admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-11T17:00:25.976098+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-11 17:00:29 +00:00
parent 097fa0b89a
commit 321f859bca
72 changed files with 3805 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2018/CVE-2018-155xx/CVE-2018-15560.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-15560",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-08-20T00:29:00.697",
"lastModified": "2019-11-05T18:07:13.577",
"lastModified": "2024-01-11T15:28:55.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:pycryptodome:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:pycryptodome:pycryptodome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.6",
"matchCriteriaId": "3D0E0394-A1B7-41FB-9F51-DD9BF6334F99"
"matchCriteriaId": "661B020F-AF29-4CD5-9C6C-1FEF8745FC5E"
}
]
}

51
CVE-2022/CVE-2022-468xx/CVE-2022-46839.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-46839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T11:15:09.433",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:49:52.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin. Este problema afecta a JS Help Desk \u2013 Best Help Desk & Support Plugin: desde n/a hasta 2.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wiselyhub:js_help_desk:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.1",
"matchCriteriaId": "41DC3775-A3CF-4B46-8745-2AE6F4C58C67"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-205xx/CVE-2023-20573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20573",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-01-11T14:15:43.963",
"lastModified": "2024-01-11T14:15:43.963",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:22.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-343xx/CVE-2023-34325.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-34325",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:08.590",
"lastModified": "2024-01-05T18:23:44.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:57:22.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nlibfsimage contains parsing code for several filesystems, most of them based on\ngrub-legacy code. libfsimage is used by pygrub to inspect guest disks.\n\nPygrub runs as the same user as the toolstack (root in a priviledged domain).\n\nAt least one issue has been reported to the Xen Security Team that allows an\nattacker to trigger a stack buffer overflow in libfsimage. After further\nanalisys the Xen Security Team is no longer confident in the suitability of\nlibfsimage when run against guest controlled input with super user priviledges.\n\nIn order to not affect current deployments that rely on pygrub patches are\nprovided in the resolution section of the advisory that allow running pygrub in\ndeprivileged mode.\n\nCVE-2023-4949 refers to the original issue in the upstream grub\nproject (\"An attacker with local access to a system (either through a\ndisk or external drive) can present a modified XFS partition to\ngrub-legacy in such a way to exploit a memory corruption in grub\u2019s XFS\nfile system implementation.\") CVE-2023-34325 refers specifically to\nthe vulnerabilities in Xen's copy of libfsimage, which is decended\nfrom a very old version of grub.\n"
},
{
"lang": "es",
"value": "[Este registro de informaci\u00f3n de la CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] libfsimage contiene c\u00f3digo de an\u00e1lisis para varios sistemas de archivos, la mayor\u00eda de ellos basados en c\u00f3digo heredado de grub. Pygrub utiliza libfsimage para inspeccionar los discos invitados. Pygrub se ejecuta como el mismo usuario que la pila de herramientas (ra\u00edz en un dominio privilegiado). Se ha informado al equipo de seguridad de Xen al menos de un problema que permite a un atacante desencadenar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en libfsimage. Despu\u00e9s de m\u00e1s an\u00e1lisis, el equipo de seguridad de Xen ya no conf\u00eda en la idoneidad de libfsimage cuando se ejecuta contra entradas controladas por invitados con privilegios de superusuario. Para no afectar las implementaciones actuales que dependen de pygrub, en la secci\u00f3n de resoluci\u00f3n del aviso se proporcionan parches que permiten ejecutar pygrub en modo privado. CVE-2023-4949 se refiere al problema original en el proyecto grub anterior (\"Un atacante con acceso local a un sistema (ya sea a trav\u00e9s de un disco o una unidad externa) puede presentar una partici\u00f3n XFS modificada a grub-legacy de tal manera para explotar una corrupci\u00f3n de memoria en la implementaci\u00f3n del sistema de archivos XFS de grub\"). CVE-2023-34325 se refiere espec\u00edficamente a las vulnerabilidades en la copia de libfsimage de Xen, que desciende de una versi\u00f3n muy antigua de grub."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-443.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Patch"
]
}
]
}

