 +- README.md | 65 +++++-- 88 files changed, 3668 insertions(+), 590 deletions(-) create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31002.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32328.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32330.json create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38369.json create mode 100644 CVE-2023/CVE-2023-430xx/CVE-2023-43017.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47700.json create mode 100644 CVE-2024/CVE-2024-202xx/CVE-2024-20252.json create mode 100644 CVE-2024/CVE-2024-202xx/CVE-2024-20254.json create mode 100644 CVE-2024/CVE-2024-202xx/CVE-2024-20255.json create mode 100644 CVE-2024/CVE-2024-202xx/CVE-2024-20290.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23806.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24563.json create mode 100644 CVE-2024/CVE-2024-247xx/CVE-2024-24706.json create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24816.json create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24822.json create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24823.json create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24824.json diff --git a/CVE-1999/CVE-1999-02xx/CVE-1999-0293.json b/CVE-1999/CVE-1999-02xx/CVE-1999-0293.json index 2a5a190529b..d34b3c92985 100644 --- a/CVE-1999/CVE-1999-02xx/CVE-1999-0293.json +++ b/CVE-1999/CVE-1999-02xx/CVE-1999-0293.json @@ -2,8 +2,8 @@ "id": "CVE-1999-0293", "sourceIdentifier": "cve@mitre.org", "published": "1998-01-01T05:00:00.000", - "lastModified": "2022-08-17T08:15:08.960", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:06:16.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -58,8 +58,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34" + "criteria": "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6230A85-30D2-4934-A8A0-11499B7B09F8" } ] } @@ -69,7 +69,10 @@ "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0293", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2009/CVE-2009-13xx/CVE-2009-1377.json b/CVE-2009/CVE-2009-13xx/CVE-2009-1377.json index 63a803d4eb7..64f4f37455d 100644 --- a/CVE-2009/CVE-2009-13xx/CVE-2009-1377.json +++ b/CVE-2009/CVE-2009-13xx/CVE-2009-1377.json @@ -2,7 +2,7 @@ "id": "CVE-2009-1377", "sourceIdentifier": "secalert@redhat.com", "published": "2009-05-19T19:30:00.733", - "lastModified": "2022-02-02T15:07:05.827", + "lastModified": "2024-02-07T18:01:50.880", "vulnStatus": "Analyzed", "descriptions": [ { @@ -70,108 +70,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", - "versionEndExcluding": "0.9.8", - "matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*", - "matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*", - "matchCriteriaId": "93F99EA4-82F7-4B7E-9FBE-02556DB97DFF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*", - "matchCriteriaId": "69A90104-42EB-43CF-BD61-F3C614D6F6A3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*", - "matchCriteriaId": "35286BF4-5263-4E5C-86B8-9B878D420106" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*", - "matchCriteriaId": "F0FEC4C2-BF28-44C1-9762-895DDC12BDE0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*", - "matchCriteriaId": "4CB17026-5DDC-49C4-AE0A-95EF5A2B2EBE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*", - "matchCriteriaId": "8C498402-8162-437D-BBBA-A25696AD2308" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", - "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", - "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", - "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*", - "matchCriteriaId": "38238ECD-0581-47A0-B65E-9AA63A6C3148" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", - "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", - "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", - "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", - "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*", - "matchCriteriaId": "02CD2C58-2AF1-4968-ADC7-07E42A042162" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", - "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", - "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", - "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", - "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806" + "versionStartIncluding": "0.9.8", + "versionEndExcluding": "0.9.8m", + "matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC" } ] } @@ -237,6 +138,91 @@ "Third Party Advisory" ] }, + { + "url": "http://secunia.com/advisories/35128", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35416", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35461", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35571", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35729", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/36533", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/37003", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38761", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38794", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38834", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42724", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42733", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "source": "secalert@redhat.com", diff --git a/CVE-2009/CVE-2009-13xx/CVE-2009-1378.json b/CVE-2009/CVE-2009-13xx/CVE-2009-1378.json index 691b5cf8c2e..f81f4c138df 100644 --- a/CVE-2009/CVE-2009-13xx/CVE-2009-1378.json +++ b/CVE-2009/CVE-2009-13xx/CVE-2009-1378.json @@ -2,7 +2,7 @@ "id": "CVE-2009-1378", "sourceIdentifier": "secalert@redhat.com", "published": "2009-05-19T19:30:00.750", - "lastModified": "2022-02-02T15:10:58.387", + "lastModified": "2024-02-07T18:02:49.617", "vulnStatus": "Analyzed", "descriptions": [ { @@ -70,98 +70,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", - "versionEndExcluding": "0.9.8", - "matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*", - "matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*", - "matchCriteriaId": "93F99EA4-82F7-4B7E-9FBE-02556DB97DFF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*", - "matchCriteriaId": "69A90104-42EB-43CF-BD61-F3C614D6F6A3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*", - "matchCriteriaId": "35286BF4-5263-4E5C-86B8-9B878D420106" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*", - "matchCriteriaId": "F0FEC4C2-BF28-44C1-9762-895DDC12BDE0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*", - "matchCriteriaId": "4CB17026-5DDC-49C4-AE0A-95EF5A2B2EBE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*", - "matchCriteriaId": "8C498402-8162-437D-BBBA-A25696AD2308" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", - "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", - "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", - "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", - "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", - "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", - "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", - "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", - "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", - "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", - "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", - "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806" + "versionStartExcluding": "0.9.8", + "versionEndExcluding": "0.9.8m", + "matchCriteriaId": "5DC47E9C-E7B1-4EF7-AAEE-7D7746544D47" } ] } @@ -265,6 +176,102 @@ "Third Party Advisory" ] }, + { + "url": "http://secunia.com/advisories/35128", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35416", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35461", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35571", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35729", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/36533", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/37003", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38761", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38794", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38834", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42724", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42733", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, { "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "source": "secalert@redhat.com", @@ -298,7 +305,7 @@ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120", "source": "secalert@redhat.com", "tags": [ - "Broken Link" + "Not Applicable" ] }, { @@ -375,6 +382,7 @@ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Tool Signature" ] }, @@ -382,6 +390,7 @@ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Tool Signature" ] }, diff --git a/CVE-2009/CVE-2009-13xx/CVE-2009-1386.json b/CVE-2009/CVE-2009-13xx/CVE-2009-1386.json index dc78e27dc11..507a05956be 100644 --- a/CVE-2009/CVE-2009-13xx/CVE-2009-1386.json +++ b/CVE-2009/CVE-2009-13xx/CVE-2009-1386.json @@ -2,8 +2,8 @@ "id": "CVE-2009-1386", "sourceIdentifier": "secalert@redhat.com", "published": "2009-06-04T16:30:00.313", - "lastModified": "2023-02-13T02:20:11.013", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:03:30.