admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-22T17:00:25.391830+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-22 17:00:29 +00:00
parent 7dbe474e1d
commit 29a206600a
27 changed files with 1030 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2010/CVE-2010-100xx/CVE-2010-10011.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2010-10011", "id": "CVE-2010-10011",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T20:15:46.833", "published": "2024-01-12T20:15:46.833",
"lastModified": "2024-01-14T21:42:17.123", "lastModified": "2024-01-22T16:41:48.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability." "value": "A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Acritum Femitter Server 1.04 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida es afectada. La manipulaci\u00f3n conduce a Path Traversal. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250446 es el identificador asignado a esta vulnerabilidad."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -71,18 +95,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acritum:femitter_server:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCC029C-D242-4FC3-9CFA-54CC0ADE4E4D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.250446", "url": "https://vuldb.com/?ctiid.250446",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.250446", "url": "https://vuldb.com/?id.250446",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.exploit-db.com/exploits/15445", "url": "https://www.exploit-db.com/exploits/15445",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

75
CVE-2016/CVE-2016-200xx/CVE-2016-20021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-20021", "id": "CVE-2016-20021",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T03:15:08.410", "published": "2024-01-12T03:15:08.410",
"lastModified": "2024-01-17T20:15:48.477", "lastModified": "2024-01-22T16:27:08.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,19 +14,82 @@
"value": "En Gentoo Portage anterior a 3.0.47, falta la validaci\u00f3n PGP del c\u00f3digo ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificaci\u00f3n de firma." "value": "En Gentoo Portage anterior a 3.0.47, falta la validaci\u00f3n PGP del c\u00f3digo ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificaci\u00f3n de firma."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.47",
"matchCriteriaId": "81332CB9-672C-4676-8772-069B22C5C40F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugs.gentoo.org/597800", "url": "https://bugs.gentoo.org/597800",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://gitweb.gentoo.org/proj/portage.git/tree/NEWS", "url": "https://gitweb.gentoo.org/proj/portage.git/tree/NEWS",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://wiki.gentoo.org/wiki/Portage", "url": "https://wiki.gentoo.org/wiki/Portage",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

6
CVE-2019/CVE-2019-98xx/CVE-2019-9879.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9879", "id": "CVE-2019-9879",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2019-06-10T18:29:01.017", "published": "2019-06-10T18:29:01.017",
"lastModified": "2019-06-11T16:27:02.677", "lastModified": "2024-01-22T15:39:41.963",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112"
} }
] ]
} }

6
CVE-2019/CVE-2019-98xx/CVE-2019-9880.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9880", "id": "CVE-2019-9880",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2019-06-10T18:29:01.143", "published": "2019-06-10T18:29:01.143",
"lastModified": "2019-06-11T14:45:58.400", "lastModified": "2024-01-22T15:39:41.963",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112"
} }
] ]
} }

6
CVE-2019/CVE-2019-98xx/CVE-2019-9881.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9881", "id": "CVE-2019-9881",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2019-06-10T18:29:01.237", "published": "2019-06-10T18:29:01.237",
"lastModified": "2019-06-11T17:27:38.563", "lastModified": "2024-01-22T15:39:41.963",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:wpgraphql:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*", "criteria": "cpe:2.3:a:wpengine:wpgraphql:0.2.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "083EF556-A0F0-45D0-B62A-AC3BF36B3FF2" "matchCriteriaId": "282B8AA9-C1E9-4FA0-A4EA-B786BEB7C112"
} }
] ]
} }

32
CVE-2020/CVE-2020-367xx/CVE-2020-36772.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-36772",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T15:15:07.883",
"lastModified": "2024-01-22T15:15:07.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100",
"source": "secalert@redhat.com"
}
]
}

