admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-07T19:00:25.333795+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-07 19:00:29 +00:00
parent 65b4291df5
commit 2120003296
88 changed files with 3668 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CVE-1999/CVE-1999-02xx/CVE-1999-0293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-1999-0293",
"sourceIdentifier": "cve@mitre.org",
"published": "1998-01-01T05:00:00.000",
"lastModified": "2022-08-17T08:15:08.960",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:06:16.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -58,8 +58,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"
"criteria": "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6230A85-30D2-4934-A8A0-11499B7B09F8"
}
]
}
@ -69,7 +69,10 @@
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0293",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
]
}
]
}

192
CVE-2009/CVE-2009-13xx/CVE-2009-1377.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1377",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-05-19T19:30:00.733",
"lastModified": "2022-02-02T15:07:05.827",
"lastModified": "2024-02-07T18:01:50.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,108 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.9.8",
"matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "93F99EA4-82F7-4B7E-9FBE-02556DB97DFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "69A90104-42EB-43CF-BD61-F3C614D6F6A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "35286BF4-5263-4E5C-86B8-9B878D420106"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0FEC4C2-BF28-44C1-9762-895DDC12BDE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4CB17026-5DDC-49C4-AE0A-95EF5A2B2EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*",
"matchCriteriaId": "8C498402-8162-437D-BBBA-A25696AD2308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*",
"matchCriteriaId": "38238ECD-0581-47A0-B65E-9AA63A6C3148"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*",
"matchCriteriaId": "02CD2C58-2AF1-4968-ADC7-07E42A042162"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806"
"versionStartIncluding": "0.9.8",
"versionEndExcluding": "0.9.8m",
"matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC"
}
]
}
@ -237,6 +138,91 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35128",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/35416",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35461",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35571",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35729",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/36533",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/37003",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38761",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38794",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38834",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/42724",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/42733",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml",
"source": "secalert@redhat.com",

197
CVE-2009/CVE-2009-13xx/CVE-2009-1378.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1378",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-05-19T19:30:00.750",
"lastModified": "2022-02-02T15:10:58.387",
"lastModified": "2024-02-07T18:02:49.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,98 +70,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.9.8",
"matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "93F99EA4-82F7-4B7E-9FBE-02556DB97DFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "69A90104-42EB-43CF-BD61-F3C614D6F6A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "35286BF4-5263-4E5C-86B8-9B878D420106"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0FEC4C2-BF28-44C1-9762-895DDC12BDE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4CB17026-5DDC-49C4-AE0A-95EF5A2B2EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*",
"matchCriteriaId": "8C498402-8162-437D-BBBA-A25696AD2308"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806"
"versionStartExcluding": "0.9.8",
"versionEndExcluding": "0.9.8m",
"matchCriteriaId": "5DC47E9C-E7B1-4EF7-AAEE-7D7746544D47"
}
]
}
@ -265,6 +176,102 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35128",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35416",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35461",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35571",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35729",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/36533",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/37003",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38761",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38794",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38834",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/42724",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/42733",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml",
"source": "secalert@redhat.com",
@ -298,7 +305,7 @@
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
"Not Applicable"
]
},
{
@ -375,6 +382,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Tool Signature"
]
},
@ -382,6 +390,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Tool Signature"
]
},

104
CVE-2009/CVE-2009-13xx/CVE-2009-1386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-1386",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-06-04T16:30:00.313",
"lastModified": "2023-02-13T02:20:11.013",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:03:30.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,53 +63,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.9.8",
"matchCriteriaId": "725D1BFE-7122-43F8-A9EC-E1737C7AD73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "4243FAD7-88F6-4B93-A734-4C2A2C8AC885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"
"versionStartExcluding": "0.9.8",
"versionEndExcluding": "0.9.8i",
"matchCriteriaId": "CD28B423-FF29-4983-9FBD-68641B1C142A"
}
]
}
@ -220,6 +176,53 @@
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/35571",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35685",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35729",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/36533",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38794",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38834",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2009/06/02/1",
"source": "secalert@redhat.com",
@ -239,6 +242,7 @@
"url": "http://www.securityfocus.com/bid/35174",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
@ -271,6 +275,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Tool Signature"
]
},
@ -278,6 +283,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Tool Signature"
]
},