67
CVE-2023/CVE-2023-343xx/CVE-2023-34326.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-34326",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:08.637",
"lastModified": "2024-01-05T18:23:40.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:57:03.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The caching invalidation guidelines from the AMD-Vi specification (48882\u2014Rev\n3.07-PUB\u2014Oct 2022) is incorrect on some hardware, as devices will malfunction\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\nTLB is not flushed.\n\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\nallowing access to unindented memory regions.\n"
},
{
"lang": "es",
"value": "Las pautas de invalidaci\u00f3n de almacenamiento en cach\u00e9 de la especificaci\u00f3n AMD-Vi (48882\u2014Rev 3.07-PUB\u2014octubre de 2022) son incorrectas en algunos hardware, ya que los dispositivos funcionar\u00e1n mal (consulte las asignaciones de DMA obsoletas) si algunos campos del DTE se actualizan pero el IOMMU TLB no est\u00e1 eliminado. Estas asignaciones de DMA obsoletas pueden apuntar a rangos de memoria que no pertenecen al hu\u00e9sped, lo que permite el acceso a regiones de memoria sin sangr\u00eda."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-442.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-343xx/CVE-2023-34327.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-34327",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:08.683",
"lastModified": "2024-01-05T18:23:40.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:56:46.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
},
{
"lang": "es",
"value": "[Este registro de informaci\u00f3n de la CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] Las CPU AMD desde ~2014 tienen extensiones a la funcionalidad de depuraci\u00f3n x86 normal. Xen admite invitados que utilizan estas extensiones. Desafortunadamente, hay errores en el manejo del estado invitado por parte de Xen, lo que lleva a denegaciones de servicio. 1) CVE-2023-34327: una vCPU HVM puede terminar funcionando en el contexto de un estado de m\u00e1scara de depuraci\u00f3n de vCPU anterior. 2) CVE-2023-34328: una vCPU PV puede colocar un punto de interrupci\u00f3n sobre la GDT en vivo. Esto permite que PV vCPU aproveche XSA-156/CVE-2015-8104 y bloquee la CPU por completo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"matchCriteriaId": "1EB1D53B-D24B-44D3-BB44-3734EF08801F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-343xx/CVE-2023-34328.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-34328",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:08.730",
"lastModified": "2024-01-05T18:23:40.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:56:17.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
},
{
"lang": "es",
"value": "[Este registro de informaci\u00f3n de la CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] Las CPU AMD desde ~2014 tienen extensiones a la funcionalidad de depuraci\u00f3n x86 normal. Xen admite invitados que utilizan estas extensiones. Desafortunadamente, hay errores en el manejo del estado invitado por parte de Xen, lo que lleva a denegaciones de servicio. 1) CVE-2023-34327: una vCPU HVM puede terminar funcionando en el contexto de un estado de m\u00e1scara de depuraci\u00f3n de vCPU anterior. 2) CVE-2023-34328: una vCPU PV puede colocar un punto de interrupci\u00f3n sobre la GDT en vivo. Esto permite que PV vCPU aproveche XSA-156/CVE-2015-8104 y bloquee la CPU por completo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndExcluding": "4.14.0",
"matchCriteriaId": "853DC15E-4B7F-40A1-8932-7FE496D93D82"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-417xx/CVE-2023-41782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41782",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-05T02:15:07.147",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:53:30.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23.30",
"matchCriteriaId": "07F5720E-BB8D-4E13-B24B-A5C61E435BDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-468xx/CVE-2023-46835.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-46835",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:11.147",
"lastModified": "2024-01-05T18:23:40.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:56:04.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The current setup of the quarantine page tables assumes that the\nquarantine domain (dom_io) has been initialized with an address width\nof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.\n\nHowever dom_io being a PV domain gets the AMD-Vi IOMMU page tables\nlevels based on the maximum (hot pluggable) RAM address, and hence on\nsystems with no RAM above the 512GB mark only 3 page-table levels are\nconfigured in the IOMMU.\n\nOn systems without RAM above the 512GB boundary\namd_iommu_quarantine_init() will setup page tables for the scratch\npage with 4 levels, while the IOMMU will be configured to use 3 levels\nonly, resulting in the last page table directory (PDE) effectively\nbecoming a page table entry (PTE), and hence a device in quarantine\nmode gaining write access to the page destined to be a PDE.\n\nDue to this page table level mismatch, the sink page the device gets\nread/write access to is no longer cleared between device assignment,\npossibly leading to data leaks.\n"
},
{
"lang": "es",
"value": "La configuraci\u00f3n actual de las tablas de p\u00e1ginas de cuarentena supone que el dominio de cuarentena (dom_io) se ha inicializado con un ancho de direcci\u00f3n de DEFAULT_DOMAIN_ADDRESS_WIDTH (48) y, por lo tanto, 4 niveles de tabla de p\u00e1ginas. Sin embargo, al ser dom_io un dominio PV, los niveles de tablas de p\u00e1ginas IOMMU AMD-Vi se basan en la direcci\u00f3n RAM m\u00e1xima (conectable en caliente) y, por lo tanto, en sistemas sin RAM por encima de la marca de 512 GB, solo se configuran 3 niveles de tablas de p\u00e1ginas en IOMMU. En sistemas sin RAM por encima del l\u00edmite de 512 GB, amd_iommu_quarantine_init() configurar\u00e1 tablas de p\u00e1ginas para la p\u00e1gina temporal con 4 niveles, mientras que IOMMU se configurar\u00e1 para usar solo 3 niveles, lo que dar\u00e1 como resultado que el \u00faltimo directorio de la tabla de p\u00e1ginas (PDE) se convierta efectivamente en una entrada de la tabla de p\u00e1ginas (PTE) y, por lo tanto, un dispositivo en modo de cuarentena obtiene acceso de escritura a la p\u00e1gina destinada a ser una PDE. Debido a esta discrepancia en el nivel de la tabla de p\u00e1ginas, la p\u00e1gina receptora a la que el dispositivo tiene acceso de lectura/escritura ya no se borra entre las asignaciones de dispositivos, lo que posiblemente provoque fugas de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-445.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-471xx/CVE-2023-47140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47140",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-08T03:15:13.283",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:58:30.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -38,14 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C357E81-5A3B-4583-A5CC-36B35054BB0D"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270259",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7105094",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7105094",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-471xx/CVE-2023-47145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47145",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-07T19:15:08.017",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:01:42.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -38,14 +58,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5",
"versionEndExcluding": "10.5.0.11",
"matchCriteriaId": "2E5A16E6-977D-4085-BACC-5508E460FC88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1",
"versionEndExcluding": "11.1.4.7",
"matchCriteriaId": "59C1181B-4576-4572-9162-A70BAB52FF9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5",
"versionEndExcluding": "11.5.8",
"matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7105500",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-501xx/CVE-2023-50159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50159",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.070",
"lastModified": "2024-01-11T14:15:44.070",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2023/CVE-2023-506xx/CVE-2023-50612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T03:15:43.990",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:02:43.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La vulnerabilidad de permisos inseguros en fit2cloud Cloud Explorer Lite versi\u00f3n 1.4.1 permite a atacantes locales escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de cuentas en la nube."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:cloudexplorer_lite:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A5AC77-6B76-41A9-8EFF-B5CA089313D4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-517xx/CVE-2023-51748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51748",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.123",
"lastModified": "2024-01-11T14:15:44.123",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51749",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.167",
"lastModified": "2024-01-11T14:15:44.167",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51750",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.230",
"lastModified": "2024-01-11T14:15:44.230",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.270",
"lastModified": "2024-01-11T14:15:44.270",
"vulnStatus": "Received",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-519xx/CVE-2023-51984.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51984",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.790",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-519xx/CVE-2023-51987.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51987",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.863",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-519xx/CVE-2023-51989.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51989",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.920",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-51xx/CVE-2023-5118.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5118",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-11T16:15:54.000",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content.\n\nReporters inform that the vulnerability has been removed in software versions above 11.1.x. Previous versions may also be vulnerable, but this has not been confirmed.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-5118/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-5118/",
"source": "cvd@cert.pl"
}
]
}