49
CVE-2021/CVE-2021-38xx/CVE-2021-3826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3826", "id": "CVE-2021-3826",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2022-09-01T21:15:08.843", "published": "2022-09-01T21:15:08.843",
"lastModified": "2023-02-12T23:42:49.497", "lastModified": "2024-01-22T15:01:35.150",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -21,19 +21,19 @@
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "NONE", "privilegesRequired": "NONE",
"userInteraction": "NONE", "userInteraction": "REQUIRED",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"confidentialityImpact": "NONE", "confidentialityImpact": "NONE",
"integrityImpact": "NONE", "integrityImpact": "NONE",
"availabilityImpact": "HIGH", "availabilityImpact": "HIGH",
"baseScore": 7.5, "baseScore": 6.5,
"baseSeverity": "HIGH" "baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
} }
] ]
@ -105,7 +105,10 @@
"references": [ "references": [
{ {
"url": "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "url": "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "url": "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987",
@ -118,23 +121,43 @@
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2022/CVE-2022-49xx/CVE-2022-4962.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4962", "id": "CVE-2022-4962",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T22:15:44.877", "published": "2024-01-12T22:15:44.877",
"lastModified": "2024-01-14T21:42:17.123", "lastModified": "2024-01-22T16:32:21.483",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive." "value": "A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Apollo 2.0.0/2.0.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /users del componente Configuration Center es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una autorizaci\u00f3n inadecuada. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. VDB-250430 es el identificador asignado a esta vulnerabilidad. NOTA: El responsable del mantenimiento explica que la informaci\u00f3n de los datos del usuario, como el id, el nombre y el correo electr\u00f3nico, no es confidencial."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -71,18 +95,58 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2FEAB0BE-294C-4E3F-9FFB-3E841F14B82B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E813CA66-5F52-4F0F-9619-C75F13DAE339"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apolloconfig:apollo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20B2986B-2AA9-4186-A23A-D15DF70AC890"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/apolloconfig/apollo/issues/4684", "url": "https://github.com/apolloconfig/apollo/issues/4684",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.250430", "url": "https://vuldb.com/?ctiid.250430",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.250430", "url": "https://vuldb.com/?id.250430",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-443xx/CVE-2023-44395.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44395",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T15:15:08.037",
"lastModified": "2024-01-22T15:15:08.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx",
"source": "security-advisories@github.com"
},
{
"url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/",
"source": "security-advisories@github.com"
}
]
}

36
CVE-2023/CVE-2023-483xx/CVE-2023-48383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48383", "id": "CVE-2023-48383",
"sourceIdentifier": "twcert@cert.org.tw", "sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-01-15T03:15:07.773", "published": "2024-01-15T03:15:07.773",
"lastModified": "2024-01-16T13:56:05.467", "lastModified": "2024-01-22T15:26:02.633",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -39,6 +39,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "twcert@cert.org.tw", "source": "twcert@cert.org.tw",
"type": "Secondary", "type": "Secondary",
@ -50,10 +60,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netvision:airpass:2.9.0.200703:*:*:*:*:*:*:*",
"matchCriteriaId": "933AFD61-5D84-415C-8EA2-D2B39A1FB81A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html", "url": "https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html",
"source": "twcert@cert.org.tw" "source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-489xx/CVE-2023-48909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48909", "id": "CVE-2023-48909",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:44.133", "published": "2024-01-12T09:15:44.133",
"lastModified": "2024-01-12T13:47:31.250", "lastModified": "2024-01-22T16:33:28.663",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 un problema en Jave2 versi\u00f3n 3.3.1 que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n FFmpeg." "value": "Se descubri\u00f3 un problema en Jave2 versi\u00f3n 3.3.1 que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n FFmpeg."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aarboard:jave2:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0DD09C-80D4-4FAF-BE9E-199D10B29740"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf", "url": "https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/Dollhouse-18/jave-core-Command-execution-vulnerability", "url": "https://github.com/Dollhouse-18/jave-core-Command-execution-vulnerability",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

8
CVE-2023/CVE-2023-511xx/CVE-2023-51123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51123", "id": "CVE-2023-51123",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T22:15:50.823", "published": "2024-01-10T22:15:50.823",
"lastModified": "2024-01-17T18:23:36.637", "lastModified": "2024-01-22T16:15:08.230",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -87,6 +87,10 @@
"Exploit", "Exploit",
"Third Party Advisory" "Third Party Advisory"
] ]
},
{
"url": "https://github.com/WhereisRain/dir-815/blob/main/README.md",
"source": "cve@mitre.org"
} }
] ]
} }

12
CVE-2023/CVE-2023-517xx/CVE-2023-51764.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-51764", "id": "CVE-2023-51764",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T05:15:08.273", "published": "2023-12-24T05:15:08.273",
"lastModified": "2024-01-18T03:15:58.667", "lastModified": "2024-01-22T15:15:08.320",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9." "value": "Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9."
}, },
{ {
"lang": "es", "lang": "es",
@ -204,6 +204,14 @@
"Third Party Advisory" "Third Party Advisory"
] ]
}, },
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/22/1",
"source": "cve@mitre.org"
},
{
"url": "https://www.postfix.org/announcements/postfix-3.8.5.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.postfix.org/smtp-smuggling.html", "url": "https://www.postfix.org/smtp-smuggling.html",
"source": "cve@mitre.org", "source": "cve@mitre.org",

