From 29a206600a4ab5e0abab4f2d18255af26c53eee1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 22 Jan 2024 17:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-22T17:00:25.391830+00:00 --- CVE-2010/CVE-2010-100xx/CVE-2010-10011.json | 63 +++++++++++++-- CVE-2016/CVE-2016-200xx/CVE-2016-20021.json | 75 ++++++++++++++++-- CVE-2019/CVE-2019-98xx/CVE-2019-9879.json | 6 +- CVE-2019/CVE-2019-98xx/CVE-2019-9880.json | 6 +- CVE-2019/CVE-2019-98xx/CVE-2019-9881.json | 6 +- CVE-2020/CVE-2020-367xx/CVE-2020-36772.json | 32 ++++++++ CVE-2021/CVE-2021-38xx/CVE-2021-3826.json | 49 +++++++++--- CVE-2022/CVE-2022-49xx/CVE-2022-4962.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-443xx/CVE-2023-44395.json | 63 +++++++++++++++ CVE-2023/CVE-2023-483xx/CVE-2023-48383.json | 36 ++++++++- CVE-2023/CVE-2023-489xx/CVE-2023-48909.json | 69 ++++++++++++++-- CVE-2023/CVE-2023-511xx/CVE-2023-51123.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51764.json | 12 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52339.json | 82 +++++++++++++++++-- CVE-2023/CVE-2023-59xx/CVE-2023-5981.json | 6 +- CVE-2023/CVE-2023-60xx/CVE-2023-6040.json | 70 ++++++++++++++-- CVE-2023/CVE-2023-68xx/CVE-2023-6816.json | 6 +- CVE-2024/CVE-2024-04xx/CVE-2024-0408.json | 6 +- CVE-2024/CVE-2024-04xx/CVE-2024-0409.json | 6 +- CVE-2024/CVE-2024-04xx/CVE-2024-0454.json | 80 ++++++++++++++++++- CVE-2024/CVE-2024-05xx/CVE-2024-0522.json | 52 +++++++++++- CVE-2024/CVE-2024-05xx/CVE-2024-0523.json | 59 ++++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0706.json | 15 ++++ CVE-2024/CVE-2024-07xx/CVE-2024-0778.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-07xx/CVE-2024-0781.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-228xx/CVE-2024-22895.json | 20 +++++ README.md | 64 ++++++++------- 27 files changed, 1030 insertions(+), 111 deletions(-) create mode 100644 CVE-2020/CVE-2020-367xx/CVE-2020-36772.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44395.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0706.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0778.json create mode 100644 CVE-2024/CVE-2024-07xx/CVE-2024-0781.json create mode 100644 CVE-2024/CVE-2024-228xx/CVE-2024-22895.json diff --git a/CVE-2010/CVE-2010-100xx/CVE-2010-10011.json b/CVE-2010/CVE-2010-100xx/CVE-2010-10011.json index ab88e08e1a8..0636f05c629 100644 --- a/CVE-2010/CVE-2010-100xx/CVE-2010-10011.json +++ b/CVE-2010/CVE-2010-100xx/CVE-2010-10011.json @@ -2,16 +2,40 @@ "id": "CVE-2010-10011", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T20:15:46.833", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:41:48.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Acritum Femitter Server 1.04 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida es afectada. La manipulaci\u00f3n conduce a Path Traversal. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250446 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acritum:femitter_server:1.04:*:*:*:*:*:*:*", + "matchCriteriaId": "FCCC029C-D242-4FC3-9CFA-54CC0ADE4E4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.250446", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250446", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/15445", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json index 9fdf35212a0..84a6280915d 100644 --- a/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json +++ b/CVE-2016/CVE-2016-200xx/CVE-2016-20021.json @@ -2,8 +2,8 @@ "id": "CVE-2016-20021", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T03:15:08.410", - "lastModified": "2024-01-17T20:15:48.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:27:08.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "En Gentoo Portage anterior a 3.0.47, falta la validaci\u00f3n PGP del c\u00f3digo ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificaci\u00f3n de firma." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.47", + "matchCriteriaId": "81332CB9-672C-4676-8772-069B22C5C40F" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.gentoo.org/597800", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://gitweb.gentoo.org/proj/portage.git/tree/NEWS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.gentoo.org/wiki/Portage", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-98xx/CVE-2019-9879.json b/CVE-2019/CVE-2019-98xx/CVE-2019-9879.json index 8f5f81a7545..4725a8d1678 100644 --- a/CVE-2019/CVE-2019-98xx/CVE-2019-9879.json +++ b/CVE-2019/CVE-2019-98xx/CVE-2019-9879.json @@ -2,7 +2,7 @@ "id": "CVE-2019-9879", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-10T18:29:01.017", - "lastModified": "2019-06-11T16:27:02.677", + "lastModified": "2024-01-22T15:39:41.963", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", - "matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" + "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112" } ] } diff --git a/CVE-2019/CVE-2019-98xx/CVE-2019-9880.json