57
CVE-2023/CVE-2023-521xx/CVE-2023-52119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52119",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T10:15:12.743",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:19:22.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.18",
"matchCriteriaId": "2F8BDDD2-16F5-4793-81AE-9350346DAFC2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-521xx/CVE-2023-52120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52120",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T10:15:13.110",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:26:21.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.5.2",
"matchCriteriaId": "589F5473-00A7-4977-990D-6E00F36298A8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-521xx/CVE-2023-52121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52121",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T10:15:13.337",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:46:03.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nitropack:nitropack:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.10.2",
"matchCriteriaId": "5A08335D-82C5-4663-9430-F22829943E16"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-521xx/CVE-2023-52122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52122",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T10:15:13.683",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:48:19.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10.6",
"matchCriteriaId": "CA1281C6-658E-4128-A934-07F6B9FDE748"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-521xx/CVE-2023-52129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52129",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T09:15:09.443",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:14:33.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mtrv:teachpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.0.4",
"matchCriteriaId": "A3B29ED8-419F-459E-A653-EBAA284C6B73"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-521xx/CVE-2023-52130.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52130",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T09:15:09.657",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:15:15.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpaffiliatemanager:affiliates_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.31",
"matchCriteriaId": "70D5EAEE-DB37-4B95-AB71-E1546541A8D5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-521xx/CVE-2023-52136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52136",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T09:15:09.883",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:28:43.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smashballoon:custom_twitter_feeds:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.2",
"matchCriteriaId": "2DDB26C1-8A4E-493D-A938-2C59108097A4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-tweets-widget-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-521xx/CVE-2023-52143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52143",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T11:15:10.103",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:04:19.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:noorsplugin:wp_stripe_checkout:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.2.37",
"matchCriteriaId": "45F4CC7A-2A45-4331-9AA8-DA95A735E9A1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-stripe-checkout/wordpress-wp-stripe-checkout-plugin-1-2-2-37-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-521xx/CVE-2023-52146.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52146",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T11:15:10.650",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:03:09.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Aaron J 404 Solution. Este problema afecta a 404 Solution: desde n/a hasta 2.33.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.33.0",
"matchCriteriaId": "3041EFFB-8B96-40AF-9E2A-799F980B92CA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-62xx/CVE-2023-6242.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-6242",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T15:15:08.040",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://docs.myeventon.com/documentations/eventon-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3017578/eventon-lite/trunk/includes/admin/class-admin-ajax.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2023/CVE-2023-62xx/CVE-2023-6244.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-6244",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T15:15:08.233",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://docs.myeventon.com/documentations/eventon-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=cve",
"source": "security@wordfence.com"
}
]
}

