From 36efcf032a2fe1ab17cb9a06229cba8de4bbc502 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 2 Feb 2024 00:55:36 +0000 Subject: [PATCH] Auto-Update: 2024-02-02T00:55:33.314334+00:00 --- CVE-2023/CVE-2023-364xx/CVE-2023-36496.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-467xx/CVE-2023-46706.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-478xx/CVE-2023-47867.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-491xx/CVE-2023-49115.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-496xx/CVE-2023-49610.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-496xx/CVE-2023-49617.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50939.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-62xx/CVE-2023-6221.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-217xx/CVE-2024-21764.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-217xx/CVE-2024-21794.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-218xx/CVE-2024-21852.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-218xx/CVE-2024-21866.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-218xx/CVE-2024-21869.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-220xx/CVE-2024-22016.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-220xx/CVE-2024-22096.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-229xx/CVE-2024-22927.json | 20 +++++++ CVE-2024/CVE-2024-230xx/CVE-2024-23031.json | 20 +++++++ CVE-2024/CVE-2024-230xx/CVE-2024-23032.json | 20 +++++++ CVE-2024/CVE-2024-230xx/CVE-2024-23033.json | 20 +++++++ CVE-2024/CVE-2024-230xx/CVE-2024-23034.json | 20 +++++++ CVE-2024/CVE-2024-247xx/CVE-2024-24756.json | 63 +++++++++++++++++++++ README.md | 63 +++++++++------------ 22 files changed, 1078 insertions(+), 37 deletions(-) create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36496.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46706.json create mode 100644 CVE-2023/CVE-2023-478xx/CVE-2023-47867.json create mode 100644 CVE-2023/CVE-2023-491xx/CVE-2023-49115.json create mode 100644 CVE-2023/CVE-2023-496xx/CVE-2023-49610.json create mode 100644 CVE-2023/CVE-2023-496xx/CVE-2023-49617.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50939.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6221.json create mode 100644 CVE-2024/CVE-2024-217xx/CVE-2024-21764.json create mode 100644 CVE-2024/CVE-2024-217xx/CVE-2024-21794.json create mode 100644 CVE-2024/CVE-2024-218xx/CVE-2024-21852.json create mode 100644 CVE-2024/CVE-2024-218xx/CVE-2024-21866.json create mode 100644 CVE-2024/CVE-2024-218xx/CVE-2024-21869.json create mode 100644 CVE-2024/CVE-2024-220xx/CVE-2024-22016.json create mode 100644 CVE-2024/CVE-2024-220xx/CVE-2024-22096.json create mode 100644 CVE-2024/CVE-2024-229xx/CVE-2024-22927.json create mode 100644 CVE-2024/CVE-2024-230xx/CVE-2024-23031.json create mode 100644 CVE-2024/CVE-2024-230xx/CVE-2024-23032.json create mode 100644 CVE-2024/CVE-2024-230xx/CVE-2024-23033.json create mode 100644 CVE-2024/CVE-2024-230xx/CVE-2024-23034.json create mode 100644 CVE-2024/CVE-2024-247xx/CVE-2024-24756.json diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36496.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36496.json new file mode 100644 index 00000000000..40a061583e8 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36496.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-36496", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2024-02-01T23:15:09.107", + "lastModified": "2024-02-01T23:15:09.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://support.pingidentity.com/s/article/SECADV039", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html", + "source": "responsible-disclosure@pingidentity.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46706.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46706.json new file mode 100644 index 00000000000..6f8c1c4b1b0 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46706.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46706", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:09.333", + "lastModified": "2024-02-01T23:15:09.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nMultiple MachineSense devices have credentials unable to be changed by the user or administrator.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47867.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47867.json new file mode 100644 index 00000000000..6adce67fbd5 --- /dev/null +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47867.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47867", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:09.567", + "lastModified": "2024-02-01T23:15:09.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49115.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49115.json new file mode 100644 index 00000000000..7c4ba18962d --- /dev/null +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49115.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49115", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:09.773", + "lastModified": "2024-02-01T23:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\nMachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49610.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49610.json new file mode 100644 index 00000000000..4c14c1208f2 --- /dev/null +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49610.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49610", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:10.003", + "lastModified": "2024-02-01T23:15:10.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\nMachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49617.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49617.json new file mode 100644 index 00000000000..ba4147d00c3 --- /dev/null +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49617.