b/CVE-2019/CVE-2019-98xx/CVE-2019-9880.json index 2a45ed264a8..c30e6aa71f9 100644 --- a/CVE-2019/CVE-2019-98xx/CVE-2019-9880.json +++ b/CVE-2019/CVE-2019-98xx/CVE-2019-9880.json @@ -2,7 +2,7 @@ "id": "CVE-2019-9880", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-10T18:29:01.143", - "lastModified": "2019-06-11T14:45:58.400", + "lastModified": "2024-01-22T15:39:41.963", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", - "matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" + "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112" } ] } diff --git a/CVE-2019/CVE-2019-98xx/CVE-2019-9881.json b/CVE-2019/CVE-2019-98xx/CVE-2019-9881.json index 9496a39df33..6244ef686a6 100644 --- a/CVE-2019/CVE-2019-98xx/CVE-2019-9881.json +++ b/CVE-2019/CVE-2019-98xx/CVE-2019-9881.json @@ -2,7 +2,7 @@ "id": "CVE-2019-9881", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-10T18:29:01.237", - "lastModified": "2019-06-11T17:27:38.563", + "lastModified": "2024-01-22T15:39:41.963", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", - "matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" + "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112" } ] } diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json new file mode 100644 index 00000000000..0f5ad0358b4 --- /dev/null +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2020-36772", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-22T15:15:07.883", + "lastModified": "2024-01-22T15:15:07.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-38xx/CVE-2021-3826.json b/CVE-2021/CVE-2021-38xx/CVE-2021-3826.json index b1449ee948f..d2c3633abe6 100644 --- a/CVE-2021/CVE-2021-38xx/CVE-2021-3826.json +++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3826.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3826", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-01T21:15:08.843", - "lastModified": "2023-02-12T23:42:49.497", - "vulnStatus": "Modified", + "lastModified": "2024-01-22T15:01:35.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 3.6 } ] @@ -105,7 +105,10 @@ "references": [ { "url": "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", @@ -118,23 +121,43 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json index 8ded01bf04e..a5397764fcd 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json @@ -2,16 +2,40 @@ "id": "CVE-2022-4962", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T22:15:44.877", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:32:21.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Apollo 2.0.0/2.0.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /users del componente Configuration Center es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una autorizaci\u00f3n inadecuada. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. VDB-250430 es el identificador asignado a esta vulnerabilidad. NOTA: El responsable del mantenimiento explica que la informaci\u00f3n de los datos del usuario, como el id, el nombre y el correo electr\u00f3nico, no es confidencial." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "2FEAB0BE-294C-4E3F-9FFB-3E841F14B82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "E813CA66-5F52-4F0F-9619-C75F13DAE339" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "20B2986B-2AA9-4186-A23A-D15DF70AC890" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apolloconfig/apollo/issues/4684", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250430", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250430", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json new file mode 100644 index 00000000000..592426282e0 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-44395", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-22T15:15:08.037", + "lastModified": "2024-01-22T15:15:08.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48383.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48383.json index 87678910b56..2e7688fd49b 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48383.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48383.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48383", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-01-15T03:15:07.773", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T15:26:02.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "twcert@cert.org.tw", "type": "Secondary", @@ -50,10 +60,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netvision:airpass:2.9.0.200703:*:*:*:*:*:*:*", + "matchCriteriaId": "933AFD61-5D84-415C-8EA2-D2B39A1FB81A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48909.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48909.json index b4841a9027e..1bd6a282708 100644 --- a/CVE-2023/CVE-2023-489xx/CVE-2023-48909.json +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48909", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T09:15:44.133", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:33:28.