70
CVE-2023/CVE-2023-65xx/CVE-2023-6551.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-6551",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-04T16:15:09.380",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:41:19.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines.\n\n\n"
},
{
"lang": "es",
"value": "Como librer\u00eda simple, class.upload.php no realiza una verificaci\u00f3n en profundidad de los archivos cargados, lo que permite una vulnerabilidad de XSS almacenado cuando se usa la configuraci\u00f3n predeterminada. Los desarrolladores deben ser conscientes de este hecho y utilizar la lista blanca de extensiones, adem\u00e1s de obligar al servidor a proporcionar siempre el tipo de contenido seg\u00fan la extensi\u00f3n del archivo. El README se ha actualizado para incluir estas pautas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -23,14 +60,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:verot:class.upload.php:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A49113E8-9207-45CE-981C-4AF0D4B1EC93"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6551",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-65xx/CVE-2023-6554.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-6554",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-11T16:15:54.300",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When access to the \"admin\" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6554/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6554/",
"source": "cvd@cert.pl"
},
{
"url": "https://tcexam.org/",
"source": "cvd@cert.pl"
}
]
}

6
CVE-2023/CVE-2023-66xx/CVE-2023-6654.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-10T15:15:07.160",
"lastModified": "2023-12-14T17:17:26.397",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-11T16:15:54.413",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
"value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
},
{
"lang": "es",

47
CVE-2023/CVE-2023-69xx/CVE-2023-6938.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-6938",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T15:15:08.410",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://oxygenbuilder.com/oxygen-4-8-1-now-available/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve",
"source": "security@wordfence.com"
}
]
}

84
CVE-2023/CVE-2023-72xx/CVE-2023-7208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T07:15:07.777",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:39:58.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC1EF3D-D4D0-4793-9418-0C12884718CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x2000r:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E04390BE-A47B-4821-8552-42035775A2FB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/unpWn4bL3/iot-security/blob/main/13.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249742",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249742",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

185
CVE-2023/CVE-2023-72xx/CVE-2023-7209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T09:15:08.853",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:39:04.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,173 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-302vp_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "18BBE0D0-FB50-4A06-BF01-0E0AF36D818A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-302vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB01B31-0127-430F-8683-4A90FE8BA490"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-301vpw_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "53622468-2B03-4FCF-B276-10BD7B358C1E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-301vpw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B402537E-B61D-4AF8-B296-AA5BC436647E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-311vpw_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "ED8449AE-75A2-4E6E-9292-EBD65E51DDB2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-311vpw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6600B5-7B6E-4724-BE96-F35AFD245F9C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-101x_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "60EF06FF-C812-45C0-8FD0-804756C153FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-101x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E158FFE-DC0B-4E9E-9326-D25C600F22E0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-323dac_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "C48E72D2-7641-40B9-8FE1-961EE903FFA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-323dac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14CDD53C-E865-4E70-876F-5587BE57F102"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1XDZA4ibiYNcxTwq60vYCr03_6M_cvJ_2/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249758",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249758",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

67
CVE-2023/CVE-2023-72xx/CVE-2023-7210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7210",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T10:15:08.660",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:38:36.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:onenav:onenav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.33",
"matchCriteriaId": "46E372A6-DEDE-43F1-AE48-5C31138485DB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-353q-7h99-hf4x",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://note.zhaoj.in/share/eRbUygGMiJcp",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249765",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249765",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

196
CVE-2023/CVE-2023-72xx/CVE-2023-7211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7211",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T10:15:08.907",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:38:09.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,172 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-302vp_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "18BBE0D0-FB50-4A06-BF01-0E0AF36D818A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-302vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB01B31-0127-430F-8683-4A90FE8BA490"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-301vpw_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "53622468-2B03-4FCF-B276-10BD7B358C1E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-301vpw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B402537E-B61D-4AF8-B296-AA5BC436647E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-311vpw_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "ED8449AE-75A2-4E6E-9292-EBD65E51DDB2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-311vpw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6600B5-7B6E-4724-BE96-F35AFD245F9C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-101x_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "60EF06FF-C812-45C0-8FD0-804756C153FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-101x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E158FFE-DC0B-4E9E-9326-D25C600F22E0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniwayinfo:uw-323dac_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "C48E72D2-7641-40B9-8FE1-961EE903FFA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniwayinfo:uw-323dac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14CDD53C-E865-4E70-876F-5587BE57F102"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249766",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249766",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