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,53 +63,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", - "versionEndExcluding": "0.9.8", - "matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*", - "matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", - "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", - "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", - "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", - "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", - "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", - "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", - "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", - "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927" + "versionStartExcluding": "0.9.8", + "versionEndExcluding": "0.9.8i", + "matchCriteriaId": "CD28B423-FF29-4983-9FBD-68641B1C142A" } ] } @@ -220,6 +176,53 @@ "Vendor Advisory" ] }, + { + "url": "http://secunia.com/advisories/35571", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35685", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35729", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/36533", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38794", + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38834", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1", "source": "secalert@redhat.com", @@ -239,6 +242,7 @@ "url": "http://www.securityfocus.com/bid/35174", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" @@ -271,6 +275,7 @@ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Tool Signature" ] }, @@ -278,6 +283,7 @@ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Tool Signature" ] }, diff --git a/CVE-2009/CVE-2009-13xx/CVE-2009-1387.json b/CVE-2009/CVE-2009-13xx/CVE-2009-1387.json index eea2986e417..2cf0dcf0bc7 100644 --- a/CVE-2009/CVE-2009-13xx/CVE-2009-1387.json +++ b/CVE-2009/CVE-2009-13xx/CVE-2009-1387.json @@ -2,7 +2,7 @@ "id": "CVE-2009-1387", "sourceIdentifier": "secalert@redhat.com", "published": "2009-06-04T16:30:00.343", - "lastModified": "2022-02-02T15:15:45.317", + "lastModified": "2024-02-07T18:01:20.357", "vulnStatus": "Analyzed", "descriptions": [ { @@ -63,13 +63,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", - "versionEndIncluding": "0.9.8k", - "matchCriteriaId": "EB35F63F-7856-42EE-87A6-7EC7F10C2032" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", - "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B" + "versionStartIncluding": "0.9.8", + "versionEndExcluding": "0.9.8m", + "matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC" } ] } @@ -182,6 +178,55 @@ "Third Party Advisory" ] }, + { + "url": "http://secunia.com/advisories/35571", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35685", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35729", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/36533", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/37003", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38794", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/38834", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "source": "secalert@redhat.com", diff --git a/CVE-2019/CVE-2019-17xx/CVE-2019-1749.json b/CVE-2019/CVE-2019-17xx/CVE-2019-1749.json index 358af3bc812..613a3473289 100644 --- a/CVE-2019/CVE-2019-17xx/CVE-2019-1749.json +++ b/CVE-2019/CVE-2019-17xx/CVE-2019-1749.json @@ -2,8 +2,8 @@ "id": "CVE-2019-1749", "sourceIdentifier": "ykramarz@cisco.com", "published": "2019-03-28T00:29:00.717", - "lastModified": "2019-10-09T23:47:57.470", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:27:39.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -35,7 +35,9 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.0 - }, + } + ], + "cvssMetricV30": [ { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -112,11 +114,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:3.13.6as:*:*:*:*:*:*:*", diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1220.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1220.json index 76ec35eff56..bbe7e65b193 100644 --- a/CVE-2021/CVE-2021-12xx/CVE-2021-1220.json +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1220.json @@ -2,8 +2,8 @@ "id": "CVE-2021-1220", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-03-24T21:15:11.350", - "lastModified": "2023-11-07T03:27:44.170", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:28:13.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 1.4 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,8 +85,18 @@ }, "weaknesses": [ { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "ykramarz@cisco.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -102,11 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", diff --git a/CVE-2021/CVE-2021-346xx/CVE-2021-34699.json b/CVE-2021/CVE-2021-346xx/CVE-2021-34699.json index 898dcedbfb2..3b9e6fa65b3 100644 --- a/CVE-2021/CVE-2021-346xx/CVE-2021-34699.json +++ b/CVE-2021/CVE-2021-346xx/CVE-2021-34699.json @@ -2,8 +2,8 @@ "id": "CVE-2021-34699", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-09-23T03:15:16.647", - "lastModified": "2023-11-07T03:36:05.580", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:28:30.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 4.0 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,11 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.2\\(6\\)i1:*:*:*:*:*:*:*", diff --git a/CVE-2021/CVE-2021-347xx/CVE-2021-34705.json b/CVE-2021/CVE-2021-347xx/CVE-2021-34705.json index f87f618a91d..6d2e405aa8b 100644 --- a/CVE-2021/CVE-2021-347xx/CVE-2021-34705.json +++ b/CVE-2021/CVE-2021-347xx/CVE-2021-34705.json @@ -2,8 +2,8 @@ "id": "CVE-2021-34705", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-09-23T03:15:17.240", - "lastModified": "2023-11-07T03:36:07.373", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:29:23.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 1.4 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,11 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.3\\(7\\)xm:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20679.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20679.json index f9a77de3ad7..5e403d9a52d 100644 --- a/CVE-2022/CVE-2022-206xx/CVE-2022-20679.json +++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20679.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20679", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:12.513", - "lastModified": "2023-11-07T03:42:36.437", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:33:05.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 4.0 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,11 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20681.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20681.json index 59d4c76eafb..85b5403c054 100644 --- a/CVE-2022/CVE-2022-206xx/CVE-2022-20681.json +++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20681.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20681", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:12.567", - "lastModified": "2023-11-07T03:42:36.847", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:41:36.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,11 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20718.