61
CVE-2009/CVE-2009-13xx/CVE-2009-1387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1387",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-06-04T16:30:00.343",
"lastModified": "2022-02-02T15:15:45.317",
"lastModified": "2024-02-07T18:01:20.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -63,13 +63,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.8k",
"matchCriteriaId": "EB35F63F-7856-42EE-87A6-7EC7F10C2032"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B"
"versionStartIncluding": "0.9.8",
"versionEndExcluding": "0.9.8m",
"matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC"
}
]
}
@ -182,6 +178,55 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35571",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35685",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/35729",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/36533",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/37003",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38794",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/38834",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml",
"source": "secalert@redhat.com",

19
CVE-2019/CVE-2019-17xx/CVE-2019-1749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-1749",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2019-03-28T00:29:00.717",
"lastModified": "2019-10-09T23:47:57.470",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:27:39.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -35,7 +35,9 @@
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
},
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -112,11 +114,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.6as:*:*:*:*:*:*:*",

23
CVE-2021/CVE-2021-12xx/CVE-2021-1220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1220",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-03-24T21:15:11.350",
"lastModified": "2023-11-07T03:27:44.170",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:28:13.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 1.4
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -102,11 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*",

13
CVE-2021/CVE-2021-346xx/CVE-2021-34699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-34699",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-09-23T03:15:16.647",
"lastModified": "2023-11-07T03:36:05.580",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:28:30.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 4.0
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,11 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(6\\)i1:*:*:*:*:*:*:*",

13
CVE-2021/CVE-2021-347xx/CVE-2021-34705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-34705",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-09-23T03:15:17.240",
"lastModified": "2023-11-07T03:36:07.373",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:29:23.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 1.4
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,11 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:12.3\\(7\\)xm:*:*:*:*:*:*:*",

13
CVE-2022/CVE-2022-206xx/CVE-2022-20679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20679",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:12.513",
"lastModified": "2023-11-07T03:42:36.437",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:33:05.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 4.0
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,11 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*",

13
CVE-2022/CVE-2022-206xx/CVE-2022-20681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20681",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:12.567",
"lastModified": "2023-11-07T03:42:36.847",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:41:36.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,11 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",

18
CVE-2022/CVE-2022-207xx/CVE-2022-20718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20718",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.163",
"lastModified": "2023-11-07T03:42:42.960",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:42:35.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,16 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

18
CVE-2022/CVE-2022-207xx/CVE-2022-20719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20719",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.213",
"lastModified": "2023-11-07T03:42:43.150",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:42:54.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,16 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

8
CVE-2022/CVE-2022-207xx/CVE-2022-20720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20720",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.263",
"lastModified": "2023-11-07T03:42:43.390",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:43:55.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{

18
CVE-2022/CVE-2022-207xx/CVE-2022-20721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20721",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.310",
"lastModified": "2023-11-07T03:42:43.640",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:45:16.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,16 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

18
CVE-2022/CVE-2022-207xx/CVE-2022-20722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20722",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.360",
"lastModified": "2023-11-07T03:42:43.833",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:45:51.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,16 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

18
CVE-2022/CVE-2022-207xx/CVE-2022-20723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20723",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.410",
"lastModified": "2023-11-07T03:42:44.050",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:46:14.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -112,16 +112,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

26
CVE-2022/CVE-2022-36xx/CVE-2022-3647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3647",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-21T18:15:10.183",
"lastModified": "2024-02-06T10:15:08.497",
"vulnStatus": "Modified",
"lastModified": "2024-02-07T18:05:53.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -105,8 +105,15 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022-09-29",
"matchCriteriaId": "1A9E9EB4-7E92-4672-B9C7-35C22F5D6B50"
"versionEndExcluding": "6.2.8",
"matchCriteriaId": "3AB9C586-1F6D-4C22-8F85-034DBE4D0D9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.6",
"matchCriteriaId": "685E9820-B344-40FE-9379-60A2826EB459"
}
]
}
@ -125,14 +132,19 @@
},
{
"url": "https://vuldb.com/?ctiid.211962",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.211962",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
}
]