85
CVE-2023/CVE-2023-72xx/CVE-2023-7213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7213",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T19:15:08.230",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:59:41.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "1E783757-7B3B-426D-A7CB-0FEE15BA7EA7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B88D1F1-F7A6-43D5-8DF7-E9425823C7B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249769",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249769",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

85
CVE-2023/CVE-2023-72xx/CVE-2023-7214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7214",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T20:15:47.560",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:59:23.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "1E783757-7B3B-426D-A7CB-0FEE15BA7EA7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B88D1F1-F7A6-43D5-8DF7-E9425823C7B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/3/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249770",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249770",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-72xx/CVE-2023-7215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7215",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T02:15:14.027",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:59:42.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chanzhaoyu:chatgpt_web:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "743F26DA-3A55-47CD-8FA3-F22DF98A9EFC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Chanzhaoyu/chatgpt-web/issues/2001",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.249779",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249779",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2024/CVE-2024-02xx/CVE-2024-0246.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0246",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-05T14:15:48.250",
"lastModified": "2024-01-05T18:23:44.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:47:36.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27\"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en IceWarp 12.0.2.1/12.0.3.1 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /install/ del componente Utility Download Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento lang con la entrada 1%27\"()%26%25 conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha divulgado al p\u00fablico y puede usarse. El identificador asociado de esta vulnerabilidad es VDB-249759. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +95,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:icewarp:12.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "825DD1F1-7F5F-436D-A239-AACB1BB35FDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:icewarp:12.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52DB7B6-287F-4CF6-AE4C-327A7E869227"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.249759",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249759",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-02xx/CVE-2024-0247.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0247",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-05T19:15:08.363",
"lastModified": "2024-01-05T22:12:18.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:17:09.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en CodeAstro Online Food Ordering System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/ del componente Admin Panel. La manipulaci\u00f3n del argumento Username conduce a la inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249778 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA88B02-BA58-4918-B40A-37DF4185FD07"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249778",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249778",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-02xx/CVE-2024-0265.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0265",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T05:15:09.977",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:42:37.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:clinic_queuing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959FD20D-FEFB-455F-9689-7C16934B6290"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249821",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249821",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2024/CVE-2024-02xx/CVE-2024-0266.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0266",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T06:15:47.507",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:41:04.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yugeshverma:online_lawyer_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D50A11E-4B14-4439-8347-1D18A36D2406"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249822",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249822",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2024/CVE-2024-02xx/CVE-2024-0267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0267",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T06:15:47.863",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:40:24.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:surajghosh:hospital_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "833B5FD2-E06E-411D-9130-588E3221E701"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249823",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249823",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

60
CVE-2024/CVE-2024-02xx/CVE-2024-0268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0268",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T08:15:07.393",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:39:21.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:surajghosh:hospital_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "833B5FD2-E06E-411D-9130-588E3221E701"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249824",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249824",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2024/CVE-2024-02xx/CVE-2024-0286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0286",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T18:15:16.383",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:35:40.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CB92F-609E-4807-A613-7AA413460314"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249843",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249843",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-02xx/CVE-2024-0291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0291",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T01:15:10.850",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:58:47.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249857",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249857",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2024/CVE-2024-02xx/CVE-2024-0292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0292",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T02:15:14.367",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:59:08.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249858",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249858",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-02xx/CVE-2024-0293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T03:15:13.820",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:58:37.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249859",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249859",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2024/CVE-2024-02xx/CVE-2024-0294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0294",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T03:15:14.050",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:56:53.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249860",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249860",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2024/CVE-2024-02xx/CVE-2024-0295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0295",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T04:15:08.287",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:56:41.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249861",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249861",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-02xx/CVE-2024-0296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0296",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T04:15:08.540",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:56:28.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "053F2B0B-9AD2-404B-9135-080AF3D3FC20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249862",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249862",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-02xx/CVE-2024-0297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0297",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T05:15:09.393",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:56:14.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "053F2B0B-9AD2-404B-9135-080AF3D3FC20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249863",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249863",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2024/CVE-2024-02xx/CVE-2024-0298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0298",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T05:15:09.770",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:55:37.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "053F2B0B-9AD2-404B-9135-080AF3D3FC20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249864",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249864",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2024/CVE-2024-02xx/CVE-2024-0299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0299",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T06:15:44.593",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:55:13.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*",
"matchCriteriaId": "053F2B0B-9AD2-404B-9135-080AF3D3FC20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-03xx/CVE-2024-0300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T06:15:45.047",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:54:51.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,62 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:byzoro:smart_s150_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-01-01",
"matchCriteriaId": "4E4613FF-B68E-4F98-8DB5-7E66422731E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8933946D-BF4C-4F40-8752-D4D6A371BE6E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tolkent/cve/blob/main/upload.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249866",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.249866",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