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20718.json index 24fc3530883..8e631a1ac94 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20718.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20718.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20718", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.163", - "lastModified": "2023-11-07T03:42:42.960", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:42:35.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,16 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20719.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20719.json index 5d8c6a754ae..5d7f3bf3b91 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20719.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20719.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20719", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.213", - "lastModified": "2023-11-07T03:42:43.150", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:42:54.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,16 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20720.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20720.json index bd213bb1d60..5940ebbc1ed 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20720.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20720.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20720", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.263", - "lastModified": "2023-11-07T03:42:43.390", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:43:55.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20721.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20721.json index 7b69dc540cc..15b7b57ba10 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20721.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20721.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20721", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.310", - "lastModified": "2023-11-07T03:42:43.640", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:45:16.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,16 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20722.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20722.json index 049df05c9db..2b04f97d3b6 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20722.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20722.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20722", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.360", - "lastModified": "2023-11-07T03:42:43.833", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:45:51.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,16 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20723.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20723.json index 1785a67093f..ced5cd93ca3 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20723.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20723.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20723", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.410", - "lastModified": "2023-11-07T03:42:44.050", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:46:14.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -112,16 +112,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json index 6dfdd381b8c..3b25d30dbe6 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3647", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-21T18:15:10.183", - "lastModified": "2024-02-06T10:15:08.497", - "vulnStatus": "Modified", + "lastModified": "2024-02-07T18:05:53.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -105,8 +105,15 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", - "versionEndExcluding": "2022-09-29", - "matchCriteriaId": "1A9E9EB4-7E92-4672-B9C7-35C22F5D6B50" + "versionEndExcluding": "6.2.8", + "matchCriteriaId": "3AB9C586-1F6D-4C22-8F85-034DBE4D0D9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.6", + "matchCriteriaId": "685E9820-B344-40FE-9379-60A2826EB459" } ] } @@ -125,14 +132,19 @@ }, { "url": "https://vuldb.com/?ctiid.211962", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.211962", "source": "cna@vuldb.com", "tags": [ - "Permissions Required", - "Third Party Advisory" + "Third Party Advisory", + "VDB Entry" ] } ] diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31002.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31002.json new file mode 100644 index 00000000000..5e3f4627bf5 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31002.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-31002", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:08.383", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7106586", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32328.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32328.json new file mode 100644 index 00000000000..f75c7987b3f --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32328.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32328", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:08.627", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7106586", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32330.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32330.json new file mode 100644 index 00000000000..b89cef11465 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32330.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-32330", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:08.847", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7106586", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38369.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38369.json new file mode 100644 index 00000000000..0e3175d612d --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38369.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38369", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:09.053", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261196", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7106586", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json index fe76af79c43..3cff5a6b258 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json @@ -2,12 +2,12 @@ "id": "CVE-2023-40547", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T16:15:07.717", - "lastModified": "2024-02-02T16:53:32.740", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-07T17:15:09.263", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise." + "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43017.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43017.json new file mode 100644 index 00000000000..59efd0ceb5c --- /dev/null +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43017.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43017", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:09.400", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7106586", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45734.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45734.json index 704acb43243..1babc3243c9 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45734.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45734.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45734", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:09.267", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:14:15.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json index 2e2223ad592..45bce2e3cf7 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json @@ -2,19 +2,84 @@ "id": "CVE-2023-47256", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T22:15:55.103", - "lastModified": "2024-02-01T22:39:14.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:15:07.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings" + }, + { + "lang": "es", + "value": "ConnectWise ScreenConnect hasta 23.8.4 permite a los usuarios locales conectarse a servidores de retransmisi\u00f3n arbitrarios mediante la confianza impl\u00edcita en la configuraci\u00f3n del proxy" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:connectwise:automate:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1EE4186A-BC6E-4E27-887C-D9C4FBBE5943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.8.5", + "matchCriteriaId": "2B3CC076-9C69-45B8-81E8-E671B6512719" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47561.