admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-19T15:00:24.702129+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-19 15:00:28 +00:00
parent fa9e9caa7f
commit 4010ee4aa1
59 changed files with 3196 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2023/CVE-2023-271xx/CVE-2023-27168.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-27168",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.247",
"lastModified": "2024-01-19T14:15:12.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file."
}
],
"metrics": {},
"references": [
{
"url": "https://balwurk.com",
"source": "cve@mitre.org"
},
{
"url": "https://balwurk.github.io/CVE-2023-27168/",
"source": "cve@mitre.org"
},
{
"url": "https://writeback4t.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.xpand-it.com",
"source": "cve@mitre.org"
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31031.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31031",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.257",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T13:05:42.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA DGX A100 SBIOS contiene una vulnerabilidad en la que un usuario puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*",
"versionEndExcluding": "1.25",
"matchCriteriaId": "BF83A6E1-F48A-4FF6-B04E-6A1240FFA8C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31032.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31032",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.490",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T13:09:21.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service."
},
{
"lang": "es",
"value": "NVIDIA DGX A100 SBIOS contiene una vulnerabilidad en la que un usuario puede provocar una evaluaci\u00f3n de variable din\u00e1mica mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-913"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*",
"versionEndExcluding": "1.25",
"matchCriteriaId": "BF83A6E1-F48A-4FF6-B04E-6A1240FFA8C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31033.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31033",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.680",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T13:16:06.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un usuario puede causar un problema de autenticaci\u00f3n faltante para una funci\u00f3n cr\u00edtica en una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una escalada de privilegios, ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "00.22.05",
"matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31034.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31034",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.867",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T13:27:10.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA DGX A100 SBIOS contiene una vulnerabilidad en la que un atacante local puede provocar que se omitan las comprobaciones de validaci\u00f3n de entrada provocando un desbordamiento de enteros. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*",
"versionEndExcluding": "1.25",
"matchCriteriaId": "BF83A6E1-F48A-4FF6-B04E-6A1240FFA8C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31035.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31035",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:11.057",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T13:32:06.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure."
},
{
"lang": "es",
"value": "NVIDIA DGX A100 SBIOS contiene una vulnerabilidad en la que un atacante puede causar una vulnerabilidad de llamada SMI que podr\u00eda usarse para ejecutar c\u00f3digo arbitrario en el nivel SMM. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:sbios:*:*:*",
"versionEndExcluding": "1.25",
"matchCriteriaId": "BF83A6E1-F48A-4FF6-B04E-6A1240FFA8C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-439xx/CVE-2023-43985.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43985",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.317",
"lastModified": "2024-01-19T14:15:12.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/01/18/stblogsearch.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-463xx/CVE-2023-46351.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.367",
"lastModified": "2024-01-19T14:15:12.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
}
],
"metrics": {},
"references": [
{
"url": "https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.friendsofpresta.org/modules/2024/01/18/mib.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50028.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50028",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.413",
"lastModified": "2024-01-19T14:15:12.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Sliding cart block\" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection."
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/en/express-checkout-process/3321-block-sliding-cart.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.friendsofpresta.org/modules/2024/01/16/blockslidingcart.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50030.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50030",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.453",
"lastModified": "2024-01-19T14:15:12.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Jms Setting\" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.joommasters.com/",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-501xx/CVE-2023-50124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50124",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.630",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:42:04.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Flient Smart Door Lock v1.0 es vulnerable al uso de credenciales predeterminadas. Debido a las credenciales predeterminadas en una interfaz de depuraci\u00f3n, en combinaci\u00f3n con ciertas opciones de dise\u00f1o, un atacante puede desbloquear Flient Smart Door Lock reemplazando la huella digital almacenada en el esc\u00e1ner."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:flient:smart_lock_advanced_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "447DBC97-7148-49AA-A3D9-03179AAFAEDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:flient:smart_lock_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CCF293-5319-41B1-8655-53668E0CEF67"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-501xx/CVE-2023-50126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50126",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.723",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:33:53.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "La falta de cifrado en las etiquetas RFID del sistema de alarma Hozard (Alarmsysteem) v1.0 permite a los atacantes crear una etiqueta clonada mediante una breve proximidad f\u00edsica a una de las etiquetas originales, lo que da como resultado que un atacante pueda desarmar el sistema de alarma"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-501xx/CVE-2023-50129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50129",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.867",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:08:23.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "La falta de cifrado en las etiquetas NFC de Flient Smart Door Lock v1.0 permite a los atacantes crear una etiqueta clonada mediante una breve proximidad f\u00edsica a las etiquetas originales, lo que da como resultado que el atacante obtenga acceso al per\u00edmetro."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:flient:smart_lock_advanced_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "447DBC97-7148-49AA-A3D9-03179AAFAEDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:flient:smart_lock_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CCF293-5319-41B1-8655-53668E0CEF67"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-519xx/CVE-2023-51946.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51946",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.500",
"lastModified": "2024-01-19T14:15:12.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML."