82
CVE-2023/CVE-2023-523xx/CVE-2023-52339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52339", "id": "CVE-2023-52339",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T02:15:44.637", "published": "2024-01-12T02:15:44.637",
"lastModified": "2024-01-12T13:47:31.250", "lastModified": "2024-01-22T15:48:15.170",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,23 +14,91 @@
"value": "En libebml anterior a 1.4.5, puede ocurrir un desbordamiento de enteros en MemIOCallback.cpp al leer o escribir. Puede provocar desbordamientos de b\u00fafer." "value": "En libebml anterior a 1.4.5, puede ocurrir un desbordamiento de enteros en MemIOCallback.cpp al leer o escribir. Puede provocar desbordamientos de b\u00fafer."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matroska:libebml:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.5",
"matchCriteriaId": "E313D822-BEBC-43B6-BDA3-8221A80B66C6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md", "url": "https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5", "url": "https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/Matroska-Org/libebml/issues/147", "url": "https://github.com/Matroska-Org/libebml/issues/147",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/Matroska-Org/libebml/pull/148", "url": "https://github.com/Matroska-Org/libebml/pull/148",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-59xx/CVE-2023-5981.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5981", "id": "CVE-2023-5981",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-28T12:15:07.040", "published": "2023-11-28T12:15:07.040",
"lastModified": "2024-01-19T21:15:08.400", "lastModified": "2024-01-22T15:15:08.450",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -146,6 +146,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0155", "url": "https://access.redhat.com/errata/RHSA-2024:0155",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0319",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-5981", "url": "https://access.redhat.com/security/cve/CVE-2023-5981",
"source": "secalert@redhat.com", "source": "secalert@redhat.com",

70
CVE-2023/CVE-2023-60xx/CVE-2023-6040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6040", "id": "CVE-2023-6040",
"sourceIdentifier": "security@ubuntu.com", "sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-12T02:15:44.683", "published": "2024-01-12T02:15:44.683",
"lastModified": "2024-01-12T13:47:31.250", "lastModified": "2024-01-22T16:00:28.223",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "security@ubuntu.com", "source": "security@ubuntu.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{ {
"source": "security@ubuntu.com", "source": "security@ubuntu.com",
"type": "Secondary", "type": "Secondary",
@ -50,18 +80,48 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.17",
"matchCriteriaId": "C75006C6-1F2B-445B-A5DE-64343A1B0A48"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1", "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1",
"source": "security@ubuntu.com" "source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040",
"source": "security@ubuntu.com" "source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.openwall.com/lists/oss-security/2024/01/12/1", "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1",
"source": "security@ubuntu.com" "source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6816", "id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607", "published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-22T03:15:07.800", "lastModified": "2024-01-22T15:15:08.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -55,6 +55,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/18/1", "url": "http://www.openwall.com/lists/oss-security/2024/01/18/1",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6816", "url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-04xx/CVE-2024-0408.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0408", "id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380", "published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-22T03:15:08.023", "lastModified": "2024-01-22T15:15:08.710",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -51,6 +51,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-0408", "url": "https://access.redhat.com/security/cve/CVE-2024-0408",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-04xx/CVE-2024-0409.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0409", "id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593", "published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-22T03:15:08.120", "lastModified": "2024-01-22T15:15:08.803",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -51,6 +51,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-0409", "url": "https://access.redhat.com/security/cve/CVE-2024-0409",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"