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47561.json index 2b3722ac12c..ef498edb1df 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47561.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47561.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47561", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:51.763", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:51:35.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.2 ( 2023/12/15 ) and later\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Photo Station 6.4.2 (2023/12/15) y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "security@qnapsecurity.com.tw", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,44 @@ "value": "CWE-79" } ] + }, + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndExcluding": "6.4.2", + "matchCriteriaId": "37A0B3ED-724D-4BB0-8F7C-37595AC7B760" + } + ] + } + ] } ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-08", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47562.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47562.json index 370a312cc24..0bcea23953f 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47562.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47562.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47562", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:52.020", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:50:38.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.2 ( 2023/12/15 ) and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Photo Station 6.4.2 (2023/12/15) y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security@qnapsecurity.com.tw", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +84,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndExcluding": "6.4.2", + "matchCriteriaId": "37A0B3ED-724D-4BB0-8F7C-37595AC7B760" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-08", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json new file mode 100644 index 00000000000..b49f5f89d54 --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47700", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-07T17:15:09.677", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7114767", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49118.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49118.json index b9ec55e5cca..fe4424ca034 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49118.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49118.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49118", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:09.600", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:15:10.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51536.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51536.json index 191f42d04b8..57e4a4cdf01 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51536.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51536.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51536", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:09.810", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:38:06.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms \u2013 WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms \u2013 WordPress Form Builder: from n/a through 1.1.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CRM Perks Forms CRM Perks \u2013 WordPress Form Builder permite XSS almacenado. Este problema afecta a CRM Perks Forms \u2013 WordPress Form Builder: desde n/a hasta 1.1.2 ." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:crm_perks_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.2", + "matchCriteriaId": "C5D5E689-6F61-445E-A392-8BE852D44DE3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51540.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51540.json index 91be920505d..0bb4386dae7 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51540.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51540.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51540", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:10.020", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:05:59.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Kunal Nagar Custom 404 Pro permite XSS almacenado. Este problema afecta a Custom 404 Pro: desde n/a hasta 3.10.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kunalnagar:custom_404_pro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.10.0", + "matchCriteriaId": "92C9C52D-202B-459A-BE9F-6E01B16CAAC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51548.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51548.json index 8cb761aeb63..51933986348 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51548.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51548.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51548", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:10.243", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:06:15.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Neil Gee SlickNav Mobile Menu permite XSS almacenado. Este problema afecta al SlickNav Mobile Menu: desde n/a hasta 1.9.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpbeaches:slicknav_mobile_menu:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.9.2", + "matchCriteriaId": "C3A31167-72D7-4FAD-882F-36B416B77BCE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/slicknav-mobile-menu/wordpress-slicknav-mobile-menu-plugin-1-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51666.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51666.json index a3ad516b8a7..ea1f02d9151 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51666.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51666.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51666", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:10.440", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:06:35.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PickPlugins Related Post permite XSS almacenado. Este problema afecta a Related Post: desde n/a hasta 2.0.53." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pickplugins:related_post:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.53", + "matchCriteriaId": "242FD0CB-D34D-4BD8-833E-8B7E9FBBD22A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/related-post/wordpress-related-post-plugin-2-0-53-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51669.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51669.json index 1195045893a..27dc17893da 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51669.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51669.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51669", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:10.647", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:06:50.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.This issue affects Product Code for WooCommerce: from n/a through 1.4.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Artios Media Product Code para WooCommerce permite XSS almacenado. Este problema afecta a Product Code para WooCommerce: desde n/a hasta 1.4.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artiosmedia:product_code_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.4", + "matchCriteriaId": "6428A539-DAA7-4C06-8843-17B4BB1E8D6B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/product-code-for-woocommerce/wordpress-product-code-for-woocommerce-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51674.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51674.json index d6136df3b6d..9938f5f8be1 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51674.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51674.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51674", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:10.847", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:07:05.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More permite XSS almacenado. Este problema afecta a Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: desde n/a hasta 6.9.18." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.9.18", + "matchCriteriaId": "4758F9DD-4003-44D0-98D5-6A21D41DF485" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51677.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51677.json index faa67b0149c..4d12704b876 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51677.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51677.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51677", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:11.050", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:09:45.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Magazine3 Schema & Structured Data for WP & AMP permite XSS almacenado. Este problema afecta a Schema & Structured Data for WP & AMP: desde n/a hasta 1.23." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:structured-data-for-wp:download_schema_\\&_structured_data_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.23", + "matchCriteriaId": "B8E2987F-896B-4050-9D9D-FFACC81BBC1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-23-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0285.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0285.json index a230fd9590e..16d1d764d2f 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0285.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0285.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0285", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:09.980", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:16:33.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", + "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0685.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0685.json index 087bde63b0f..5f054c5cbc1 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0685.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0685.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0685", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-02T05:15:08.603", - "lastModified": "2024-02-02T13:36:37.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:41:00.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.1", + "matchCriteriaId": "0FC02DB1-16BC-4D60-9B8D-EC7200DCAC32" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json index a08f637e3dc..10ee7cf00ab 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1040", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-01T22:15:55.717", - "lastModified": "2024-02-01T22:39:14.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:11:40.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\nGessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.\n\n\n\n" + }, + { + "lang": "es", + "value": "La cuenta de usuario de Gessler GmbH WEB-MASTER se almacena mediante un algoritmo hash d\u00e9bil. El atacante puede restaurar las contrase\u00f1as rompiendo los hashes almacenados en el dispositivo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gesslergmbh:web-master_firmware:7.9:*:*:*:*:*:*:*", + "matchCriteriaId": "DD89F461-9389-4CBE-AC15-790CF72EAE11" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gesslergmbh:web-master:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DA32B59C-2591-443B-9AA1-E42B7A3B7BDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json new file mode 100644 index 00000000000..45dad27c7fc --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20252", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-02-07T17:15:09.913", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json new file mode 100644 index 00000000000..c97ec7b98af --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20254", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-02-07T17:15:10.130", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json new file mode 100644 index 00000000000..45d8f1de694 --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20255", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-02-07T17:15:10.327", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json new file mode 100644 index 00000000000..7f2d7b05c16 --- /dev/null +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20290", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-02-07T17:15:10.517", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-126" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json index 4ff57a059cf..c70014fdf46 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21764", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:54.767", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:15:22.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the\u00a0product uses hard-coded credentials, which may allow an attacker to connect to a specific port.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, el producto utiliza credenciales codificadas, lo que puede permitir que un atacante se conecte a un puerto espec\u00edfico." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json index b3c4165c009..9d8effbd5aa 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21794", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:54.953", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:15:44.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can redirect users to malicious pages through the login page.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, un atacante puede redirigir a los usuarios a p\u00e1ginas maliciosas a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21845.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21845.json index cc1e3527803..699a9bee0ca 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21845.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21845.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21845", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:10.633", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:23:06.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", + "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21851.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21851.json index f11f86e2afe..7276916b76e 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21851.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21851", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:11.070", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:15:48.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", + "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json index 62766ea571b..6ff11f26ee6 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21852", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-01T23:15:10.730", - "lastModified": "2024-02-02T01:58:03.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:15:05.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.\n" + }, + { + "lang": "es", + "value": "En las versiones de Rapid Software LLC's Rapid SCADA anteriores a la versi\u00f3n 5.8.4, un atacante puede proporcionar un archivo de configuraci\u00f3n malicioso utilizando una vulnerabilidad Zip Slip en la rutina de descompresi\u00f3n para lograr la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21860.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21860.json index 34835cd9309..378f0adbcd4 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21860.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21860.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21860", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:11.530", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:23:16.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", + "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21863.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21863.json index fc69793d8e1..7c594ed4174 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21863.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21863.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21863", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:12.067", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T18:23:11.