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Se descubri\u00f3 un problema en Jave2 versi\u00f3n 3.3.1 que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n FFmpeg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aarboard:jave2:3.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3B0DD09C-80D4-4FAF-BE9E-199D10B29740" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/Dollhouse-18/jave-core-Command-execution-vulnerability", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json index 61a78e6f1c5..d44153a261f 100644 --- a/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51123", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T22:15:50.823", - "lastModified": "2024-01-17T18:23:36.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-22T16:15:08.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -87,6 +87,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://github.com/WhereisRain/dir-815/blob/main/README.md", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json index 8848b12489a..2846543acb7 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json @@ -2,12 +2,12 @@ "id": "CVE-2023-51764", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T05:15:08.273", - "lastModified": "2024-01-18T03:15:58.667", + "lastModified": "2024-01-22T15:15:08.320", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9." + "value": "Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9." }, { "lang": "es", @@ -204,6 +204,14 @@ "Third Party Advisory" ] }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/01/22/1", + "source": "cve@mitre.org" + }, + { + "url": "https://www.postfix.org/announcements/postfix-3.8.5.html", + "source": "cve@mitre.org" + }, { "url": "https://www.postfix.org/smtp-smuggling.html", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52339.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52339.json index 94727cf8b43..3f21934cb92 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52339.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52339.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52339", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T02:15:44.637", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T15:48:15.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,91 @@ "value": "En libebml anterior a 1.4.5, puede ocurrir un desbordamiento de enteros en MemIOCallback.cpp al leer o escribir. Puede provocar desbordamientos de b\u00fafer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matroska:libebml:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.5", + "matchCriteriaId": "E313D822-BEBC-43B6-BDA3-8221A80B66C6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/Matroska-Org/libebml/issues/147", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/Matroska-Org/libebml/pull/148", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json index adfb5701d8c..d99669baeb8 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5981.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5981", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-28T12:15:07.040", - "lastModified": "2024-01-19T21:15:08.400", + "lastModified": "2024-01-22T15:15:08.450", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0155", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0319", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5981", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json index d0eb5ba0b41..af3ab4cf941 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6040.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6040", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-12T02:15:44.683", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:00:28.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -50,18 +80,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.17", + "matchCriteriaId": "C75006C6-1F2B-445B-A5DE-64343A1B0A48" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json index 30a1245b697..2d79ab765df 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6816", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T05:15:08.607", - "lastModified": "2024-01-22T03:15:07.800", + "lastModified": "2024-01-22T15:15:08.607", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -55,6 +55,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/18/1", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0320", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6816", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json index ac0ba842fa5..ab6eccccb60 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0408", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T16:15:08.380", - "lastModified": "2024-01-22T03:15:08.023", + "lastModified": "2024-01-22T15:15:08.710", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0320", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0408", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json index 05b06533ebe..d1c141ff197 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0409", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T16:15:08.593", - "lastModified": "2024-01-22T03:15:08.120", + "lastModified": "2024-01-22T15:15:08.803", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0320", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0409", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0454.