admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-12T21:00:24.349070+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-12 21:00:28 +00:00
parent 42a11c64f0
commit 26de6b7870
35 changed files with 1884 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2015/CVE-2015-101xx/CVE-2015-10129.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2015-10129",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-04T05:15:49.087",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T19:02:51.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en planet-freo hasta 20150116 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo admin/inc/auth.inc.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento auth conduce a una comparaci\u00f3n incorrecta. El ataque puede lanzarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Este producto utiliza un lanzamiento continuo para proporcionar una entrega continua. Por lo tanto, no hay detalles disponibles para las versiones afectadas ni actualizadas. El nombre del parche es 6ad38c58a45642eb8c7844e2f272ef199f59550d. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-252716."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samwilson:planet-freo:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20150116",
"matchCriteriaId": "1738F10A-668C-4611-8E6C-CB940A628CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.252716",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252716",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

66
CVE-2019/CVE-2019-251xx/CVE-2019-25159.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2019-25159",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-04T06:15:07.383",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T19:52:18.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en mpedraza2020 Intranet del Monterroso hasta 4.50.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo config/cargos.php. La manipulaci\u00f3n del argumento dni_profe conduce a la inyecci\u00f3n sql. La actualizaci\u00f3n a la versi\u00f3n 4.51.0 puede solucionar este problema. El identificador del parche es 678190bee1dfd64b54a2b0e88abfd009e78adce8. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252717."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mpedraza2020:intranet_del_monterroso:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.51.0",
"matchCriteriaId": "4270450C-0892-4C8D-8068-868370F59ED9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mpedraza2020/IESMONTEROSOINTRANET/commit/678190bee1dfd64b54a2b0e88abfd009e78adce8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mpedraza2020/IESMONTEROSOINTRANET/releases/tag/v4.51.0",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.252717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

10
CVE-2021/CVE-2021-326xx/CVE-2021-32677.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-32677",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-06-09T18:15:08.553",
"lastModified": "2023-11-07T03:35:22.223",
"lastModified": "2024-02-12T20:04:02.160",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.2
},
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -104,9 +104,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fastapi_project:fastapi:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:tiangolo:fastapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.65.2",
"matchCriteriaId": "11BD9B21-4146-463D-B886-44EA2687B0EB"
"matchCriteriaId": "60506886-D0E8-4F9C-B900-D373A4435A4D"
}
]
}

96
CVE-2021/CVE-2021-44xx/CVE-2021-4437.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2021-4437",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-12T20:15:07.993",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://github.com/dbartholomae/lambda-middleware/commit/f689404d830cbc1edd6a1018d3334ff5f44dc6a6",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/dbartholomae/lambda-middleware/pull/57",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/dbartholomae/lambda-middleware/releases/tag/%40lambda-middleware%2Fframeguard_v1.1.0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.253406",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.253406",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2022/CVE-2022-225xx/CVE-2022-22506.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-22506",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T20:15:08.320",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227293",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6591237",
"source": "psirt@us.ibm.com"
}
]
}

63
CVE-2022/CVE-2022-343xx/CVE-2022-34309.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2022-34309",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T19:15:08.837",
"lastModified": "2024-02-12T20:39:15.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832814",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832918",
"source": "psirt@us.ibm.com"
}
]
}

4
CVE-2022/CVE-2022-343xx/CVE-2022-34310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34310",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T18:15:07.830",
"lastModified": "2024-02-12T18:15:07.830",
"vulnStatus": "Received",
"lastModified": "2024-02-12T20:39:15.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2022/CVE-2022-343xx/CVE-2022-34311.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2022-34311",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T19:15:09.080",
"lastModified": "2024-02-12T20:39:15.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229446",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832928",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832930",
"source": "psirt@us.ibm.com"
}
]
}

26
CVE-2022/CVE-2022-387xx/CVE-2022-38710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-38710",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-11-03T20:15:29.553",
"lastModified": "2022-11-04T15:13:50.270",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-12T19:15:09.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\""
"value": "\"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\"\n\n"
},
{
"lang": "es",
"value": "\"IBM Robotic Process Automation 21.0.1 y 21.0.2 podr\u00edan revelar informaci\u00f3n confidencial de la versi\u00f3n que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292\"."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -89,6 +103,10 @@
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6831681",
"source": "psirt@us.ibm.com",