47
CVE-2023/CVE-2023-310xx/CVE-2023-31002.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-31002",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:08.383",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32328.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32328",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:08.627",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32330.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32330",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:08.847",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-383xx/CVE-2023-38369.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38369",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:09.053",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261196",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
}
]
}

6
CVE-2023/CVE-2023-405xx/CVE-2023-40547.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40547",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-25T16:15:07.717",
"lastModified": "2024-02-02T16:53:32.740",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-07T17:15:09.263",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise."
"value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."
},
{
"lang": "es",

59
CVE-2023/CVE-2023-430xx/CVE-2023-43017.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43017",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:09.400",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
}
]
}

58
CVE-2023/CVE-2023-457xx/CVE-2023-45734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45734",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.267",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:14:15.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-472xx/CVE-2023-47256.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2023-47256",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T22:15:55.103",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:15:07.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings"
},
{
"lang": "es",
"value": "ConnectWise ScreenConnect hasta 23.8.4 permite a los usuarios locales conectarse a servidores de retransmisi\u00f3n arbitrarios mediante la confianza impl\u00edcita en la configuraci\u00f3n del proxy"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectwise:automate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE4186A-BC6E-4E27-887C-D9C4FBBE5943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.8.5",
"matchCriteriaId": "2B3CC076-9C69-45B8-81E8-E671B6512719"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-475xx/CVE-2023-47561.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47561",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:51.763",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:51:35.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.2 ( 2023/12/15 ) and later\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Photo Station 6.4.2 (2023/12/15) y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,44 @@
"value": "CWE-79"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "37A0B3ED-724D-4BB0-8F7C-37595AC7B760"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-08",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-475xx/CVE-2023-47562.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47562",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:52.020",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:50:38.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.2 ( 2023/12/15 ) and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Photo Station 6.4.2 (2023/12/15) y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "37A0B3ED-724D-4BB0-8F7C-37595AC7B760"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-08",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-477xx/CVE-2023-47700.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47700",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:09.677",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7114767",
"source": "psirt@us.ibm.com"
}
]
}