55
CVE-2024/CVE-2024-04xx/CVE-2024-0429.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0429",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-11T16:15:54.683",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A denial service vulnerability has been found on \u00a0Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop",
"source": "cve-coordination@incibe.es"
}
]
}

51
CVE-2024/CVE-2024-216xx/CVE-2024-21625.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21625",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-04T15:15:11.030",
"lastModified": "2024-01-04T18:46:53.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:52:43.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly."
},
{
"lang": "es",
"value": "SideQuest es un lugar para conseguir aplicaciones de realidad virtual para Oculus Quest. La aplicaci\u00f3n de escritorio SideQuest utiliza enlaces profundos con un protocolo personalizado (`sidequest://`) para activar acciones en la aplicaci\u00f3n desde su contenido web. Debido a que, antes de la versi\u00f3n 0.10.35, las URL de los enlaces profundos no se sanitizaban adecuadamente en todos los casos, se puede lograr una ejecuci\u00f3n remota de c\u00f3digo con un solo clic en los casos en que cuando un dispositivo est\u00e1 conectado, al usuario se le presenta un enlace malicioso y hace clic en \u00e9l. desde dentro de la aplicaci\u00f3n. A partir de la versi\u00f3n 0.10.35, los enlaces de protocolo personalizados dentro de la aplicaci\u00f3n electr\u00f3nica ahora se analizan y sanitizan correctamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.10.35",
"matchCriteriaId": "48037EDB-FCDF-432F-A461-BBBE656927E6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2024/CVE-2024-220xx/CVE-2024-22048.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-22048",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:09.940",
"lastModified": "2024-01-04T23:48:42.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:34:19.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.\n\n"
},
{
"lang": "es",
"value": "Las versiones de govuk_tech_docs desde la 2.0.2 hasta la 3.3.1 anteriores son afectados por una vulnerabilidad de cross site scripting. Se puede ejecutar JavaScript malicioso en el navegador del usuario si se muestra un resultado de b\u00fasqueda malicioso en la p\u00e1gina de b\u00fasqueda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,26 +60,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gov.uk:govuk_tech_docs:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.0.2",
"versionEndExcluding": "3.3.1",
"matchCriteriaId": "6D17958B-199F-4DC7-B7A3-2A1D07C4BDA7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/alphagov/tech-docs-gem/pull/323",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-220xx/CVE-2024-22049.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-22049",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-04T21:15:10.013",
"lastModified": "2024-01-04T23:48:42.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T15:55:12.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.\n\n"
},
{
"lang": "es",
"value": "httparty anterior a 0.21.0 es afectado por una vulnerabilidad de par\u00e1metro web supuestamente inmutable. Un atacante remoto y no autenticado puede proporcionar un par\u00e1metro de filename manipulado durante las cargas de datos de multipart/form-data, lo que podr\u00eda dar lugar a que se escriban nombres de archivos controlados por el atacante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,26 +60,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:john_nunemaker:httparty:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.21.0",
"matchCriteriaId": "7AB0E617-C4C9-43D8-BC21-30529152AD78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-222xx/CVE-2024-22216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22216",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T07:15:11.547",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T16:44:03.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "En las instalaciones predeterminadas de Microchip maxView Storage Manager (para Adaptec Smart Storage Controllers) donde el servidor Redfish est\u00e1 configurado para la administraci\u00f3n remota del sistema, puede ocurrir acceso no autorizado, con modificaci\u00f3n de datos y divulgaci\u00f3n de informaci\u00f3n. Esto afecta desde 3.00.23484 hasta 4.14.00.26064 (excepto las versiones parcheadas 3.07.23980 y 4.07.00.25339)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:-:*:*",