4
CVE-2022/CVE-2022-387xx/CVE-2022-38714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38714",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T18:15:08.057",
"lastModified": "2024-02-12T18:15:08.057",
"vulnStatus": "Received",
"lastModified": "2024-02-12T20:39:15.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

84
CVE-2023/CVE-2023-338xx/CVE-2023-33851.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33851",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-04T01:15:24.490",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T19:54:23.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135."
},
{
"lang": "es",
"value": "IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1020.00 a FW1020.40 y FW1030.00 a FW1030.30 podr\u00edan revelar datos de partici\u00f3n confidenciales a un administrador del sistema. ID de IBM X-Force: 257135."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "fw950",
"versionEndIncluding": "fw950.90",
"matchCriteriaId": "717CF875-AC6F-492A-BE90-069609CB2EC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "fw1020.00",
"versionEndIncluding": "fw1020.40",
"matchCriteriaId": "26B415BA-DCB9-498A-BCC0-D7FC3A350675"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "fw1030.00",
"versionEndIncluding": "fw1030.30",
"matchCriteriaId": "DE8BD6E4-07CF-4555-A2BC-E7B7D2CC86FC"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257135",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7114491",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-340xx/CVE-2023-34042.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34042",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-05T22:15:55.210",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T20:45:24.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podr\u00eda escribirlo. Si bien no se conocen exploits, este es un ejemplo de \"CWE-732: Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos\" y podr\u00eda resultar en un exploit. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +58,68 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.4",
"versionEndExcluding": "5.8.7",
"matchCriteriaId": "C39570F8-3624-4CC5-AFC0-E45B060BDEAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.4",
"versionEndExcluding": "6.0.7",
"matchCriteriaId": "D26A2C2D-651A-4696-A7EF-36172BDA70FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.1",
"versionEndExcluding": "6.1.4",
"matchCriteriaId": "1AA03FA3-ACE0-4B22-B084-DEC834EB2F5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "61397AD3-0A8F-4B9A-9B66-E27CA64392A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:5.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F4313-761C-4A30-A891-156EFF583822"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34042",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-65xx/CVE-2023-6557.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6557",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:55.767",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T20:49:00.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts."
},
{
"lang": "es",
"value": "El complemento The Events Calendar para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 6.2.8.2 incluida, a trav\u00e9s de la funci\u00f3n de ruta conectada a wp_ajax_nopriv_tribe_dropdown. Esto hace posible que atacantes no autenticados extraigan datos potencialmente confidenciales, incluidos t\u00edtulos de publicaciones e ID de publicaciones pendientes, privadas y borradores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.2.8.2",
"matchCriteriaId": "FF63CBBA-6DC7-4A54-B391-C566E0C1A319"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-66xx/CVE-2023-6635.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6635",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:56.023",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T20:50:07.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento EditorsKit para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'import_styles' en versiones hasta la 1.40.3 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superior carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:extendify:editorskit:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.40.3",
"matchCriteriaId": "319C5290-1A80-43F1-BCB0-E5D12B2DE08F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/block-options/tags/1.40.3/includes/addons/styles-manager/rest-api/gutenberghub-styles-import-export-controller.php#L100",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3010794/block-options",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0164",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.473",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0165.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0165",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.700",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

43
CVE-2024/CVE-2024-01xx/CVE-2024-0166.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-0166",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.960",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0167.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0167",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.133",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0168.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0168",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.330",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0169.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0169",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.543",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-01xx/CVE-2024-0170.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0170",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.800",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

73
CVE-2024/CVE-2024-02xx/CVE-2024-0254.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0254",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:59.630",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T20:53:02.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento (Simply) Guest Author Name para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del metadato de publicaci\u00f3n del complemento en todas las versiones hasta la 4.34 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shooflysolutions:\\(simply\\)_guest_author_name:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.34",
"matchCriteriaId": "9BD921D8-7ED5-4B61-893F-809654E7222C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-12xx/CVE-2024-1215.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1215",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T16:16:00.710",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T19:32:08.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester CRUD sin Page Reload 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo fetch_data.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento nombre de usuario/ciudad conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252782 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crud_without_page_reload_project:crud_without_page_reload:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10A822D3-1AF3-41F2-B780-A3A43D6B9885"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252782",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252782",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22221.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22221",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.043",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22222.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22222",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.283",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22223.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22223",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.497",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22224.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22224",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.713",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22225.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22225",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.927",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22226.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22226",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.130",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22227.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22227",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.333",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22228.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22228",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.527",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22230.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22230",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.717",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