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49617", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:10.227", + "lastModified": "2024-02-01T23:15:10.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\nThe MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50939.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50939.json new file mode 100644 index 00000000000..b3ca47f69dd --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50939.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50939", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-02T00:15:54.540", + "lastModified": "2024-02-02T00:15:54.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275129", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7113759", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6221.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6221.json new file mode 100644 index 00000000000..892adb6fedf --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6221.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6221", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:10.510", + "lastModified": "2024-02-01T23:15:10.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://machinesense.com/pages/about-machinesense", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json new file mode 100644 index 00000000000..89623952241 --- /dev/null +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21764.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21764", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:54.767", + "lastModified": "2024-02-02T00:15:54.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the\u00a0product uses hard-coded credentials, which may allow an attacker to connect to a specific port.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json new file mode 100644 index 00000000000..dee0cdb13bb --- /dev/null +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21794.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21794", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:54.953", + "lastModified": "2024-02-02T00:15:54.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can redirect users to malicious pages through the login page.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json new file mode 100644 index 00000000000..a389dc92823 --- /dev/null +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21852.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21852", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T23:15:10.730", + "lastModified": "2024-02-01T23:15:10.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json new file mode 100644 index 00000000000..7703050a9a5 --- /dev/null +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21866.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21866", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:55.143", + "lastModified": "2024-02-02T00:15:55.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json new file mode 100644 index 00000000000..38003de18f2 --- /dev/null +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21869.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21869", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:55.340", + "lastModified": "2024-02-02T00:15:55.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-256" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json new file mode 100644 index 00000000000..a64ddb69050 --- /dev/null +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22016.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22016", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:55.533", + "lastModified": "2024-02-02T00:15:55.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json new file mode 100644 index 00000000000..a3b6f59eb33 --- /dev/null +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22096.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22096", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-02T00:15:55.713", + "lastModified": "2024-02-02T00:15:55.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://rapidscada.org/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22927.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22927.json new file mode 100644 index 00000000000..856b38c6a58 --- /dev/null +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22927.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22927", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T23:15:10.960", + "lastModified": "2024-02-01T23:15:10.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/57", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23031.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23031.json new file mode 100644 index 00000000000..834b03f4229 --- /dev/null +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23031.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-23031", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T23:15:11.020", + "lastModified": "2024-02-01T23:15:11.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/57", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json new file mode 100644 index 00000000000..763a84f0b8f --- /dev/null +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-23032", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T23:15:11.067", + "lastModified": "2024-02-01T23:15:11.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/57", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23033.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23033.json new file mode 100644 index 00000000000..81b1be6a9d8 --- /dev/null +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23033.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-23033", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T23:15:11.113", + "lastModified": "2024-02-01T23:15:11.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/57", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23034.