}
],
"metrics": {},
"references": [
{
"url": "http://actidata.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51946/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-519xx/CVE-2023-51947.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51947",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.553",
"lastModified": "2024-01-19T14:15:12.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication."
}
],
"metrics": {},
"references": [
{
"url": "http://actinas-plus-sl-2u-8-rdx.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-519xx/CVE-2023-51948.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-51948",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:12.663",
"lastModified": "2024-01-19T14:15:12.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx",
"source": "cve@mitre.org"
}
]
}

80
CVE-2023/CVE-2023-60xx/CVE-2023-6005.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-6005",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.530",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:27:45.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no sanitizan ni escapan a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida. (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/fa4eea26-0611-4fa8-a947-f78ddf46a56a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-60xx/CVE-2023-6046.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6046",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.580",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:27:58.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed."
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 2.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de inyecci\u00f3n de HTML almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "B74ABCE3-9C39-44B9-83BB-BF992C57F5AA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/97f1d403-ae96-4c90-8d47-9822f4d68033/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-70xx/CVE-2023-7083.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-7083",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.973",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:54:30.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento Voting Record de WordPress hasta la versi\u00f3n 2.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenados a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "5618CD85-545A-47B3-A1E9-13091C2C8EE9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-7083.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/ba77704a-32a1-494b-b2c0-e1c2a3f98adc/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-70xx/CVE-2023-7084.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-7084",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.023",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:54:24.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks"
},
{
"lang": "es",
"value": "Al complemento Voting Record de WordPress hasta la versi\u00f3n 2.0 le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a cualquier usuario autenticado, como un suscriptor, realizar ataques de XSS almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "5618CD85-545A-47B3-A1E9-13091C2C8EE9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-7084.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-02xx/CVE-2024-0233.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2024-0233",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.280",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:28:14.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no sanitizan ni escapan adecuadamente un par\u00e1metro antes de devolverlo a las p\u00e1ginas, lo que genera cross site scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-02xx/CVE-2024-0235.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2024-0235",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.327",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:28:22.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog"
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no tienen autorizaci\u00f3n en una acci\u00f3n AJAX, lo que permite a los usuarios no autenticados recuperar direcciones de correo electr\u00f3nico de cualquier usuario en el blog."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-02xx/CVE-2024-0236.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2024-0236",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.367",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:28:41.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)"
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no tienen autorizaci\u00f3n en una acci\u00f3n AJAX, lo que permite a usuarios no autenticados recuperar la configuraci\u00f3n de eventos virtuales arbitrarios, incluida cualquier contrase\u00f1a de reuni\u00f3n establecida (por ejemplo, para Zoom)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-02xx/CVE-2024-0237.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2024-0237",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.413",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:29:02.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc"
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no tienen autorizaci\u00f3n en algunas acciones AJAX, lo que permite a usuarios no autenticados actualizar la configuraci\u00f3n de eventos virtuales, como la URL de la reuni\u00f3n, el moderador, los detalles de acceso, etc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-02xx/CVE-2024-0238.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2024-0238",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:14.467",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:29:13.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata."