67
CVE-2024/CVE-2024-251xx/CVE-2024-25108.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-25108",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T20:15:08.590",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-280"
},
{
"lang": "en",
"value": "CWE-285"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-251xx/CVE-2024-25110.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25110",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T20:15:08.803",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v",
"source": "security-advisories@github.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-12T19:00:25.236536+00:00
2024-02-12T21:00:24.349070+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-12T18:57:56.580000+00:00
2024-02-12T20:53:02.440000+00:00
```
### Last Data Feed Release
@ -29,46 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238179
238201
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `22`
* [CVE-2022-34310](CVE-2022/CVE-2022-343xx/CVE-2022-34310.json) (`2024-02-12T18:15:07.830`)
* [CVE-2022-38714](CVE-2022/CVE-2022-387xx/CVE-2022-38714.json) (`2024-02-12T18:15:08.057`)
* [CVE-2021-4437](CVE-2021/CVE-2021-44xx/CVE-2021-4437.json) (`2024-02-12T20:15:07.993`)
* [CVE-2022-22506](CVE-2022/CVE-2022-225xx/CVE-2022-22506.json) (`2024-02-12T20:15:08.320`)
* [CVE-2022-34309](CVE-2022/CVE-2022-343xx/CVE-2022-34309.json) (`2024-02-12T19:15:08.837`)
* [CVE-2022-34311](CVE-2022/CVE-2022-343xx/CVE-2022-34311.json) (`2024-02-12T19:15:09.080`)
* [CVE-2024-0164](CVE-2024/CVE-2024-01xx/CVE-2024-0164.json) (`2024-02-12T19:15:09.473`)
* [CVE-2024-0165](CVE-2024/CVE-2024-01xx/CVE-2024-0165.json) (`2024-02-12T19:15:09.700`)
* [CVE-2024-0166](CVE-2024/CVE-2024-01xx/CVE-2024-0166.json) (`2024-02-12T19:15:09.960`)
* [CVE-2024-0167](CVE-2024/CVE-2024-01xx/CVE-2024-0167.json) (`2024-02-12T19:15:10.133`)
* [CVE-2024-0168](CVE-2024/CVE-2024-01xx/CVE-2024-0168.json) (`2024-02-12T19:15:10.330`)
* [CVE-2024-0169](CVE-2024/CVE-2024-01xx/CVE-2024-0169.json) (`2024-02-12T19:15:10.543`)
* [CVE-2024-0170](CVE-2024/CVE-2024-01xx/CVE-2024-0170.json) (`2024-02-12T19:15:10.800`)
* [CVE-2024-22221](CVE-2024/CVE-2024-222xx/CVE-2024-22221.json) (`2024-02-12T19:15:11.043`)
* [CVE-2024-22222](CVE-2024/CVE-2024-222xx/CVE-2024-22222.json) (`2024-02-12T19:15:11.283`)
* [CVE-2024-22223](CVE-2024/CVE-2024-222xx/CVE-2024-22223.json) (`2024-02-12T19:15:11.497`)
* [CVE-2024-22224](CVE-2024/CVE-2024-222xx/CVE-2024-22224.json) (`2024-02-12T19:15:11.713`)
* [CVE-2024-22225](CVE-2024/CVE-2024-222xx/CVE-2024-22225.json) (`2024-02-12T19:15:11.927`)
* [CVE-2024-22226](CVE-2024/CVE-2024-222xx/CVE-2024-22226.json) (`2024-02-12T19:15:12.130`)
* [CVE-2024-22227](CVE-2024/CVE-2024-222xx/CVE-2024-22227.json) (`2024-02-12T19:15:12.333`)
* [CVE-2024-22228](CVE-2024/CVE-2024-222xx/CVE-2024-22228.json) (`2024-02-12T19:15:12.527`)
* [CVE-2024-22230](CVE-2024/CVE-2024-222xx/CVE-2024-22230.json) (`2024-02-12T19:15:12.717`)
* [CVE-2024-25108](CVE-2024/CVE-2024-251xx/CVE-2024-25108.json) (`2024-02-12T20:15:08.590`)
* [CVE-2024-25110](CVE-2024/CVE-2024-251xx/CVE-2024-25110.json) (`2024-02-12T20:15:08.803`)
### CVEs modified in the last Commit
Recently modified CVEs: `31`
Recently modified CVEs: `12`
