admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-01T00:55:25.270538+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-01 00:55:28 +00:00
parent 45f8ea9865
commit 29ea2f60b2
20 changed files with 2219 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
CVE-2020/CVE-2020-126xx/CVE-2020-12659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-12659",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-05-05T07:15:11.057",
"lastModified": "2020-06-17T18:15:12.003",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T00:50:37.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -85,8 +85,103 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.18",
"versionEndExcluding": "4.19.118",
"matchCriteriaId": "A297BA06-0F48-41A8-86AE-C59682E062FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.35",
"matchCriteriaId": "D6EFF949-D686-4BFC-A1AC-AB04BFD2ABB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.6.7",
"matchCriteriaId": "CA9D4D7D-5B4C-4667-B39F-A3F8F692B75C"
"matchCriteriaId": "CA9191E1-E0BF-43FA-BE45-00A613F9B341"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
"matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
"matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
"matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*",
"matchCriteriaId": "78BE572F-45C1-467F-918F-FB1276F6B495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*",
"matchCriteriaId": "646FFC2B-6DC4-4BD8-AAE0-81895D397700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*",
"matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:*",
"matchCriteriaId": "804B2D7C-D890-4C4C-8A76-1760552E11BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276"
}
]
}
@ -96,7 +191,12 @@
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=207225",
@ -133,19 +233,31 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4387-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4388-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4389-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

35
CVE-2023/CVE-2023-35xx/CVE-2023-3550.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3550",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-25T16:15:14.347",
"lastModified": "2023-11-28T13:15:07.080",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-01T00:54:17.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -95,6 +95,26 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -108,11 +128,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5520",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mediawiki.org/wiki/MediaWiki/",

210
CVE-2023/CVE-2023-42xx/CVE-2023-4236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4236",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:12.313",
"lastModified": "2023-11-03T21:15:17.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-01T00:53:41.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -77,6 +77,186 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
}
],
"references": [
@ -97,23 +277,39 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0004/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5504",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-443xx/CVE-2023-44389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.360",
"lastModified": "2023-10-10T22:15:11.623",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T00:50:52.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. La propiedad title, disponible en la mayor\u00eda de los objetos Zope, se puede utilizar para almacenar c\u00f3digo de script que se ejecuta mientras se visualiza el objeto afectado en la Interfaz de Administraci\u00f3n de Zope (ZMI). Todas las versiones de Zope 4 y Zope 5 se ven afectadas. Los parches se lanzar\u00e1n con las versiones 4.8.11 y 5.8.6 de Zope"
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. La propiedad title, disponible en la mayor\u00eda de los objetos Zope, se puede utilizar para almacenar c\u00f3digo de script que se ejecuta mientras se visualiza el objeto afectado en Zope Management Interface (ZMI). Todas las versiones de Zope 4 y Zope 5 se ven afectadas. Los parches se lanzar\u00e1n con las versiones 4.8.11 y 5.8.6 de Zope."
}
],
"metrics": {

16
CVE-2023/CVE-2023-457xx/CVE-2023-45779.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45779",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.673",
"lastModified": "2024-01-31T00:15:45.653",
"lastModified": "2024-02-01T00:15:54.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below:\nhttps://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html\nhttps://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962"
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.\n"
},
{
"lang": "es",
@ -68,12 +68,24 @@
}
],
"references": [
{
"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962",
"source": "security@android.com"
},
{
"url": "https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-12-01",
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.fairphone.com/en/2024/01/30/security-update-apex-modules-vulnerability-fixed/",
"source": "security@android.com"
}
]
}