58
CVE-2023/CVE-2023-491xx/CVE-2023-49118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49118",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.600",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:15:10.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-515xx/CVE-2023-51536.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51536",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:09.810",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:38:06.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms \u2013 WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms \u2013 WordPress Form Builder: from n/a through 1.1.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CRM Perks Forms CRM Perks \u2013 WordPress Form Builder permite XSS almacenado. Este problema afecta a CRM Perks Forms \u2013 WordPress Form Builder: desde n/a hasta 1.1.2 ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:crm_perks_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "C5D5E689-6F61-445E-A392-8BE852D44DE3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-515xx/CVE-2023-51540.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51540",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:10.020",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:05:59.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Kunal Nagar Custom 404 Pro permite XSS almacenado. Este problema afecta a Custom 404 Pro: desde n/a hasta 3.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kunalnagar:custom_404_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.10.0",
"matchCriteriaId": "92C9C52D-202B-459A-BE9F-6E01B16CAAC0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-515xx/CVE-2023-51548.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51548",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:10.243",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:06:15.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Neil Gee SlickNav Mobile Menu permite XSS almacenado. Este problema afecta al SlickNav Mobile Menu: desde n/a hasta 1.9.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpbeaches:slicknav_mobile_menu:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.2",
"matchCriteriaId": "C3A31167-72D7-4FAD-882F-36B416B77BCE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slicknav-mobile-menu/wordpress-slicknav-mobile-menu-plugin-1-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-516xx/CVE-2023-51666.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51666",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:10.440",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:06:35.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PickPlugins Related Post permite XSS almacenado. Este problema afecta a Related Post: desde n/a hasta 2.0.53."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pickplugins:related_post:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.53",
"matchCriteriaId": "242FD0CB-D34D-4BD8-833E-8B7E9FBBD22A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/related-post/wordpress-related-post-plugin-2-0-53-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-516xx/CVE-2023-51669.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51669",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:10.647",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:06:50.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.This issue affects Product Code for WooCommerce: from n/a through 1.4.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Artios Media Product Code para WooCommerce permite XSS almacenado. Este problema afecta a Product Code para WooCommerce: desde n/a hasta 1.4.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artiosmedia:product_code_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.4",
"matchCriteriaId": "6428A539-DAA7-4C06-8843-17B4BB1E8D6B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-code-for-woocommerce/wordpress-product-code-for-woocommerce-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-516xx/CVE-2023-51674.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51674",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:10.847",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:07:05.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More permite XSS almacenado. Este problema afecta a Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: desde n/a hasta 6.9.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.9.18",
"matchCriteriaId": "4758F9DD-4003-44D0-98D5-6A21D41DF485"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-516xx/CVE-2023-51677.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51677",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:11.050",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:09:45.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Magazine3 Schema & Structured Data for WP & AMP permite XSS almacenado. Este problema afecta a Schema & Structured Data for WP & AMP: desde n/a hasta 1.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:structured-data-for-wp:download_schema_\\&_structured_data_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.23",
"matchCriteriaId": "B8E2987F-896B-4050-9D9D-FFACC81BBC1A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-23-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-02xx/CVE-2024-0285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0285",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:09.980",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:16:33.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-06xx/CVE-2024-0685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0685",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T05:15:08.603",
"lastModified": "2024-02-02T13:36:37.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:41:00.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.1",
"matchCriteriaId": "0FC02DB1-16BC-4D60-9B8D-EC7200DCAC32"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-10xx/CVE-2024-1040.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1040",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T22:15:55.717",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:11:40.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nGessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.\n\n\n\n"
},
{
"lang": "es",
"value": "La cuenta de usuario de Gessler GmbH WEB-MASTER se almacena mediante un algoritmo hash d\u00e9bil. El atacante puede restaurar las contrase\u00f1as rompiendo los hashes almacenados en el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gesslergmbh:web-master_firmware:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD89F461-9389-4CBE-AC15-790CF72EAE11"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gesslergmbh:web-master:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA32B59C-2591-443B-9AA1-E42B7A3B7BDF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20252.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20252",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:09.913",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20254.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20254",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.130",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20255.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20255",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.327",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20290.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20290",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.517",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t",
"source": "ykramarz@cisco.com"
}
]
}

67
CVE-2024/CVE-2024-217xx/CVE-2024-21764.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21764",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:54.767",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:15:22.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the\u00a0product uses hard-coded credentials, which may allow an attacker to connect to a specific port.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, el producto utiliza credenciales codificadas, lo que puede permitir que un atacante se conecte a un puerto espec\u00edfico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

67
CVE-2024/CVE-2024-217xx/CVE-2024-21794.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21794",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:54.953",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:15:44.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can redirect users to malicious pages through the login page.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, un atacante puede redirigir a los usuarios a p\u00e1ginas maliciosas a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2024/CVE-2024-218xx/CVE-2024-21845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21845",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:10.633",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:23:06.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-218xx/CVE-2024-21851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21851",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:11.070",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:15:48.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-218xx/CVE-2024-21852.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21852",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T23:15:10.730",
"lastModified": "2024-02-02T01:58:03.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:15:05.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.\n"
},
{
"lang": "es",
"value": "En las versiones de Rapid Software LLC's Rapid SCADA anteriores a la versi\u00f3n 5.8.4, un atacante puede proporcionar un archivo de configuraci\u00f3n malicioso utilizando una vulnerabilidad Zip Slip en la rutina de descompresi\u00f3n para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2024/CVE-2024-218xx/CVE-2024-21860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21860",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:11.530",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:23:16.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-218xx/CVE-2024-21863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21863",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:12.067",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T18:23:11.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "030208B2-F752-47ED-93AF-1AA37942CE4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "2F954785-2115-4147-8BCA-B90BFDC3B943"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-218xx/CVE-2024-21866.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21866",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:55.143",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:27:52.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anteriores a la versi\u00f3n 5.8.4, el producto afectado responde con un mensaje de error que contiene datos confidenciales si recibe una solicitud espec\u00edfica con formato incorrecto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