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*", + "matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json index 2b95ede29e3..30cab4cd88c 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21866", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:55.143", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:27:52.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, el producto afectado responde con un mensaje de error que contiene datos confidenciales si recibe una solicitud espec\u00edfica con formato incorrecto." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json index 9ac91a98a10..0ae2937e9cf 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21869", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:55.340", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:29:50.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, el producto afectado almacena credenciales de texto plano en varios lugares. Esto puede permitir que un atacante con acceso local los vea." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json index 84c46867e40..3f981932aec 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22012", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-02-07T16:15:47.687", - "lastModified": "2024-02-07T16:15:47.687", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json index b9454891cc7..aea1b94277f 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22016", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:55.533", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:33:12.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, un usuario autorizado puede escribir directamente en el directorio Scada. Esto puede permitir una escalada de privilegios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json index a198fe5617b..51182a562b3 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22096", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-02T00:15:55.713", - "lastModified": "2024-02-02T01:57:57.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:33:26.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.\n" + }, + { + "lang": "es", + "value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, un atacante puede agregar caracteres de path traversal al nombre del archivo cuando usa un comando espec\u00edfico, lo que le permite leer archivos arbitrarios del sistema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.8.4", + "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091" + } + ] + } + ] + } + ], "references": [ { "url": "https://rapidscada.org/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json index 190e652fe26..7f3dc109721 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22899.json @@ -2,27 +2,95 @@ "id": "CVE-2024-22899", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.073", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-07T17:33:34.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n syncNtpTime." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2", + "matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://vinchin.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/29", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22900.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22900.json index 195b6277ba6..d6da8663aef 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22900.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22900.json @@ -2,27 +2,95 @@ "id": "CVE-2024-22900", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.127", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-07T17:34:40.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n setNetworkCardInfo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2", + "matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://vinchin.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/29", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22901.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22901.json index 3627ca174af..6762870f134 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22901.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22901.json @@ -2,27 +2,95 @@ "id": "CVE-2024-22901", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.177", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-07T17:37:28.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 utiliza credenciales MYSQL predeterminadas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2", + "matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://vinchin.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/30", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22902.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22902.json index c34863ca78b..4779e0a273a 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22902.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22902.json @@ -2,31 +2,102 @@ "id": "CVE-2024-22902", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.223", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-07T17:37:40.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 estaba configurado con credenciales ra\u00edz predeterminadas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2", + "matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://default.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://vinchin.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/31", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22903.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22903.json index a88bb4599de..84acc1520ad 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22903.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22903.json @@ -2,27 +2,95 @@ "id": "CVE-2024-22903", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T02:15:18.277", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-07T17:37:48.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n deleteUpdateAPK." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2", + "matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://vinchin.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/32", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23806.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23806.json new file mode 100644 index 00000000000..6a951be2ce8 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23806.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23806", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-07T17:15:10.713", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.hidglobal.com/support", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json index 40c7c085b6e..1c2c84d83b9 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json @@ -2,23 +2,86 @@ "id": "CVE-2024-24041", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T20:50:05.760", - "lastModified": "2024-02-01T21:30:44.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:14:41.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con c\u00f3digo fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de ubicaci\u00f3n en /travel-journal/write-journal .php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:travel_journal_using_php_and_mysql_with_source_code:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "299D5D6C-F058-4D56-8A07-ACDE449707D9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://portswigger.net/web-security/cross-site-scripting", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24130.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24130.json index 835747ca641..8e4c28a3fdb 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24130.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24130.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24130", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.720", - "lastModified": "2024-02-07T14:15:52.720", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24131.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24131.json index cdb6d8b236d..01e0103b01a 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24131.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24131.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24131", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.770", - "lastModified": "2024-02-07T14:15:52.770", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24133.