85
CVE-2023/CVE-2023-518xx/CVE-2023-51833.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-51833",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T22:15:07.737",
"lastModified": "2024-01-25T22:18:09.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:32:20.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page."
},
{
"lang": "es",
"value": "Un problema de inyecci\u00f3n de comandos en TRENDnet TEW-411BRPplus v.2.07_eu que permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro data1 en la p\u00e1gina debug.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tew-411brpplus_firmware:2.07_eu:*:*:*:*:*:*:*",
"matchCriteriaId": "EE34CE53-070B-4DDD-9AA2-217EAD91C253"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tew-411brpplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36B6DC8A-30CE-4BAF-AC2D-10F27A4AB3E4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://warp-desk-89d.notion.site/TEW-411BRPplus-9bafe26e48964be3be12eab47f77203d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.trendnet.com/support/support-detail.asp?prod=160_TEW-411BRPplus",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-522xx/CVE-2023-52251.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-52251",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:08.787",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:25:48.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages."
},
{
"lang": "es",
"value": "Un problema descubierto en provectus kafka-ui v0.4.0 a v0.7.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro q de /api/clusters/local/topics/{topic}/messages."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*",
"versionStartIncluding": "0.4.0",
"versionEndIncluding": "0.7.1",
"matchCriteriaId": "44D01432-0754-414C-ADDA-26CBE947BF97"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BobTheShoplifter/CVE-2023-52251-POC",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-53xx/CVE-2023-5391.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5391",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-10-04T19:15:10.777",
"lastModified": "2023-10-11T09:15:10.483",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T00:49:46.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "CWE-502: Existe una vulnerabilidad de deserializaci\u00f3n de datos que no son de confianza que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en el sistema objetivo enviando un paquete espec\u00edficamente manipulado a la aplicaci\u00f3n."
"value": "CWE-502: Existe una vulnerabilidad deserializaci\u00f3n de datos no confiables que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en el sistema objetivo enviando un paquete espec\u00edficamente manipulado a la aplicaci\u00f3n."
}
],
"metrics": {

61
CVE-2024/CVE-2024-08xx/CVE-2024-0886.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0886",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T22:15:07.797",
"lastModified": "2024-01-25T22:18:09.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:45:54.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Poikosoft EZ CD Audio Converter 8.0.7 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Activation Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Key conduce a la denegaci\u00f3n de servicio. Se requiere acceso local para abordar este ataque. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252037."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:poikosoft:ez_cd_audio_converter:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "40F0E5D1-2189-4C7D-ACE6-E947DD7C5432"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/09-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252037",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252037",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-08xx/CVE-2024-0887.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0887",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T22:15:08.067",
"lastModified": "2024-01-25T22:18:09.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:46:03.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Mafiatic Blue Server 1.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Connection Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252038 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mafiatic:blue_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32C099A5-C3E6-4573-81E8-47516D67F660"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/18-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252038",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252038",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

1065
CVE-2024/CVE-2024-216xx/CVE-2024-21619.json
View File

File diff suppressed because it is too large Load Diff

79
CVE-2024/CVE-2024-216xx/CVE-2024-21630.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21630",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-25T20:15:40.423",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:45:38.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. Una vulnerabilidad en la versi\u00f3n 8.0 es similar a CVE-2023-32677, pero se aplica a invitaciones de usos m\u00faltiples, no a enlaces de invitaci\u00f3n de un solo uso como en el CVE anterior. Espec\u00edficamente, se aplica cuando la instalaci\u00f3n ha configurado no administradores para poder invitar a usuarios y crear invitaciones de usos m\u00faltiples, y tambi\u00e9n ha configurado solo administradores para poder invitar a usuarios a transmisiones. Al igual que en CVE-2023-32677, esto no permite a los usuarios invitar a nuevos usuarios a transmisiones arbitrarias, solo a transmisiones que quien invita ya puede ver. La versi\u00f3n 8.1 soluciona este problema. Como workaround, los administradores pueden limitar el env\u00edo de invitaciones a los usuarios que tambi\u00e9n tienen permiso para agregar usuarios a las transmisiones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.9.0",
"versionEndExcluding": "6.2",
"matchCriteriaId": "5D9282FA-F4D4-4667-ADC6-6A3C7C83BB52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.1",
"matchCriteriaId": "85FB7719-4DA4-4E4A-B229-6827E35EEF32"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://zulip.com/help/configure-who-can-invite-to-streams",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