67
CVE-2024/CVE-2024-218xx/CVE-2024-21869.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21869",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:55.340",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:29:50.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, el producto afectado almacena credenciales de texto plano en varios lugares. Esto puede permitir que un atacante con acceso local los vea."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2024/CVE-2024-220xx/CVE-2024-22012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22012",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-02-07T16:15:47.687",
"lastModified": "2024-02-07T16:15:47.687",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2024/CVE-2024-220xx/CVE-2024-22016.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22016",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:55.533",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:33:12.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, un usuario autorizado puede escribir directamente en el directorio Scada. Esto puede permitir una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

67
CVE-2024/CVE-2024-220xx/CVE-2024-22096.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22096",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-02T00:15:55.713",
"lastModified": "2024-02-02T01:57:57.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:33:26.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.\n"
},
{
"lang": "es",
"value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, un atacante puede agregar caracteres de path traversal al nombre del archivo cuando usa un comando espec\u00edfico, lo que le permite leer archivos arbitrarios del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.4",
"matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091"
}
]
}
]
}
],
"references": [
{
"url": "https://rapidscada.org/contact/",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

80
CVE-2024/CVE-2024-228xx/CVE-2024-22899.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2024-22899",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.073",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-07T17:33:34.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n syncNtpTime."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2",
"matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://vinchin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/29",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-229xx/CVE-2024-22900.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2024-22900",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.127",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-07T17:34:40.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n setNetworkCardInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2",
"matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://vinchin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/29",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-229xx/CVE-2024-22901.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2024-22901",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.177",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-07T17:37:28.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 utiliza credenciales MYSQL predeterminadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2",
"matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://vinchin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/30",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-229xx/CVE-2024-22902.json
View File

@ -2,31 +2,102 @@
"id": "CVE-2024-22902",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.223",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-07T17:37:40.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 estaba configurado con credenciales ra\u00edz predeterminadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2",
"matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://default.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://vinchin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/31",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-229xx/CVE-2024-22903.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2024-22903",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T02:15:18.277",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-07T17:37:48.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) autenticada a trav\u00e9s de la funci\u00f3n deleteUpdateAPK."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2",
"matchCriteriaId": "3891B5A9-CDD6-4BA5-A9E4-D320804835B2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://vinchin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/32",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23806.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23806",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-07T17:15:10.713",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.hidglobal.com/support",
"source": "ics-cert@hq.dhs.gov"
}
]
}

73
CVE-2024/CVE-2024-240xx/CVE-2024-24041.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2024-24041",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T20:50:05.760",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:14:41.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con c\u00f3digo fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de ubicaci\u00f3n en /travel-journal/write-journal .php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:travel_journal_using_php_and_mysql_with_source_code:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299D5D6C-F058-4D56-8A07-ACDE449707D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-241xx/CVE-2024-24130.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24130",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.720",
"lastModified": "2024-02-07T14:15:52.720",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-241xx/CVE-2024-24131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24131",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.770",
"lastModified": "2024-02-07T14:15:52.770",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-241xx/CVE-2024-24133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24133",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.820",
"lastModified": "2024-02-07T14:15:52.820",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-241xx/CVE-2024-24186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24186",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.870",
"lastModified": "2024-02-07T14:15:52.870",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-241xx/CVE-2024-24188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24188",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.917",
"lastModified": "2024-02-07T14:15:52.917",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-241xx/CVE-2024-24189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:52.967",
"lastModified": "2024-02-07T14:15:52.967",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2024/CVE-2024-245xx/CVE-2024-24563.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24563",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T17:15:10.913",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.\n\nThere are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2",
"source": "security-advisories@github.com"
}
]
}