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0454.json index 51865a7bf57..f14e10d5c45 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0454.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0454.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0454", "sourceIdentifier": "36106deb-8e95-420b-a0a0-e70af5d245df", "published": "2024-01-12T02:15:44.867", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T16:10:47.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + }, { "source": "36106deb-8e95-420b-a0a0-e70af5d245df", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "36106deb-8e95-420b-a0a0-e70af5d245df", "type": "Secondary", @@ -50,10 +80,54 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009:*:*:*:*:*:*:*", + "matchCriteriaId": "6D3B550F-D100-4116-AE9F-7F9F203F7B0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103:*:*:*:*:*:*:*", + "matchCriteriaId": "8BD8D8C7-1B4D-4452-8BC2-6D2B05939AC1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02144756-1716-40FF-884B-3E4DD9D2C0A3" + } + ] + } + ] + } + ], "references": [ + { + "url": "https://github.com/advisories/GHSA-w3jx-33qh-77f8", + "source": "nvd@nist.gov", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", - "source": "36106deb-8e95-420b-a0a0-e70af5d245df" + "source": "36106deb-8e95-420b-a0a0-e70af5d245df", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0522.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0522.json index c1512657c3e..ec173098f15 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0522.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0522.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0522", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-14T23:15:27.677", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T15:40:13.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:allegrosoft:rompager:4.01:*:*:*:*:*:*:*", + "matchCriteriaId": "B2231572-97E5-4513-9531-4083CEBB63CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.250692", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250692", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0523.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0523.json index 4200c9d511a..e0d03d9fde1 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0523.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0523.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0523", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-14T23:15:28.370", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T15:35:12.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.7.7.0", + "matchCriteriaId": "853D77C2-05D7-443C-963C-A8A0E9665BC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250693", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250693", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0706.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0706.json new file mode 100644 index 00000000000..159dde1401c --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0706.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-0706", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-22T15:15:08.897", + "lastModified": "2024-01-22T15:15:08.897", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ***REJECT*** This was a false positive report." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json new file mode 100644 index 00000000000..6d7c039fae4 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0778", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-22T16:15:08.320", + "lastModified": "2024-01-22T16:15:08.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 7.7 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 5.1, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251696", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251696", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json new file mode 100644 index 00000000000..4c0d14d07bd --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0781", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-22T16:15:08.577", + "lastModified": "2024-01-22T16:15:08.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251697", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251697", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json new file mode 100644 index 00000000000..b4cc9e2ea4f --- /dev/null +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22895", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-22T15:15:09.067", + "lastModified": "2024-01-22T15:15:09.