* [CVE-2023-6501](CVE-2023/CVE-2023-65xx/CVE-2023-6501.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-6591](CVE-2023/CVE-2023-65xx/CVE-2023-6591.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-7233](CVE-2023/CVE-2023-72xx/CVE-2023-7233.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-27318](CVE-2023/CVE-2023-273xx/CVE-2023-27318.json) (`2024-02-12T17:32:00.683`)
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-12T18:57:56.580`)
* [CVE-2024-0895](CVE-2024/CVE-2024-08xx/CVE-2024-0895.json) (`2024-02-12T17:03:38.533`)
* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-12T17:09:34.727`)
* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-12T17:15:08.140`)
* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-12T17:15:08.220`)
* [CVE-2024-23049](CVE-2024/CVE-2024-230xx/CVE-2024-23049.json) (`2024-02-12T17:17:31.967`)
* [CVE-2024-0248](CVE-2024/CVE-2024-02xx/CVE-2024-0248.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0250](CVE-2024/CVE-2024-02xx/CVE-2024-0250.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0420](CVE-2024/CVE-2024-04xx/CVE-2024-0420.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0421](CVE-2024/CVE-2024-04xx/CVE-2024-0421.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0566](CVE-2024/CVE-2024-05xx/CVE-2024-0566.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-25360](CVE-2024/CVE-2024-253xx/CVE-2024-25360.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-1199](CVE-2024/CVE-2024-11xx/CVE-2024-1199.json) (`2024-02-12T17:33:06.010`)
* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-12T17:33:30.703`)
* [CVE-2024-1195](CVE-2024/CVE-2024-11xx/CVE-2024-1195.json) (`2024-02-12T17:33:51.340`)
* [CVE-2024-1194](CVE-2024/CVE-2024-11xx/CVE-2024-1194.json) (`2024-02-12T17:34:23.970`)
* [CVE-2024-1200](CVE-2024/CVE-2024-12xx/CVE-2024-1200.json) (`2024-02-12T17:35:01.263`)
* [CVE-2024-24112](CVE-2024/CVE-2024-241xx/CVE-2024-24112.json) (`2024-02-12T17:36:55.950`)
* [CVE-2024-24482](CVE-2024/CVE-2024-244xx/CVE-2024-24482.json) (`2024-02-12T17:46:35.760`)
* [CVE-2024-22853](CVE-2024/CVE-2024-228xx/CVE-2024-22853.json) (`2024-02-12T17:50:31.950`)
* [CVE-2024-1064](CVE-2024/CVE-2024-10xx/CVE-2024-1064.json) (`2024-02-12T18:42:14.777`)
* [CVE-2015-10129](CVE-2015/CVE-2015-101xx/CVE-2015-10129.json) (`2024-02-12T19:02:51.977`)
* [CVE-2019-25159](CVE-2019/CVE-2019-251xx/CVE-2019-25159.json) (`2024-02-12T19:52:18.067`)
* [CVE-2021-32677](CVE-2021/CVE-2021-326xx/CVE-2021-32677.json) (`2024-02-12T20:04:02.160`)
* [CVE-2022-38710](CVE-2022/CVE-2022-387xx/CVE-2022-38710.json) (`2024-02-12T19:15:09.310`)
* [CVE-2022-34310](CVE-2022/CVE-2022-343xx/CVE-2022-34310.json) (`2024-02-12T20:39:15.693`)
* [CVE-2022-38714](CVE-2022/CVE-2022-387xx/CVE-2022-38714.json) (`2024-02-12T20:39:15.693`)
* [CVE-2023-33851](CVE-2023/CVE-2023-338xx/CVE-2023-33851.json) (`2024-02-12T19:54:23.117`)
* [CVE-2023-34042](CVE-2023/CVE-2023-340xx/CVE-2023-34042.json) (`2024-02-12T20:45:24.537`)
* [CVE-2023-6557](CVE-2023/CVE-2023-65xx/CVE-2023-6557.json) (`2024-02-12T20:49:00.610`)
* [CVE-2023-6635](CVE-2023/CVE-2023-66xx/CVE-2023-6635.json) (`2024-02-12T20:50:07.757`)
* [CVE-2024-1215](CVE-2024/CVE-2024-12xx/CVE-2024-1215.json) (`2024-02-12T19:32:08.490`)
* [CVE-2024-0254](CVE-2024/CVE-2024-02xx/CVE-2024-0254.json) (`2024-02-12T20:53:02.440`)
## Download and Usage