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 4.5.5 y el complemento EventON WordPress anterior a 2.2.7 no tienen autorizaci\u00f3n en una acci\u00f3n AJAX y no garantizan que la publicaci\u00f3n que se actualizar\u00e1 pertenezca al complemento, lo que permite a usuarios no autenticados actualizar metadatos de publicaciones arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-04xx/CVE-2024-0472.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0472",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T22:15:45.323",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:17:12.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Dormitory Management System 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo modifyuser.php. La manipulaci\u00f3n del argumento mname conduce a la divulgaci\u00f3n de informaci\u00f3n. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250577."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB96997-C333-49A4-87D2-456D89C2A56C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250577",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250577",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0473.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0473",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T22:15:45.533",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:16:50.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Dormitory Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo comment.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento com conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250578 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB96997-C333-49A4-87D2-456D89C2A56C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250578",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250578",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0474.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0474",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T23:15:08.890",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:23:04.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Dormitory Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo login.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento username conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250579."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB96997-C333-49A4-87D2-456D89C2A56C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250579",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250579",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0475.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0475",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T00:15:43.943",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:16:32.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Dormitory Management System 1.0. Una funci\u00f3n desconocida del archivo modifyuser.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento user_id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250580."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB96997-C333-49A4-87D2-456D89C2A56C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250580",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250580",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0477.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0477",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T06:15:49.150",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:20:29.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Fighting Cock Information System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /admin/action/update-deworm.php. La manipulaci\u00f3n del argumento use_deworm conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250582 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250582",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250582",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0478.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0478",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T07:15:07.327",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:20:44.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Fighting Cock Information System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /admin/pages/edit_chicken.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250583."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250583",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250583",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0484.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0484",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T11:15:12.030",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:23:24.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Fighting Cock Information System 1.0. Este problema afecta un procesamiento desconocido del archivo admin/action/update_mother.php. La manipulaci\u00f3n del argumento age_mother conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250589."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250589",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250589",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-04xx/CVE-2024-0485.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0485",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T11:15:12.937",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:22:14.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Fighting Cock Information System 1.0. Una funci\u00f3n desconocida del archivo admin/pages/tables/add_con.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250590 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250590",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250590",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-04xx/CVE-2024-0486.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0486",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T12:15:41.367",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:21:56.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Fighting Cock Information System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/action/add_con.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento chicken conduce a la inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250591."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250591",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250591",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-04xx/CVE-2024-0487.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0487",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T13:15:07.963",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:21:39.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Fighting Cock Information System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/action/delete-vaccine.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ref conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250592."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250592",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250592",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-04xx/CVE-2024-0488.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0488",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T13:15:08.237",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:21:21.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Fighting Cock Information System 1.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin/action/new-feed.php. La manipulaci\u00f3n del argumento type_feed conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250593."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250593",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250593",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-04xx/CVE-2024-0489.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0489",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T14:15:45.780",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:21:03.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Fighting Cock Information System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /admin/action/edit_chicken.php. La manipulaci\u00f3n del argumento ref conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250594 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0249E06A-469D-4F3E-9BDE-0A0EC6B58056"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250594",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250594",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-07xx/CVE-2024-0712.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0712",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T14:15:12.837",
"lastModified": "2024-01-19T14:15:12.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.251538",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.251538",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-07xx/CVE-2024-0713.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0713",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T14:15:13.277",
"lastModified": "2024-01-19T14:15:13.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.251539",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.251539",
"source": "cna@vuldb.com"
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20961.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20961",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:43.290",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:26:21.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20963.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20963",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:43.487",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:26:13.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Seguridad: Cifrado). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20965.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20965",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:43.660",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:26:06.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20967.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20967",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:43.837",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:50.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Replicaci\u00f3n). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) del servidor MySQL, as\u00ed como una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 5.5 (impactos en integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20969.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20969",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.007",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:42.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DDL). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) del servidor MySQL, as\u00ed como una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 5.5 (impactos en integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20971.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20971",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.177",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:31.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20973.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20973",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.350",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:24.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20975.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20975",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.520",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:11.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "0357E6DE-1715-4E89-81BD-F70421BBDB7E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20977.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20977",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:44.687",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:25:05.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20981.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20981",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:45.030",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:24:48.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DDL). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-209xx/CVE-2024-20983.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20983",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:45.200",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:24:38.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.34",
"matchCriteriaId": "3D1F6E20-725C-441F-A627-1D25159D0518"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20985.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20985",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:45.377",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-19T14:24:29.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: UDF). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o un fallo frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "AA4C99CA-6232-4CAF-97EB-39D1B5C815E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "55EB5D47-E7EB-422D-83FA-169FC1A6C265"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-224xx/CVE-2024-22402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.590",
"lastModified": "2024-01-19T01:51:14.027",
"lastModified": "2024-01-19T13:15:07.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. However subsequent API calls all failed correctly, so in most apps no additional information was leaked. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability."