57
CVE-2024/CVE-2024-245xx/CVE-2024-24571.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24571",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.110",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:25:31.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."
},
{
"lang": "es",
"value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. Para las versiones 4.5.0 y anteriores de la aplicaci\u00f3n web facileManager, descubrimos que XSS estaba presente en casi todos los campos de entrada porque no hab\u00eda suficiente validaci\u00f3n de entrada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.1",
"matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-245xx/CVE-2024-24572.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24572",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.337",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:34:10.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql\nvariable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable."
},
{
"lang": "es",
"value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. En las versiones 4.5.0 y anteriores, la matriz global $_REQUEST se llamaba de forma insegura dentro de una funci\u00f3n extract() en admin-logs.php. El archivo PHP fm-init.php evita la manipulaci\u00f3n arbitraria de $_SESSION a trav\u00e9s de los par\u00e1metros GET/POST. Sin embargo, no impide la manipulaci\u00f3n de otras variables sensibles como $search_sql. Sabiendo esto, un usuario autenticado con privilegios para ver los registros del sitio puede manipular la variable search_sql agregando un par\u00e1metro GET search_sql en la URL. La informaci\u00f3n anterior significa que las comprobaciones y los intentos de prevenci\u00f3n de inyecci\u00f3n SQL quedaron inutilizables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.1",
"matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-245xx/CVE-2024-24573.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24573",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.560",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:35:51.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges."
},
{
"lang": "es",
"value": "facileManager es un conjunto modular de aplicaciones web creadas pensando en el administrador del sistema. En las versiones 4.5.0 y anteriores, cuando un usuario actualiza su perfil, se env\u00eda una solicitud POST que contiene informaci\u00f3n del usuario al servidor de endpoint /fm-modules/facileManager/ajax/processPost.php. Se descubri\u00f3 que los no administradores pueden establecer arbitrariamente sus permisos y otorgar a sus cuentas de no administrador privilegios de superusuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facilemanager:facilemanager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.1",
"matchCriteriaId": "E0E110C6-3BD9-442C-9641-29531155410B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-247xx/CVE-2024-24706.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24706",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-07T17:15:11.120",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2024/CVE-2024-247xx/CVE-2024-24771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24771",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.283",
"lastModified": "2024-02-07T15:15:08.283",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-248xx/CVE-2024-24811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24811",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.507",
"lastModified": "2024-02-07T15:15:08.507",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-248xx/CVE-2024-24812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.703",
"lastModified": "2024-02-07T15:15:08.703",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2024/CVE-2024-248xx/CVE-2024-24815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T16:15:47.753",
"lastModified": "2024-02-07T16:15:47.753",
"vulnStatus": "Received",
"lastModified": "2024-02-07T18:15:54.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -52,7 +52,7 @@
"source": "security-advisories@github.com"
},
{
"url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html)",
"url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html",
"source": "security-advisories@github.com"
},
{

63
CVE-2024/CVE-2024-248xx/CVE-2024-24816.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24816",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T17:15:11.383",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://ckeditor.com/cke4/addon/preview",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-248xx/CVE-2024-24822.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:54.147",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-248xx/CVE-2024-24823.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:54.870",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2024/CVE-2024-248xx/CVE-2024-24824.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-24824",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:55.330",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj",
"source": "security-advisories@github.com"
}
]
}