80
CVE-2024/CVE-2024-04xx/CVE-2024-0454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0454", "id": "CVE-2024-0454",
"sourceIdentifier": "36106deb-8e95-420b-a0a0-e70af5d245df", "sourceIdentifier": "36106deb-8e95-420b-a0a0-e70af5d245df",
"published": "2024-01-12T02:15:44.867", "published": "2024-01-12T02:15:44.867",
"lastModified": "2024-01-12T13:47:31.250", "lastModified": "2024-01-22T16:10:47.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{ {
"source": "36106deb-8e95-420b-a0a0-e70af5d245df", "source": "36106deb-8e95-420b-a0a0-e70af5d245df",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{ {
"source": "36106deb-8e95-420b-a0a0-e70af5d245df", "source": "36106deb-8e95-420b-a0a0-e70af5d245df",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,54 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3B550F-D100-4116-AE9F-7F9F203F7B0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD8D8C7-1B4D-4452-8BC2-6D2B05939AC1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02144756-1716-40FF-884B-3E4DD9D2C0A3"
}
]
}
]
}
],
"references": [ "references": [
{
"url": "https://github.com/advisories/GHSA-w3jx-33qh-77f8",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{ {
"url": "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", "url": "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy",
"source": "36106deb-8e95-420b-a0a0-e70af5d245df" "source": "36106deb-8e95-420b-a0a0-e70af5d245df",
"tags": [
"Not Applicable"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-05xx/CVE-2024-0522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0522", "id": "CVE-2024-0522",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-14T23:15:27.677", "published": "2024-01-14T23:15:27.677",
"lastModified": "2024-01-16T13:56:05.467", "lastModified": "2024-01-22T15:40:13.403",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -75,14 +95,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:allegrosoft:rompager:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B2231572-97E5-4513-9531-4083CEBB63CF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.250692", "url": "https://vuldb.com/?ctiid.250692",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.250692", "url": "https://vuldb.com/?id.250692",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2024/CVE-2024-05xx/CVE-2024-0523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0523", "id": "CVE-2024-0523",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-14T23:15:28.370", "published": "2024-01-14T23:15:28.370",
"lastModified": "2024-01-16T13:56:05.467", "lastModified": "2024-01-22T15:35:12.367",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -75,18 +95,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.7.7.0",
"matchCriteriaId": "853D77C2-05D7-443C-963C-A8A0E9665BC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", "url": "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.250693", "url": "https://vuldb.com/?ctiid.250693",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.250693", "url": "https://vuldb.com/?id.250693",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

15
CVE-2024/CVE-2024-07xx/CVE-2024-0706.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-0706",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-22T15:15:08.897",
"lastModified": "2024-01-22T15:15:08.897",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ***REJECT*** This was a false positive report."
}
],
"metrics": {},
"references": []
}

88
CVE-2024/CVE-2024-07xx/CVE-2024-0778.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0778",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T16:15:08.320",
"lastModified": "2024-01-22T16:15:08.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.251696",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.251696",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-07xx/CVE-2024-0781.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0781",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T16:15:08.577",
"lastModified": "2024-01-22T16:15:08.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv=\"refresh\" content=\"0; url=https://vuldb.com\" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.251697",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.251697",
"source": "cna@vuldb.com"
}
]
}