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23034.json new file mode 100644 index 00000000000..a6660c8f6ef --- /dev/null +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23034.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-23034", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T23:15:11.160", + "lastModified": "2024-02-01T23:15:11.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/57", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24756.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24756.json new file mode 100644 index 00000000000..445b0827092 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24756.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24756", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-01T23:15:11.210", + "lastModified": "2024-02-01T23:15:11.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/crafatar/crafatar/blob/e0233f2899a3206a817d2dd3b80da83d51c7a726/lib/server.js#L64-L67", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/crafatar/crafatar/commit/bba004acc725b362a5d2d5dfe30cf60e7365a373", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 27c66019c43..b3754616337 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-01T23:00:24.492790+00:00 +2024-02-02T00:55:33.314334+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-01T22:39:14.853000+00:00 +2024-02-02T00:15:55.713000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237326 +237347 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `21` -* [CVE-2023-47256](CVE-2023/CVE-2023-472xx/CVE-2023-47256.json) (`2024-02-01T22:15:55.103`) -* [CVE-2023-47257](CVE-2023/CVE-2023-472xx/CVE-2023-47257.json) (`2024-02-01T22:15:55.170`) -* [CVE-2023-4472](CVE-2023/CVE-2023-44xx/CVE-2023-4472.json) (`2024-02-01T22:15:55.220`) -* [CVE-2024-0325](CVE-2024/CVE-2024-03xx/CVE-2024-0325.json) (`2024-02-01T22:15:55.333`) -* [CVE-2024-1039](CVE-2024/CVE-2024-10xx/CVE-2024-1039.json) (`2024-02-01T22:15:55.527`) -* [CVE-2024-1040](CVE-2024/CVE-2024-10xx/CVE-2024-1040.json) (`2024-02-01T22:15:55.717`) -* [CVE-2024-24755](CVE-2024/CVE-2024-247xx/CVE-2024-24755.json) (`2024-02-01T22:15:55.900`) +* [CVE-2023-36496](CVE-2023/CVE-2023-364xx/CVE-2023-36496.json) (`2024-02-01T23:15:09.107`) +* [CVE-2023-46706](CVE-2023/CVE-2023-467xx/CVE-2023-46706.json) (`2024-02-01T23:15:09.333`) +* [CVE-2023-47867](CVE-2023/CVE-2023-478xx/CVE-2023-47867.json) (`2024-02-01T23:15:09.567`) +* [CVE-2023-49115](CVE-2023/CVE-2023-491xx/CVE-2023-49115.json) (`2024-02-01T23:15:09.773`) +* [CVE-2023-49610](CVE-2023/CVE-2023-496xx/CVE-2023-49610.json) (`2024-02-01T23:15:10.003`) +* [CVE-2023-49617](CVE-2023/CVE-2023-496xx/CVE-2023-49617.json) (`2024-02-01T23:15:10.227`) +* [CVE-2023-6221](CVE-2023/CVE-2023-62xx/CVE-2023-6221.json) (`2024-02-01T23:15:10.510`) +* [CVE-2023-50939](CVE-2023/CVE-2023-509xx/CVE-2023-50939.json) (`2024-02-02T00:15:54.540`) +* [CVE-2024-21852](CVE-2024/CVE-2024-218xx/CVE-2024-21852.json) (`2024-02-01T23:15:10.730`) +* [CVE-2024-22927](CVE-2024/CVE-2024-229xx/CVE-2024-22927.json) (`2024-02-01T23:15:10.960`) +* [CVE-2024-23031](CVE-2024/CVE-2024-230xx/CVE-2024-23031.json) (`2024-02-01T23:15:11.020`) +* [CVE-2024-23032](CVE-2024/CVE-2024-230xx/CVE-2024-23032.json) (`2024-02-01T23:15:11.067`) +* [CVE-2024-23033](CVE-2024/CVE-2024-230xx/CVE-2024-23033.json) (`2024-02-01T23:15:11.113`) +* [CVE-2024-23034](CVE-2024/CVE-2024-230xx/CVE-2024-23034.json) (`2024-02-01T23:15:11.160`) +* [CVE-2024-24756](CVE-2024/CVE-2024-247xx/CVE-2024-24756.json) (`2024-02-01T23:15:11.210`) +* [CVE-2024-21764](CVE-2024/CVE-2024-217xx/CVE-2024-21764.json) (`2024-02-02T00:15:54.767`) +* [CVE-2024-21794](CVE-2024/CVE-2024-217xx/CVE-2024-21794.json) (`2024-02-02T00:15:54.953`) +* [CVE-2024-21866](CVE-2024/CVE-2024-218xx/CVE-2024-21866.json) (`2024-02-02T00:15:55.143`) +* [CVE-2024-21869](CVE-2024/CVE-2024-218xx/CVE-2024-21869.json) (`2024-02-02T00:15:55.340`) +* [CVE-2024-22016](CVE-2024/CVE-2024-220xx/CVE-2024-22016.json) (`2024-02-02T00:15:55.533`) +* [CVE-2024-22096](CVE-2024/CVE-2024-220xx/CVE-2024-22096.json) (`2024-02-02T00:15:55.713`) ### CVEs modified in the last Commit -Recently modified CVEs: `28` +Recently modified CVEs: `0` -* [CVE-2024-23741](CVE-2024/CVE-2024-237xx/CVE-2024-23741.json) (`2024-02-01T21:08:32.010`) -* [CVE-2024-23742](CVE-2024/CVE-2024-237xx/CVE-2024-23742.json) (`2024-02-01T21:08:50.937`) -* [CVE-2024-23740](CVE-2024/CVE-2024-237xx/CVE-2024-23740.json) (`2024-02-01T21:08:58.803`) -* [CVE-2024-23738](CVE-2024/CVE-2024-237xx/CVE-2024-23738.json) (`2024-02-01T21:09:24.777`) -* [CVE-2024-23739](CVE-2024/CVE-2024-237xx/CVE-2024-23739.json) (`2024-02-01T21:12:13.300`) -* [CVE-2024-23743](CVE-2024/CVE-2024-237xx/CVE-2024-23743.json) (`2024-02-01T21:12:23.090`) -* [CVE-2024-20305](CVE-2024/CVE-2024-203xx/CVE-2024-20305.json) (`2024-02-01T21:14:41.087`) -* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-02-01T21:15:07.760`) -* [CVE-2024-20253](CVE-2024/CVE-2024-202xx/CVE-2024-20253.json) (`2024-02-01T21:16:04.890`) -* [CVE-2024-0946](CVE-2024/CVE-2024-09xx/CVE-2024-0946.json) (`2024-02-01T21:20:11.267`) -* [CVE-2024-0945](CVE-2024/CVE-2024-09xx/CVE-2024-0945.json) (`2024-02-01T21:20:25.947`) -* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24754](CVE-2024/CVE-2024-247xx/CVE-2024-24754.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-23832](CVE-2024/CVE-2024-238xx/CVE-2024-23832.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24557](CVE-2024/CVE-2024-245xx/CVE-2024-24557.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24561](CVE-2024/CVE-2024-245xx/CVE-2024-24561.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-1167](CVE-2024/CVE-2024-11xx/CVE-2024-1167.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-23645](CVE-2024/CVE-2024-236xx/CVE-2024-23645.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-01T21:30:44.493`) -* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-01T21:30:44.493`) ## Download and Usage