"versionStartIncluding": "3.00.23484",
"versionEndIncluding": "4.14.00.26064",
"matchCriteriaId": "11777E9D-2BAF-4988-8A4E-C1EDF022EA79"
}
]
}
]
}
],
"references": [
{
"url": "https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-229xx/CVE-2024-22942.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22942",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.857",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-230xx/CVE-2024-23057.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23057",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.943",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-230xx/CVE-2024-23058.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23058",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.997",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-230xx/CVE-2024-23059.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.057",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-230xx/CVE-2024-23060.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.110",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-230xx/CVE-2024-23061.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.157",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md",
"source": "cve@mitre.org"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-11T15:00:25.194916+00:00
2024-01-11T17:00:25.976098+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-11T14:54:52.880000+00:00
2024-01-11T16:59:42.420000+00:00
```
### Last Data Feed Release
@ -29,50 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235632
235647
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `15`
* [CVE-2023-20573](CVE-2023/CVE-2023-205xx/CVE-2023-20573.json) (`2024-01-11T14:15:43.963`)
* [CVE-2023-50159](CVE-2023/CVE-2023-501xx/CVE-2023-50159.json) (`2024-01-11T14:15:44.070`)
* [CVE-2023-51748](CVE-2023/CVE-2023-517xx/CVE-2023-51748.json) (`2024-01-11T14:15:44.123`)
* [CVE-2023-51749](CVE-2023/CVE-2023-517xx/CVE-2023-51749.json) (`2024-01-11T14:15:44.167`)
* [CVE-2023-51750](CVE-2023/CVE-2023-517xx/CVE-2023-51750.json) (`2024-01-11T14:15:44.230`)
* [CVE-2023-51751](CVE-2023/CVE-2023-517xx/CVE-2023-51751.json) (`2024-01-11T14:15:44.270`)
* [CVE-2023-6242](CVE-2023/CVE-2023-62xx/CVE-2023-6242.json) (`2024-01-11T15:15:08.040`)
* [CVE-2023-6244](CVE-2023/CVE-2023-62xx/CVE-2023-6244.json) (`2024-01-11T15:15:08.233`)
* [CVE-2023-6938](CVE-2023/CVE-2023-69xx/CVE-2023-6938.json) (`2024-01-11T15:15:08.410`)
* [CVE-2023-51984](CVE-2023/CVE-2023-519xx/CVE-2023-51984.json) (`2024-01-11T16:15:53.790`)
* [CVE-2023-51987](CVE-2023/CVE-2023-519xx/CVE-2023-51987.json) (`2024-01-11T16:15:53.863`)
* [CVE-2023-51989](CVE-2023/CVE-2023-519xx/CVE-2023-51989.json) (`2024-01-11T16:15:53.920`)
* [CVE-2023-5118](CVE-2023/CVE-2023-51xx/CVE-2023-5118.json) (`2024-01-11T16:15:54.000`)
* [CVE-2023-6554](CVE-2023/CVE-2023-65xx/CVE-2023-6554.json) (`2024-01-11T16:15:54.300`)
* [CVE-2024-0429](CVE-2024/CVE-2024-04xx/CVE-2024-0429.json) (`2024-01-11T16:15:54.683`)
* [CVE-2024-22942](CVE-2024/CVE-2024-229xx/CVE-2024-22942.json) (`2024-01-11T16:15:55.857`)
* [CVE-2024-23057](CVE-2024/CVE-2024-230xx/CVE-2024-23057.json) (`2024-01-11T16:15:55.943`)
* [CVE-2024-23058](CVE-2024/CVE-2024-230xx/CVE-2024-23058.json) (`2024-01-11T16:15:55.997`)
* [CVE-2024-23059](CVE-2024/CVE-2024-230xx/CVE-2024-23059.json) (`2024-01-11T16:15:56.057`)
* [CVE-2024-23060](CVE-2024/CVE-2024-230xx/CVE-2024-23060.json) (`2024-01-11T16:15:56.110`)
* [CVE-2024-23061](CVE-2024/CVE-2024-230xx/CVE-2024-23061.json) (`2024-01-11T16:15:56.157`)
### CVEs modified in the last Commit
Recently modified CVEs: `178`
Recently modified CVEs: `56`
* [CVE-2023-40438](CVE-2023/CVE-2023-404xx/CVE-2023-40438.json) (`2024-01-11T13:57:35.163`)