73
CVE-2024/CVE-2024-249xx/CVE-2024-24945.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2024-24945",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T20:50:06.063",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-07T17:14:48.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en Travel Journal usando PHP y MySQL con c\u00f3digo fuente v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Share Your Moments en /travel-journal/write -journal.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:travel_journal_using_php_and_mysql_with_source_code:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299D5D6C-F058-4D56-8A07-ACDE449707D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-251xx/CVE-2024-25143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25143",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-07T15:15:08.907",
"lastModified": "2024-02-07T15:15:08.907",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-251xx/CVE-2024-25145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25145",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-07T15:15:09.097",
"lastModified": "2024-02-07T15:15:09.097",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-252xx/CVE-2024-25200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25200",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:53.013",
"lastModified": "2024-02-07T14:15:53.013",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-252xx/CVE-2024-25201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25201",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:53.060",
"lastModified": "2024-02-07T14:15:53.060",
"vulnStatus": "Received",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-07T17:00:54.586642+00:00
2024-02-07T19:00:25.333795+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-07T16:39:47.010000+00:00
2024-02-07T18:46:14.040000+00:00
```
### Last Data Feed Release
@ -29,32 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237882
237891
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `17`
* [CVE-2024-24771](CVE-2024/CVE-2024-247xx/CVE-2024-24771.json) (`2024-02-07T15:15:08.283`)
* [CVE-2024-24811](CVE-2024/CVE-2024-248xx/CVE-2024-24811.json) (`2024-02-07T15:15:08.507`)
* [CVE-2024-24812](CVE-2024/CVE-2024-248xx/CVE-2024-24812.json) (`2024-02-07T15:15:08.703`)
* [CVE-2024-25143](CVE-2024/CVE-2024-251xx/CVE-2024-25143.json) (`2024-02-07T15:15:08.907`)
* [CVE-2024-25145](CVE-2024/CVE-2024-251xx/CVE-2024-25145.json) (`2024-02-07T15:15:09.097`)
* [CVE-2024-22012](CVE-2024/CVE-2024-220xx/CVE-2024-22012.json) (`2024-02-07T16:15:47.687`)
* [CVE-2024-24815](CVE-2024/CVE-2024-248xx/CVE-2024-24815.json) (`2024-02-07T16:15:47.753`)
* [CVE-2023-31002](CVE-2023/CVE-2023-310xx/CVE-2023-31002.json) (`2024-02-07T17:15:08.383`)
* [CVE-2023-32328](CVE-2023/CVE-2023-323xx/CVE-2023-32328.json) (`2024-02-07T17:15:08.627`)
* [CVE-2023-32330](CVE-2023/CVE-2023-323xx/CVE-2023-32330.json) (`2024-02-07T17:15:08.847`)
* [CVE-2023-38369](CVE-2023/CVE-2023-383xx/CVE-2023-38369.json) (`2024-02-07T17:15:09.053`)
* [CVE-2023-43017](CVE-2023/CVE-2023-430xx/CVE-2023-43017.json) (`2024-02-07T17:15:09.400`)
* [CVE-2023-47700](CVE-2023/CVE-2023-477xx/CVE-2023-47700.json) (`2024-02-07T17:15:09.677`)
* [CVE-2024-20252](CVE-2024/CVE-2024-202xx/CVE-2024-20252.json) (`2024-02-07T17:15:09.913`)
* [CVE-2024-20254](CVE-2024/CVE-2024-202xx/CVE-2024-20254.json) (`2024-02-07T17:15:10.130`)
* [CVE-2024-20255](CVE-2024/CVE-2024-202xx/CVE-2024-20255.json) (`2024-02-07T17:15:10.327`)
* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-07T17:15:10.517`)