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24133.json index 2364ad26255..05e2de9b8f0 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24133.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24133.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24133", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.820", - "lastModified": "2024-02-07T14:15:52.820", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24186.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24186.json index 6581c6cf870..846df01e05c 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24186.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24186", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.870", - "lastModified": "2024-02-07T14:15:52.870", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24188.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24188.json index 0c384137556..52b1b699258 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24188.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24188.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24188", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.917", - "lastModified": "2024-02-07T14:15:52.917", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json index 7e619997129..5bafdcf4d46 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24189", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.967", - "lastModified": "2024-02-07T14:15:52.967", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24563.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24563.json new file mode 100644 index 00000000000..bfa2374a46e --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24563.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24563", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-07T17:15:10.913", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.\n\nThere are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24571.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24571.json index 34a54a2af83..6b38d7e5afa 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24571.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24571.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24571", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-31T23:15:08.110", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:25:31.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation." + }, + { + "lang": "es", + "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. Para las versiones 4.5.0 y anteriores de la aplicaci\u00f3n web facileManager, descubrimos que XSS estaba presente en casi todos los campos de entrada porque no hab\u00eda suficiente validaci\u00f3n de entrada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.1", + "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24572.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24572.json index 36a5321d6cc..efb6d04c18d 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24572.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24572.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24572", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-31T23:15:08.337", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:34:10.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql\nvariable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable." + }, + { + "lang": "es", + "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. En las versiones 4.5.0 y anteriores, la matriz global $_REQUEST se llamaba de forma insegura dentro de una funci\u00f3n extract() en admin-logs.php. El archivo PHP fm-init.php evita la manipulaci\u00f3n arbitraria de $_SESSION a trav\u00e9s de los par\u00e1metros GET/POST. Sin embargo, no impide la manipulaci\u00f3n de otras variables sensibles como $search_sql. Sabiendo esto, un usuario autenticado con privilegios para ver los registros del sitio puede manipular la variable search_sql agregando un par\u00e1metro GET search_sql en la URL. La informaci\u00f3n anterior significa que las comprobaciones y los intentos de prevenci\u00f3n de inyecci\u00f3n SQL quedaron inutilizables." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.1", + "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24573.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24573.json index f4ef58b66ef..e5fe6fc8d7d 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24573.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24573.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24573", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-31T23:15:08.560", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:35:51.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges." + }, + { + "lang": "es", + "value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. En las versiones 4.5.0 y anteriores, cuando un usuario actualiza su perfil, se env\u00eda una solicitud POST que contiene informaci\u00f3n del usuario al servidor de endpoint /fm-modules/facileManager/ajax/processPost.php. Se descubri\u00f3 que los no administradores pueden establecer arbitrariamente sus permisos y otorgar a sus cuentas de no administrador privilegios de superusuario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.1", + "matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json new file mode 100644 index 00000000000..40f7973b19b --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24706", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-02-07T17:15:11.120", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24771.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24771.json index 00eac894d9e..9e9d32b7c99 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24771.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24771.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24771", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T15:15:08.283", - "lastModified": "2024-02-07T15:15:08.283", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24811.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24811.json index 06876cc4def..7b4d2d7663e 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24811.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24811.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24811", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T15:15:08.507", - "lastModified": "2024-02-07T15:15:08.507", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24812.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24812.json index d62b59552c7..80dc3e015ad 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24812.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24812.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24812", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T15:15:08.703", - "lastModified": "2024-02-07T15:15:08.703", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json index 6206f674aa2..d0e4e412e84 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24815", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T16:15:47.753", - "lastModified": "2024-02-07T16:15:47.753", - "vulnStatus": "Received", + "lastModified": "2024-02-07T18:15:54.003", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -52,7 +52,7 @@ "source": "security-advisories@github.com" }, { - "url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html)", + "url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html", "source": "security-advisories@github.com" }, { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24816.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24816.json new file mode 100644 index 00000000000..3307bb3d59c --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24816.