* [CVE-2023-47560](CVE-2023/CVE-2023-475xx/CVE-2023-47560.json) (`2024-01-11T14:07:09.593`)
* [CVE-2023-51502](CVE-2023/CVE-2023-515xx/CVE-2023-51502.json) (`2024-01-11T14:16:03.027`)
* [CVE-2023-52178](CVE-2023/CVE-2023-521xx/CVE-2023-52178.json) (`2024-01-11T14:17:42.607`)
* [CVE-2023-52184](CVE-2023/CVE-2023-521xx/CVE-2023-52184.json) (`2024-01-11T14:19:23.967`)
* [CVE-2023-50027](CVE-2023/CVE-2023-500xx/CVE-2023-50027.json) (`2024-01-11T14:26:14.217`)
* [CVE-2023-52123](CVE-2023/CVE-2023-521xx/CVE-2023-52123.json) (`2024-01-11T14:28:17.513`)
* [CVE-2023-52128](CVE-2023/CVE-2023-521xx/CVE-2023-52128.json) (`2024-01-11T14:29:37.127`)
* [CVE-2023-23588](CVE-2023/CVE-2023-235xx/CVE-2023-23588.json) (`2024-01-11T14:31:50.550`)
* [CVE-2023-39853](CVE-2023/CVE-2023-398xx/CVE-2023-39853.json) (`2024-01-11T14:47:18.230`)
* [CVE-2023-50609](CVE-2023/CVE-2023-506xx/CVE-2023-50609.json) (`2024-01-11T14:54:52.880`)
* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21638](CVE-2024/CVE-2024-216xx/CVE-2024-21638.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21773](CVE-2024/CVE-2024-217xx/CVE-2024-21773.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21821](CVE-2024/CVE-2024-218xx/CVE-2024-21821.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21833](CVE-2024/CVE-2024-218xx/CVE-2024-21833.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21665](CVE-2024/CVE-2024-216xx/CVE-2024-21665.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-22194](CVE-2024/CVE-2024-221xx/CVE-2024-22194.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-22195](CVE-2024/CVE-2024-221xx/CVE-2024-22195.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21637](CVE-2024/CVE-2024-216xx/CVE-2024-21637.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-21669](CVE-2024/CVE-2024-216xx/CVE-2024-21669.json) (`2024-01-11T13:57:26.160`)
* [CVE-2024-0252](CVE-2024/CVE-2024-02xx/CVE-2024-0252.json) (`2024-01-11T13:57:26.160`)
* [CVE-2023-7208](CVE-2023/CVE-2023-72xx/CVE-2023-7208.json) (`2024-01-11T16:39:58.583`)
* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-11T16:41:19.250`)
* [CVE-2023-47140](CVE-2023/CVE-2023-471xx/CVE-2023-47140.json) (`2024-01-11T16:58:30.733`)
* [CVE-2023-7215](CVE-2023/CVE-2023-72xx/CVE-2023-7215.json) (`2024-01-11T16:59:42.420`)
* [CVE-2024-0247](CVE-2024/CVE-2024-02xx/CVE-2024-0247.json) (`2024-01-11T15:17:09.700`)
* [CVE-2024-0246](CVE-2024/CVE-2024-02xx/CVE-2024-0246.json) (`2024-01-11T15:47:36.337`)
* [CVE-2024-22049](CVE-2024/CVE-2024-220xx/CVE-2024-22049.json) (`2024-01-11T15:55:12.217`)
* [CVE-2024-0291](CVE-2024/CVE-2024-02xx/CVE-2024-0291.json) (`2024-01-11T15:58:47.450`)
* [CVE-2024-22048](CVE-2024/CVE-2024-220xx/CVE-2024-22048.json) (`2024-01-11T16:34:19.193`)
* [CVE-2024-0286](CVE-2024/CVE-2024-02xx/CVE-2024-0286.json) (`2024-01-11T16:35:40.620`)
* [CVE-2024-0268](CVE-2024/CVE-2024-02xx/CVE-2024-0268.json) (`2024-01-11T16:39:21.907`)
* [CVE-2024-0267](CVE-2024/CVE-2024-02xx/CVE-2024-0267.json) (`2024-01-11T16:40:24.620`)
* [CVE-2024-0266](CVE-2024/CVE-2024-02xx/CVE-2024-0266.json) (`2024-01-11T16:41:04.007`)
* [CVE-2024-0265](CVE-2024/CVE-2024-02xx/CVE-2024-0265.json) (`2024-01-11T16:42:37.937`)
* [CVE-2024-22216](CVE-2024/CVE-2024-222xx/CVE-2024-22216.json) (`2024-01-11T16:44:03.750`)
* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-11T16:52:43.513`)
* [CVE-2024-0300](CVE-2024/CVE-2024-03xx/CVE-2024-0300.json) (`2024-01-11T16:54:51.317`)
* [CVE-2024-0299](CVE-2024/CVE-2024-02xx/CVE-2024-0299.json) (`2024-01-11T16:55:13.367`)
* [CVE-2024-0298](CVE-2024/CVE-2024-02xx/CVE-2024-0298.json) (`2024-01-11T16:55:37.693`)
* [CVE-2024-0297](CVE-2024/CVE-2024-02xx/CVE-2024-0297.json) (`2024-01-11T16:56:14.950`)
* [CVE-2024-0296](CVE-2024/CVE-2024-02xx/CVE-2024-0296.json) (`2024-01-11T16:56:28.763`)
* [CVE-2024-0295](CVE-2024/CVE-2024-02xx/CVE-2024-0295.json) (`2024-01-11T16:56:41.500`)
* [CVE-2024-0294](CVE-2024/CVE-2024-02xx/CVE-2024-0294.json) (`2024-01-11T16:56:53.397`)
* [CVE-2024-0293](CVE-2024/CVE-2024-02xx/CVE-2024-0293.json) (`2024-01-11T16:58:37.920`)
* [CVE-2024-0292](CVE-2024/CVE-2024-02xx/CVE-2024-0292.json) (`2024-01-11T16:59:08.770`)
## Download and Usage