57
CVE-2024/CVE-2024-236xx/CVE-2024-23615.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23615",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.627",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:46:44.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -75,10 +105,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:symantec_messaging_gateway:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.5",
"matchCriteriaId": "63EC0CCF-6C74-4364-8AF4-0787CCB0BC05"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-236xx/CVE-2024-23655.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23655",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-25T20:15:40.913",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:26:33.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue."
},
{
"lang": "es",
"value": "Tuta es un servicio de correo electr\u00f3nico cifrado. A partir de la versi\u00f3n 3.118.12 y antes de la versi\u00f3n 3.119.10, un atacante puede enviar un correo electr\u00f3nico manipulado para que el usuario ya no pueda utilizar la aplicaci\u00f3n para acceder a los correos electr\u00f3nicos recibidos. Al enviar un correo electr\u00f3nico manipulado, un atacante podr\u00eda dejar la aplicaci\u00f3n en un estado inutilizable. En este caso, un usuario ya no puede acceder a los correos electr\u00f3nicos recibidos. Dado que la vulnerabilidad afecta no s\u00f3lo a la aplicaci\u00f3n, sino tambi\u00e9n a la aplicaci\u00f3n web, en este caso un usuario no tiene forma de acceder a los correos electr\u00f3nicos recibidos. Este problema se prob\u00f3 con iOS y la aplicaci\u00f3n web, pero es posible que todos los clientes se vean afectados. La versi\u00f3n 3.119.10 soluciona este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tuta:tutanota:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.118.12",
"versionEndExcluding": "3.119.10",
"matchCriteriaId": "1E6FEDEF-997F-497D-A060-318512F2EFFE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-236xx/CVE-2024-23656.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23656",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-25T20:15:41.107",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:26:14.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0."
},
{
"lang": "es",
"value": "Dex es un servicio de identidad que utiliza OpenID Connect para impulsar la autenticaci\u00f3n de otras aplicaciones. Dex 2.37.0 sirve HTTPS con TLS 1.0 y TLS 1.1 inseguros. La l\u00ednea 425 de `cmd/dex/serve.go` aparentemente establece TLS 1.2 como versi\u00f3n m\u00ednima, pero el `tlsConfig` completo se ignora despu\u00e9s de que se introdujo el `TLS cert reloader` en v2.37.0. Tampoco se respetan los conjuntos de cifrado configurados. Este problema se solucion\u00f3 en Dex 2.38.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,26 +84,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:dex:2.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFADC7B-A8BE-437B-B1A8-868ECD4ED5E9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dexidp/dex/issues/2848",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/dexidp/dex/pull/2964",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

63
CVE-2024/CVE-2024-238xx/CVE-2024-23817.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23817",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-25T20:15:41.313",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T23:25:58.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML."
},
{
"lang": "es",
"value": "Dolibarr es un paquete de software de planificaci\u00f3n de recursos empresariales (ERP) y gesti\u00f3n de relaciones con los clientes (CRM). La versi\u00f3n 18.0.4 tiene una vulnerabilidad de inyecci\u00f3n HTML en la p\u00e1gina Home de la aplicaci\u00f3n Dolibarr. Esta vulnerabilidad permite a un atacante inyectar etiquetas HTML arbitrarias y manipular el contenido representado en la respuesta de la aplicaci\u00f3n. Espec\u00edficamente, pude inyectar con \u00e9xito una nueva etiqueta HTML en el documento devuelto y, como resultado, pude comentar alguna parte del c\u00f3digo HTML de la p\u00e1gina de inicio de la aplicaci\u00f3n Dolibarr. Este comportamiento se puede aprovechar para realizar varios ataques como Cross-Site Scripting (XSS). Para solucionar el problema, valide y sanitice todas las entradas proporcionadas por el usuario, especialmente dentro de los atributos HTML, para evitar ataques de inyecci\u00f3n de HTML; e implementar una codificaci\u00f3n de salida adecuada al representar datos proporcionados por el usuario para garantizar que se traten como texto sin formato en lugar de HTML ejecutable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr:18.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4960A4EE-3EB0-4890-8D81-A43E10E74571"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24571.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24571",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.110",
"lastModified": "2024-01-31T23:15:08.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24572.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24572",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.337",
"lastModified": "2024-01-31T23:15:08.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql\nvariable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24573.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24573",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T23:15:08.560",
"lastModified": "2024-01-31T23:15:08.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf",
"source": "security-advisories@github.com"
}
]
}