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24816", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-07T17:15:11.383", + "lastModified": "2024-02-07T17:38:33.990", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://ckeditor.com/cke4/addon/preview", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json new file mode 100644 index 00000000000..3bfe301d5d5 --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24822", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-07T18:15:54.147", + "lastModified": "2024-02-07T18:16:22.930", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json new file mode 100644 index 00000000000..2fbdfe9cee3 --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24823", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-07T18:15:54.870", + "lastModified": "2024-02-07T18:16:22.930", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json new file mode 100644 index 00000000000..f129354eeb0 --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2024-24824", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-07T18:15:55.330", + "lastModified": "2024-02-07T18:16:22.930", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json index aa21487b69b..a70e4e0af6e 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json @@ -2,23 +2,86 @@ "id": "CVE-2024-24945", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T20:50:06.063", - "lastModified": "2024-02-01T21:30:44.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-07T17:14:48.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con c\u00f3digo fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Share Your Moments en /travel-journal/write -journal.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:travel_journal_using_php_and_mysql_with_source_code:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "299D5D6C-F058-4D56-8A07-ACDE449707D9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://portswigger.net/web-security/cross-site-scripting", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json index 1b7592d1e0c..194d45dacdc 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25143", "sourceIdentifier": "security@liferay.com", "published": "2024-02-07T15:15:08.907", - "lastModified": "2024-02-07T15:15:08.907", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json index 1aaa150eb77..962da902c33 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25145", "sourceIdentifier": "security@liferay.com", "published": "2024-02-07T15:15:09.097", - "lastModified": "2024-02-07T15:15:09.097", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json index b9244e21b36..96d73d5d4a9 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25200", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:53.013", - "lastModified": "2024-02-07T14:15:53.013", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json index 216a52ca692..e60e1680a35 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25201", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:53.060", - "lastModified": "2024-02-07T14:15:53.060", - "vulnStatus": "Received", + "lastModified": "2024-02-07T17:04:54.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 1e429d97ab4..774ecaee3f7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-07T17:00:54.586642+00:00 +2024-02-07T19:00:25.333795+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-07T16:39:47.010000+00:00 +2024-02-07T18:46:14.040000+00:00 ``` ### Last Data Feed Release @@ -29,32 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237882 +237891 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `17` -* [CVE-2024-24771](CVE-2024/CVE-2024-247xx/CVE-2024-24771.json) (`2024-02-07T15:15:08.283`) -* [CVE-2024-24811](CVE-2024/CVE-2024-248xx/CVE-2024-24811.json) (`2024-02-07T15:15:08.507`) -* [CVE-2024-24812](CVE-2024/CVE-2024-248xx/CVE-2024-24812.json) (`2024-02-07T15:15:08.703`) -* [CVE-2024-25143](CVE-2024/CVE-2024-251xx/CVE-2024-25143.json) (`2024-02-07T15:15:08.907`) -* [CVE-2024-25145](CVE-2024/CVE-2024-251xx/CVE-2024-25145.json) (`2024-02-07T15:15:09.097`) -* [CVE-2024-22012](CVE-2024/CVE-2024-220xx/CVE-2024-22012.json) (`2024-02-07T16:15:47.687`) -* [CVE-2024-24815](CVE-2024/CVE-2024-248xx/CVE-2024-24815.json) (`2024-02-07T16:15:47.753`) +* [CVE-2023-31002](CVE-2023/CVE-2023-310xx/CVE-2023-31002.json) (`2024-02-07T17:15:08.383`) +* [CVE-2023-32328](CVE-2023/CVE-2023-323xx/CVE-2023-32328.json) (`2024-02-07T17:15:08.627`) +* [CVE-2023-32330](CVE-2023/CVE-2023-323xx/CVE-2023-32330.json) (`2024-02-07T17:15:08.847`) +* [CVE-2023-38369](CVE-2023/CVE-2023-383xx/CVE-2023-38369.json) (`2024-02-07T17:15:09.053`) +* [CVE-2023-43017](CVE-2023/CVE-2023-430xx/CVE-2023-43017.json) (`2024-02-07T17:15:09.400`) +* [CVE-2023-47700](CVE-2023/CVE-2023-477xx/CVE-2023-47700.json) (`2024-02-07T17:15:09.677`) +* [CVE-2024-20252](CVE-2024/CVE-2024-202xx/CVE-2024-20252.json) (`2024-02-07T17:15:09.913`) +* [CVE-2024-20254](CVE-2024/CVE-2024-202xx/CVE-2024-20254.json) (`2024-02-07T17:15:10.130`) +* [CVE-2024-20255](CVE-2024/CVE-2024-202xx/CVE-2024-20255.json) (`2024-02-07T17:15:10.327`) +* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-07T17:15:10.517`) +* [CVE-2024-23806](CVE-2024/CVE-2024-238xx/CVE-2024-23806.json) (`2024-02-07T17:15:10.713`) +* [CVE-2024-24563](CVE-2024/CVE-2024-245xx/CVE-2024-24563.json) (`2024-02-07T17:15:10.913`) +* [CVE-2024-24706](CVE-2024/CVE-2024-247xx/CVE-2024-24706.json) (`2024-02-07T17:15:11.120`) +* [CVE-2024-24816](CVE-2024/CVE-2024-248xx/CVE-2024-24816.json) (`2024-02-07T17:15:11.383`) +* [CVE-2024-24822](CVE-2024/CVE-2024-248xx/CVE-2024-24822.json) (`2024-02-07T18:15:54.147`) +* [CVE-2024-24823](CVE-2024/CVE-2024-248xx/CVE-2024-24823.json) (`2024-02-07T18:15:54.870`) +* [CVE-2024-24824](CVE-2024/CVE-2024-248xx/CVE-2024-24824.json) (`2024-02-07T18:15:55.330`) ### CVEs modified in the last Commit -Recently modified CVEs: `6` +Recently modified CVEs: `70` -* [CVE-2023-31005](CVE-2023/CVE-2023-310xx/CVE-2023-31005.json) (`2024-02-07T16:04:27.170`) -* [CVE-2023-32327](CVE-2023/CVE-2023-323xx/CVE-2023-32327.json) (`2024-02-07T16:16:58.450`) -* [CVE-2023-7069](CVE-2023/CVE-2023-70xx/CVE-2023-7069.json) (`2024-02-07T16:28:40.250`) -* [CVE-2023-31006](CVE-2023/CVE-2023-310xx/CVE-2023-31006.json) (`2024-02-07T16:39:47.010`) -* [CVE-2024-23108](CVE-2024/CVE-2024-231xx/CVE-2024-23108.json) (`2024-02-07T15:02:00.203`) -* [CVE-2024-23109](CVE-2024/CVE-2024-231xx/CVE-2024-23109.json) (`2024-02-07T15:04:28.237`) +* [CVE-2024-1040](CVE-2024/CVE-2024-10xx/CVE-2024-1040.json) (`2024-02-07T17:11:40.623`) +* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-07T17:14:41.607`) +* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-07T17:14:48.630`) +* [CVE-2024-21852](CVE-2024/CVE-2024-218xx/CVE-2024-21852.json) (`2024-02-07T17:15:05.653`) +* [CVE-2024-21764](CVE-2024/CVE-2024-217xx/CVE-2024-21764.json) (`2024-02-07T17:15:22.520`) +* [CVE-2024-21794](CVE-2024/CVE-2024-217xx/CVE-2024-21794.json) (`2024-02-07T17:15:44.653`) +* [CVE-2024-24571](CVE-2024/CVE-2024-245xx/CVE-2024-24571.json) (`2024-02-07T17:25:31.677`) +* [CVE-2024-21866](CVE-2024/CVE-2024-218xx/CVE-2024-21866.json) (`2024-02-07T17:27:52.793`) +* [CVE-2024-21869](CVE-2024/CVE-2024-218xx/CVE-2024-21869.json) (`2024-02-07T17:29:50.927`) +* [CVE-2024-22016](CVE-2024/CVE-2024-220xx/CVE-2024-22016.json) (`2024-02-07T17:33:12.727`) +* [CVE-2024-22096](CVE-2024/CVE-2024-220xx/CVE-2024-22096.json) (`2024-02-07T17:33:26.800`) +* [CVE-2024-22899](CVE-2024/CVE-2024-228xx/CVE-2024-22899.json) (`2024-02-07T17:33:34.347`) +* [CVE-2024-24572](CVE-2024/CVE-2024-245xx/CVE-2024-24572.json) (`2024-02-07T17:34:10.943`) +* [CVE-2024-22900](CVE-2024/CVE-2024-229xx/CVE-2024-22900.json) (`2024-02-07T17:34:40.077`) +* [CVE-2024-24573](CVE-2024/CVE-2024-245xx/CVE-2024-24573.json) (`2024-02-07T17:35:51.680`) +* [CVE-2024-22901](CVE-2024/CVE-2024-229xx/CVE-2024-22901.json) (`2024-02-07T17:37:28.593`) +* [CVE-2024-22902](CVE-2024/CVE-2024-229xx/CVE-2024-22902.json) (`2024-02-07T17:37:40.617`) +* [CVE-2024-22903](CVE-2024/CVE-2024-229xx/CVE-2024-22903.json) (`2024-02-07T17:37:48.350`) +* [CVE-2024-0685](CVE-2024/CVE-2024-06xx/CVE-2024-0685.json) (`2024-02-07T17:41:00.460`) +* [CVE-2024-21851](CVE-2024/CVE-2024-218xx/CVE-2024-21851.json) (`2024-02-07T18:15:48.700`) +* [CVE-2024-24815](CVE-2024/CVE-2024-248xx/CVE-2024-24815.json) (`2024-02-07T18:15:54.003`) +* [CVE-2024-0285](CVE-2024/CVE-2024-02xx/CVE-2024-0285.json) (`2024-02-07T18:16:33.733`) +* [CVE-2024-21845](CVE-2024/CVE-2024-218xx/CVE-2024-21845.json) (`2024-02-07T18:23:06.690`) +* [CVE-2024-21863](CVE-2024/CVE-2024-218xx/CVE-2024-21863.json) (`2024-02-07T18:23:11.090`) +* [CVE-2024-21860](CVE-2024/CVE-2024-218xx/CVE-2024-21860.json) (`2024-02-07T18:23:16.470`) ## Download and Usage