* [CVE-2024-23806](CVE-2024/CVE-2024-238xx/CVE-2024-23806.json) (`2024-02-07T17:15:10.713`)
* [CVE-2024-24563](CVE-2024/CVE-2024-245xx/CVE-2024-24563.json) (`2024-02-07T17:15:10.913`)
* [CVE-2024-24706](CVE-2024/CVE-2024-247xx/CVE-2024-24706.json) (`2024-02-07T17:15:11.120`)
* [CVE-2024-24816](CVE-2024/CVE-2024-248xx/CVE-2024-24816.json) (`2024-02-07T17:15:11.383`)
* [CVE-2024-24822](CVE-2024/CVE-2024-248xx/CVE-2024-24822.json) (`2024-02-07T18:15:54.147`)
* [CVE-2024-24823](CVE-2024/CVE-2024-248xx/CVE-2024-24823.json) (`2024-02-07T18:15:54.870`)
* [CVE-2024-24824](CVE-2024/CVE-2024-248xx/CVE-2024-24824.json) (`2024-02-07T18:15:55.330`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
Recently modified CVEs: `70`
* [CVE-2023-31005](CVE-2023/CVE-2023-310xx/CVE-2023-31005.json) (`2024-02-07T16:04:27.170`)
* [CVE-2023-32327](CVE-2023/CVE-2023-323xx/CVE-2023-32327.json) (`2024-02-07T16:16:58.450`)
* [CVE-2023-7069](CVE-2023/CVE-2023-70xx/CVE-2023-7069.json) (`2024-02-07T16:28:40.250`)
* [CVE-2023-31006](CVE-2023/CVE-2023-310xx/CVE-2023-31006.json) (`2024-02-07T16:39:47.010`)
* [CVE-2024-23108](CVE-2024/CVE-2024-231xx/CVE-2024-23108.json) (`2024-02-07T15:02:00.203`)
* [CVE-2024-23109](CVE-2024/CVE-2024-231xx/CVE-2024-23109.json) (`2024-02-07T15:04:28.237`)
* [CVE-2024-1040](CVE-2024/CVE-2024-10xx/CVE-2024-1040.json) (`2024-02-07T17:11:40.623`)
* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-07T17:14:41.607`)
* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-07T17:14:48.630`)
* [CVE-2024-21852](CVE-2024/CVE-2024-218xx/CVE-2024-21852.json) (`2024-02-07T17:15:05.653`)
* [CVE-2024-21764](CVE-2024/CVE-2024-217xx/CVE-2024-21764.json) (`2024-02-07T17:15:22.520`)
* [CVE-2024-21794](CVE-2024/CVE-2024-217xx/CVE-2024-21794.json) (`2024-02-07T17:15:44.653`)
* [CVE-2024-24571](CVE-2024/CVE-2024-245xx/CVE-2024-24571.json) (`2024-02-07T17:25:31.677`)
* [CVE-2024-21866](CVE-2024/CVE-2024-218xx/CVE-2024-21866.json) (`2024-02-07T17:27:52.793`)
* [CVE-2024-21869](CVE-2024/CVE-2024-218xx/CVE-2024-21869.json) (`2024-02-07T17:29:50.927`)
* [CVE-2024-22016](CVE-2024/CVE-2024-220xx/CVE-2024-22016.json) (`2024-02-07T17:33:12.727`)
* [CVE-2024-22096](CVE-2024/CVE-2024-220xx/CVE-2024-22096.json) (`2024-02-07T17:33:26.800`)
* [CVE-2024-22899](CVE-2024/CVE-2024-228xx/CVE-2024-22899.json) (`2024-02-07T17:33:34.347`)
* [CVE-2024-24572](CVE-2024/CVE-2024-245xx/CVE-2024-24572.json) (`2024-02-07T17:34:10.943`)
* [CVE-2024-22900](CVE-2024/CVE-2024-229xx/CVE-2024-22900.json) (`2024-02-07T17:34:40.077`)
* [CVE-2024-24573](CVE-2024/CVE-2024-245xx/CVE-2024-24573.json) (`2024-02-07T17:35:51.680`)
* [CVE-2024-22901](CVE-2024/CVE-2024-229xx/CVE-2024-22901.json) (`2024-02-07T17:37:28.593`)
* [CVE-2024-22902](CVE-2024/CVE-2024-229xx/CVE-2024-22902.json) (`2024-02-07T17:37:40.617`)
* [CVE-2024-22903](CVE-2024/CVE-2024-229xx/CVE-2024-22903.json) (`2024-02-07T17:37:48.350`)
* [CVE-2024-0685](CVE-2024/CVE-2024-06xx/CVE-2024-0685.json) (`2024-02-07T17:41:00.460`)
* [CVE-2024-21851](CVE-2024/CVE-2024-218xx/CVE-2024-21851.json) (`2024-02-07T18:15:48.700`)
* [CVE-2024-24815](CVE-2024/CVE-2024-248xx/CVE-2024-24815.json) (`2024-02-07T18:15:54.003`)
* [CVE-2024-0285](CVE-2024/CVE-2024-02xx/CVE-2024-0285.json) (`2024-02-07T18:16:33.733`)
* [CVE-2024-21845](CVE-2024/CVE-2024-218xx/CVE-2024-21845.json) (`2024-02-07T18:23:06.690`)
* [CVE-2024-21863](CVE-2024/CVE-2024-218xx/CVE-2024-21863.json) (`2024-02-07T18:23:11.090`)
* [CVE-2024-21860](CVE-2024/CVE-2024-218xx/CVE-2024-21860.json) (`2024-02-07T18:23:16.470`)
## Download and Usage