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zzq66/cve5", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4de9a7d34d7..3969dc46f62 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-22T15:00:25.373801+00:00 +2024-01-22T17:00:25.391830+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-22T14:52:22.780000+00:00 +2024-01-22T16:41:48.287000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236498 +236504 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `6` -* [CVE-2020-36771](CVE-2020/CVE-2020-367xx/CVE-2020-36771.json) (`2024-01-22T14:15:07.530`) -* [CVE-2024-0775](CVE-2024/CVE-2024-07xx/CVE-2024-0775.json) (`2024-01-22T13:15:25.137`) -* [CVE-2024-22233](CVE-2024/CVE-2024-222xx/CVE-2024-22233.json) (`2024-01-22T13:15:25.453`) +* [CVE-2020-36772](CVE-2020/CVE-2020-367xx/CVE-2020-36772.json) (`2024-01-22T15:15:07.883`) +* [CVE-2023-44395](CVE-2023/CVE-2023-443xx/CVE-2023-44395.json) (`2024-01-22T15:15:08.037`) +* [CVE-2024-0706](CVE-2024/CVE-2024-07xx/CVE-2024-0706.json) (`2024-01-22T15:15:08.897`) +* [CVE-2024-22895](CVE-2024/CVE-2024-228xx/CVE-2024-22895.json) (`2024-01-22T15:15:09.067`) +* [CVE-2024-0778](CVE-2024/CVE-2024-07xx/CVE-2024-0778.json) (`2024-01-22T16:15:08.320`) +* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-01-22T16:15:08.577`) ### CVEs modified in the last Commit -Recently modified CVEs: `37` +Recently modified CVEs: `20` -* [CVE-2024-23744](CVE-2024/CVE-2024-237xx/CVE-2024-23744.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-0772](CVE-2024/CVE-2024-07xx/CVE-2024-0772.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-0773](CVE-2024/CVE-2024-07xx/CVE-2024-0773.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-0774](CVE-2024/CVE-2024-07xx/CVE-2024-0774.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-0776](CVE-2024/CVE-2024-07xx/CVE-2024-0776.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23751](CVE-2024/CVE-2024-237xx/CVE-2024-23751.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-22113](CVE-2024/CVE-2024-221xx/CVE-2024-22113.json) (`2024-01-22T14:01:09.553`) -* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-0521](CVE-2024/CVE-2024-05xx/CVE-2024-0521.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-23725](CVE-2024/CVE-2024-237xx/CVE-2024-23725.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-23726](CVE-2024/CVE-2024-237xx/CVE-2024-23726.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-0769](CVE-2024/CVE-2024-07xx/CVE-2024-0769.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-23730](CVE-2024/CVE-2024-237xx/CVE-2024-23730.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-23731](CVE-2024/CVE-2024-237xx/CVE-2024-23731.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-23732](CVE-2024/CVE-2024-237xx/CVE-2024-23732.json) (`2024-01-22T14:01:14.430`) -* [CVE-2024-21674](CVE-2024/CVE-2024-216xx/CVE-2024-21674.json) (`2024-01-22T14:49:15.167`) -* [CVE-2024-21673](CVE-2024/CVE-2024-216xx/CVE-2024-21673.json) (`2024-01-22T14:50:35.133`) -* [CVE-2024-21672](CVE-2024/CVE-2024-216xx/CVE-2024-21672.json) (`2024-01-22T14:51:42.907`) +* [CVE-2010-10011](CVE-2010/CVE-2010-100xx/CVE-2010-10011.json) (`2024-01-22T16:41:48.287`) +* [CVE-2016-20021](CVE-2016/CVE-2016-200xx/CVE-2016-20021.json) (`2024-01-22T16:27:08.217`) +* [CVE-2019-9879](CVE-2019/CVE-2019-98xx/CVE-2019-9879.json) (`2024-01-22T15:39:41.963`) +* [CVE-2019-9880](CVE-2019/CVE-2019-98xx/CVE-2019-9880.json) (`2024-01-22T15:39:41.963`) +* [CVE-2019-9881](CVE-2019/CVE-2019-98xx/CVE-2019-9881.json) (`2024-01-22T15:39:41.963`) +* [CVE-2021-3826](CVE-2021/CVE-2021-38xx/CVE-2021-3826.json) (`2024-01-22T15:01:35.150`) +* [CVE-2022-4962](CVE-2022/CVE-2022-49xx/CVE-2022-4962.json) (`2024-01-22T16:32:21.483`) +* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2024-01-22T15:15:08.320`) +* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-22T15:15:08.450`) +* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-22T15:15:08.607`) +* [CVE-2023-48383](CVE-2023/CVE-2023-483xx/CVE-2023-48383.json) (`2024-01-22T15:26:02.633`) +* [CVE-2023-52339](CVE-2023/CVE-2023-523xx/CVE-2023-52339.json) (`2024-01-22T15:48:15.170`) +* [CVE-2023-6040](CVE-2023/CVE-2023-60xx/CVE-2023-6040.json) (`2024-01-22T16:00:28.223`) +* [CVE-2023-51123](CVE-2023/CVE-2023-511xx/CVE-2023-51123.json) (`2024-01-22T16:15:08.230`) +* [CVE-2023-48909](CVE-2023/CVE-2023-489xx/CVE-2023-48909.json) (`2024-01-22T16:33:28.663`) +* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-22T15:15:08.710`) +* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-22T15:15:08.803`) +* [CVE-2024-0523](CVE-2024/CVE-2024-05xx/CVE-2024-0523.json) (`2024-01-22T15:35:12.367`) +* [CVE-2024-0522](CVE-2024/CVE-2024-05xx/CVE-2024-0522.json) (`2024-01-22T15:40:13.403`) +* [CVE-2024-0454](CVE-2024/CVE-2024-04xx/CVE-2024-0454.json) (`2024-01-22T16:10:47.897`) ## Download and Usage