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-31T23:00:24.362575+00:00
2024-02-01T00:55:25.270538+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-31T22:15:54.813000+00:00
2024-02-01T00:54:17.627000+00:00
```
### Last Data Feed Release
@ -29,35 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237253
237256
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `3`
* [CVE-2022-47072](CVE-2022/CVE-2022-470xx/CVE-2022-47072.json) (`2024-01-31T21:15:08.440`)
* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-01-31T21:15:08.500`)
* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-01-31T22:15:53.780`)
* [CVE-2024-23650](CVE-2024/CVE-2024-236xx/CVE-2024-23650.json) (`2024-01-31T22:15:53.990`)
* [CVE-2024-23651](CVE-2024/CVE-2024-236xx/CVE-2024-23651.json) (`2024-01-31T22:15:54.183`)
* [CVE-2024-23652](CVE-2024/CVE-2024-236xx/CVE-2024-23652.json) (`2024-01-31T22:15:54.377`)
* [CVE-2024-23653](CVE-2024/CVE-2024-236xx/CVE-2024-23653.json) (`2024-01-31T22:15:54.600`)
* [CVE-2024-24747](CVE-2024/CVE-2024-247xx/CVE-2024-24747.json) (`2024-01-31T22:15:54.813`)
* [CVE-2024-24571](CVE-2024/CVE-2024-245xx/CVE-2024-24571.json) (`2024-01-31T23:15:08.110`)
* [CVE-2024-24572](CVE-2024/CVE-2024-245xx/CVE-2024-24572.json) (`2024-01-31T23:15:08.337`)
* [CVE-2024-24573](CVE-2024/CVE-2024-245xx/CVE-2024-24573.json) (`2024-01-31T23:15:08.560`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `16`
* [CVE-2019-5736](CVE-2019/CVE-2019-57xx/CVE-2019-5736.json) (`2024-01-31T21:15:08.063`)
* [CVE-2023-33759](CVE-2023/CVE-2023-337xx/CVE-2023-33759.json) (`2024-01-31T21:04:13.810`)
* [CVE-2023-33760](CVE-2023/CVE-2023-337xx/CVE-2023-33760.json) (`2024-01-31T21:05:53.297`)
* [CVE-2024-23624](CVE-2024/CVE-2024-236xx/CVE-2024-23624.json) (`2024-01-31T21:02:32.867`)
* [CVE-2024-23618](CVE-2024/CVE-2024-236xx/CVE-2024-23618.json) (`2024-01-31T21:05:01.817`)
* [CVE-2024-23625](CVE-2024/CVE-2024-236xx/CVE-2024-23625.json) (`2024-01-31T21:06:08.260`)
* [CVE-2024-21336](CVE-2024/CVE-2024-213xx/CVE-2024-21336.json) (`2024-01-31T21:08:30.463`)
* [CVE-2024-23646](CVE-2024/CVE-2024-236xx/CVE-2024-23646.json) (`2024-01-31T21:10:54.027`)
* [CVE-2020-12659](CVE-2020/CVE-2020-126xx/CVE-2020-12659.json) (`2024-02-01T00:50:37.413`)
* [CVE-2023-52251](CVE-2023/CVE-2023-522xx/CVE-2023-52251.json) (`2024-01-31T23:25:48.163`)
* [CVE-2023-51833](CVE-2023/CVE-2023-518xx/CVE-2023-51833.json) (`2024-01-31T23:32:20.930`)
* [CVE-2023-45779](CVE-2023/CVE-2023-457xx/CVE-2023-45779.json) (`2024-02-01T00:15:54.673`)
* [CVE-2023-5391](CVE-2023/CVE-2023-53xx/CVE-2023-5391.json) (`2024-02-01T00:49:46.897`)
* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2024-02-01T00:50:52.917`)
* [CVE-2023-4236](CVE-2023/CVE-2023-42xx/CVE-2023-4236.json) (`2024-02-01T00:53:41.997`)
* [CVE-2023-3550](CVE-2023/CVE-2023-35xx/CVE-2023-3550.json) (`2024-02-01T00:54:17.627`)
* [CVE-2024-23817](CVE-2024/CVE-2024-238xx/CVE-2024-23817.json) (`2024-01-31T23:25:58.247`)
* [CVE-2024-23656](CVE-2024/CVE-2024-236xx/CVE-2024-23656.json) (`2024-01-31T23:26:14.650`)
* [CVE-2024-23655](CVE-2024/CVE-2024-236xx/CVE-2024-23655.json) (`2024-01-31T23:26:33.637`)
* [CVE-2024-21630](CVE-2024/CVE-2024-216xx/CVE-2024-21630.json) (`2024-01-31T23:45:38.600`)
* [CVE-2024-0886](CVE-2024/CVE-2024-08xx/CVE-2024-0886.json) (`2024-01-31T23:45:54.590`)
* [CVE-2024-0887](CVE-2024/CVE-2024-08xx/CVE-2024-0887.json) (`2024-01-31T23:46:03.647`)
* [CVE-2024-21619](CVE-2024/CVE-2024-216xx/CVE-2024-21619.json) (`2024-01-31T23:46:19.863`)
* [CVE-2024-23615](CVE-2024/CVE-2024-236xx/CVE-2024-23615.json) (`2024-01-31T23:46:44.913`)
## Download and Usage