20
CVE-2024/CVE-2024-228xx/CVE-2024-22895.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22895",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T15:15:09.067",
"lastModified": "2024-01-22T15:15:09.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zzq66/cve5",
"source": "cve@mitre.org"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-01-22T15:00:25.373801+00:00 2024-01-22T17:00:25.391830+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-01-22T14:52:22.780000+00:00 2024-01-22T16:41:48.287000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,47 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
236498 236504
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `6`
* [CVE-2020-36771](CVE-2020/CVE-2020-367xx/CVE-2020-36771.json) (`2024-01-22T14:15:07.530`) * [CVE-2020-36772](CVE-2020/CVE-2020-367xx/CVE-2020-36772.json) (`2024-01-22T15:15:07.883`)
* [CVE-2024-0775](CVE-2024/CVE-2024-07xx/CVE-2024-0775.json) (`2024-01-22T13:15:25.137`) * [CVE-2023-44395](CVE-2023/CVE-2023-443xx/CVE-2023-44395.json) (`2024-01-22T15:15:08.037`)
* [CVE-2024-22233](CVE-2024/CVE-2024-222xx/CVE-2024-22233.json) (`2024-01-22T13:15:25.453`) * [CVE-2024-0706](CVE-2024/CVE-2024-07xx/CVE-2024-0706.json) (`2024-01-22T15:15:08.897`)
* [CVE-2024-22895](CVE-2024/CVE-2024-228xx/CVE-2024-22895.json) (`2024-01-22T15:15:09.067`)
* [CVE-2024-0778](CVE-2024/CVE-2024-07xx/CVE-2024-0778.json) (`2024-01-22T16:15:08.320`)
* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-01-22T16:15:08.577`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `37` Recently modified CVEs: `20`
* [CVE-2024-23744](CVE-2024/CVE-2024-237xx/CVE-2024-23744.json) (`2024-01-22T14:01:09.553`) * [CVE-2010-10011](CVE-2010/CVE-2010-100xx/CVE-2010-10011.json) (`2024-01-22T16:41:48.287`)
* [CVE-2024-0772](CVE-2024/CVE-2024-07xx/CVE-2024-0772.json) (`2024-01-22T14:01:09.553`) * [CVE-2016-20021](CVE-2016/CVE-2016-200xx/CVE-2016-20021.json) (`2024-01-22T16:27:08.217`)
* [CVE-2024-0773](CVE-2024/CVE-2024-07xx/CVE-2024-0773.json) (`2024-01-22T14:01:09.553`) * [CVE-2019-9879](CVE-2019/CVE-2019-98xx/CVE-2019-9879.json) (`2024-01-22T15:39:41.963`)
* [CVE-2024-0774](CVE-2024/CVE-2024-07xx/CVE-2024-0774.json) (`2024-01-22T14:01:09.553`) * [CVE-2019-9880](CVE-2019/CVE-2019-98xx/CVE-2019-9880.json) (`2024-01-22T15:39:41.963`)
* [CVE-2024-0776](CVE-2024/CVE-2024-07xx/CVE-2024-0776.json) (`2024-01-22T14:01:09.553`) * [CVE-2019-9881](CVE-2019/CVE-2019-98xx/CVE-2019-9881.json) (`2024-01-22T15:39:41.963`)
* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-22T14:01:09.553`) * [CVE-2021-3826](CVE-2021/CVE-2021-38xx/CVE-2021-3826.json) (`2024-01-22T15:01:35.150`)
* [CVE-2024-23751](CVE-2024/CVE-2024-237xx/CVE-2024-23751.json) (`2024-01-22T14:01:09.553`) * [CVE-2022-4962](CVE-2022/CVE-2022-49xx/CVE-2022-4962.json) (`2024-01-22T16:32:21.483`)
* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2024-01-22T15:15:08.320`)
* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-22T15:15:08.450`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-22T15:15:08.607`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-48383](CVE-2023/CVE-2023-483xx/CVE-2023-48383.json) (`2024-01-22T15:26:02.633`)
* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-52339](CVE-2023/CVE-2023-523xx/CVE-2023-52339.json) (`2024-01-22T15:48:15.170`)
* [CVE-2024-22113](CVE-2024/CVE-2024-221xx/CVE-2024-22113.json) (`2024-01-22T14:01:09.553`) * [CVE-2023-6040](CVE-2023/CVE-2023-60xx/CVE-2023-6040.json) (`2024-01-22T16:00:28.223`)
* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-22T14:01:14.430`) * [CVE-2023-51123](CVE-2023/CVE-2023-511xx/CVE-2023-51123.json) (`2024-01-22T16:15:08.230`)
* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-22T14:01:14.430`) * [CVE-2023-48909](CVE-2023/CVE-2023-489xx/CVE-2023-48909.json) (`2024-01-22T16:33:28.663`)
* [CVE-2024-0521](CVE-2024/CVE-2024-05xx/CVE-2024-0521.json) (`2024-01-22T14:01:14.430`) * [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-22T15:15:08.710`)
* [CVE-2024-23725](CVE-2024/CVE-2024-237xx/CVE-2024-23725.json) (`2024-01-22T14:01:14.430`) * [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-22T15:15:08.803`)
* [CVE-2024-23726](CVE-2024/CVE-2024-237xx/CVE-2024-23726.json) (`2024-01-22T14:01:14.430`) * [CVE-2024-0523](CVE-2024/CVE-2024-05xx/CVE-2024-0523.json) (`2024-01-22T15:35:12.367`)
* [CVE-2024-0769](CVE-2024/CVE-2024-07xx/CVE-2024-0769.json) (`2024-01-22T14:01:14.430`) * [CVE-2024-0522](CVE-2024/CVE-2024-05xx/CVE-2024-0522.json) (`2024-01-22T15:40:13.403`)
* [CVE-2024-23730](CVE-2024/CVE-2024-237xx/CVE-2024-23730.json) (`2024-01-22T14:01:14.430`) * [CVE-2024-0454](CVE-2024/CVE-2024-04xx/CVE-2024-0454.json) (`2024-01-22T16:10:47.897`)
* [CVE-2024-23731](CVE-2024/CVE-2024-237xx/CVE-2024-23731.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23732](CVE-2024/CVE-2024-237xx/CVE-2024-23732.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-21674](CVE-2024/CVE-2024-216xx/CVE-2024-21674.json) (`2024-01-22T14:49:15.167`)
* [CVE-2024-21673](CVE-2024/CVE-2024-216xx/CVE-2024-21673.json) (`2024-01-22T14:50:35.133`)
* [CVE-2024-21672](CVE-2024/CVE-2024-216xx/CVE-2024-21672.json) (`2024-01-22T14:51:42.907`)
## Download and Usage ## Download and Usage