diff --git a/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json b/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json index 4ec2757e6a0..f10438f420c 100644 --- a/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json +++ b/CVE-2021/CVE-2021-422xx/CVE-2021-42260.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42260", "sourceIdentifier": "cve@mitre.org", "published": "2021-10-11T20:15:07.433", - "lastModified": "2022-10-27T17:29:32.533", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-08T03:15:12.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -141,6 +141,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", + "source": "cve@mitre.org" + }, { "url": "https://sourceforge.net/p/tinyxml/bugs/141/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json index af21b77d425..e52f6e10ac6 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34194.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34194", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-13T14:15:43.680", - "lastModified": "2023-12-31T00:15:44.050", + "lastModified": "2024-01-08T03:15:13.160", "vulnStatus": "Modified", "descriptions": [ { @@ -73,6 +73,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", + "source": "cve@mitre.org" + }, { "url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47140.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47140.json new file mode 100644 index 00000000000..cc9e6b4b79a --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47140.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-47140", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-08T03:15:13.283", + "lastModified": "2024-01-08T03:15:13.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.4, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270259", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://https://www.ibm.com/support/pages/node/7105094", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49081.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49081.json index 439a1f8e0d7..4923ad09c7d 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49081.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49081.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49081", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-30T07:15:08.723", - "lastModified": "2023-12-05T17:39:06.813", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-08T03:15:13.457", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -114,6 +114,14 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json index ac67c5395b7..f317ea2bb16 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49082", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-29T20:15:08.180", - "lastModified": "2023-12-05T01:51:49.997", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-08T03:15:13.593", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -108,6 +108,14 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7101.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7101.json index 51b09cd811a..5174c241d46 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7101.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7101.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7101", "sourceIdentifier": "mandiant-cve@google.com", "published": "2023-12-24T22:15:07.983", - "lastModified": "2024-01-03T17:15:11.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T03:15:13.703", + "vulnStatus": "Undergoing Analysis", "cisaExploitAdd": "2024-01-02", "cisaActionDue": "2024-01-23", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -63,6 +63,14 @@ { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html", "source": "mandiant-cve@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/", + "source": "mandiant-cve@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/", + "source": "mandiant-cve@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0293.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0293.json new file mode 100644 index 00000000000..e471d41c87d --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0293.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0293", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-08T03:15:13.820", + "lastModified": "2024-01-08T03:15:13.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249859", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249859", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0294.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0294.json new file mode 100644 index 00000000000..5500efe67fe --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0294.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0294", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-08T03:15:14.050", + "lastModified": "2024-01-08T03:15:14.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249860", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249860", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0295.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0295.json new file mode 100644 index 00000000000..2a4694d0dfc --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0295.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0295", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-08T04:15:08.287", + "lastModified": "2024-01-08T04:15:08.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249861", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249861", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0296.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0296.json new file mode 100644 index 00000000000..447465c9be5 --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0296.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0296", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-08T04:15:08.540", + "lastModified": "2024-01-08T04:15:08.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249862", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249862", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e865a644319..36dc9181fd4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-08T03:00:32.018161+00:00 +2024-01-08T05:00:24.860558+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-08T02:15:14.367000+00:00 +2024-01-08T04:15:08.540000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235010 +235015 ``` ### CVEs added in the last Commit Recently added CVEs: `5` -* [CVE-2023-50948](CVE-2023/CVE-2023-509xx/CVE-2023-50948.json) (`2024-01-08T02:15:13.793`) -* [CVE-2023-7215](CVE-2023/CVE-2023-72xx/CVE-2023-7215.json) (`2024-01-08T02:15:14.027`) -* [CVE-2024-0290](CVE-2024/CVE-2024-02xx/CVE-2024-0290.json) (`2024-01-08T01:15:10.607`) -* [CVE-2024-0291](CVE-2024/CVE-2024-02xx/CVE-2024-0291.json) (`2024-01-08T01:15:10.850`) -* [CVE-2024-0292](CVE-2024/CVE-2024-02xx/CVE-2024-0292.json) (`2024-01-08T02:15:14.367`) +* [CVE-2023-47140](CVE-2023/CVE-2023-471xx/CVE-2023-47140.json) (`2024-01-08T03:15:13.283`) +* [CVE-2024-0293](CVE-2024/CVE-2024-02xx/CVE-2024-0293.json) (`2024-01-08T03:15:13.820`) +* [CVE-2024-0294](CVE-2024/CVE-2024-02xx/CVE-2024-0294.json) (`2024-01-08T03:15:14.050`) +* [CVE-2024-0295](CVE-2024/CVE-2024-02xx/CVE-2024-0295.json) (`2024-01-08T04:15:08.287`) +* [CVE-2024-0296](CVE-2024/CVE-2024-02xx/CVE-2024-0296.json) (`2024-01-08T04:15:08.540`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +* [CVE-2021-42260](CVE-2021/CVE-2021-422xx/CVE-2021-42260.json) (`2024-01-08T03:15:12.927`) +* [CVE-2023-34194](CVE-2023/CVE-2023-341xx/CVE-2023-34194.json) (`2024-01-08T03:15:13.160`) +* [CVE-2023-49081](CVE-2023/CVE-2023-490xx/CVE-2023-49081.json) (`2024-01-08T03:15:13.457`) +* [CVE-2023-49082](CVE-2023/CVE-2023-490xx/CVE-2023-49082.json) (`2024-01-08T03:15:13.593`) +* [CVE-2023-7101](CVE-2023/CVE-2023-71xx/CVE-2023-7101.json) (`2024-01-08T03:15:13.703`) ## Download and Usage