"value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n para invitados Nextcloud es una utilidad para crear usuarios invitados que solo pueden ver los archivos compartidos con ellos. En las versiones afectadas, los usuarios pod\u00edan cargar la primera p\u00e1gina de aplicaciones a las que en realidad no se les permit\u00eda acceder. Sin embargo, todas las llamadas API posteriores fallaron correctamente, por lo que en la mayor\u00eda de las aplicaciones no se filtr\u00f3 informaci\u00f3n adicional. Dependiendo de la selecci\u00f3n de aplicaciones instaladas, esto puede presentar una omisi\u00f3n de permisos. Se recomienda actualizar la aplicaci\u00f3n Invitados a 2.4.1, 2.5.1 o 3.0.1. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

68
CVE-2024/CVE-2024-226xx/CVE-2024-22625.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22625",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T18:15:11.077",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:40:27.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=."
},
{
"lang": "es",
"value": "Complete Supplier Management System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /Supply_Management_System/admin/edit_category.php?id=."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-226xx/CVE-2024-22626.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22626",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T18:15:11.120",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:40:09.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=."
},
{
"lang": "es",
"value": "Complete Supplier Management System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /Supply_Management_System/admin/edit_retailer.php?id=."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-226xx/CVE-2024-22627.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22627",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T18:15:11.167",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:38:53.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=."
},
{
"lang": "es",
"value": "Complete Supplier Management System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /Supply_Management_System/admin/edit_distributor.php?id=."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:supplier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "836654A6-0614-4B2F-A556-E005AF4C7DE1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-226xx/CVE-2024-22628.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22628",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T18:15:11.220",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-19T14:33:00.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end="
},
{
"lang": "es",
"value": "Budget and Expense Tracker System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /expense_budget/admin/?page=reports/budget&amp;date_start=2023-12-28&amp;date_end="
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:budget_and_expense_tracker_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7203C-7821-4D0B-AC05-11CD952D6C68"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-228xx/CVE-2024-22876.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22876",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:13.510",
"lastModified": "2024-01-19T14:15:13.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-002.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-228xx/CVE-2024-22877.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22877",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T14:15:13.557",
"lastModified": "2024-01-19T14:15:13.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-001.md",
"source": "cve@mitre.org"
}
]
}

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-19T13:00:24.984353+00:00
2024-01-19T15:00:24.702129+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-19T12:15:08.683000+00:00
2024-01-19T14:54:30.993000+00:00
```
### Last Data Feed Release
@ -29,20 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236359
236371
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `12`
* [CVE-2024-21733](CVE-2024/CVE-2024-217xx/CVE-2024-21733.json) (`2024-01-19T11:15:08.043`)
* [CVE-2023-27168](CVE-2023/CVE-2023-271xx/CVE-2023-27168.json) (`2024-01-19T14:15:12.247`)
* [CVE-2023-43985](CVE-2023/CVE-2023-439xx/CVE-2023-43985.json) (`2024-01-19T14:15:12.317`)
* [CVE-2023-46351](CVE-2023/CVE-2023-463xx/CVE-2023-46351.json) (`2024-01-19T14:15:12.367`)
* [CVE-2023-50028](CVE-2023/CVE-2023-500xx/CVE-2023-50028.json) (`2024-01-19T14:15:12.413`)
* [CVE-2023-50030](CVE-2023/CVE-2023-500xx/CVE-2023-50030.json) (`2024-01-19T14:15:12.453`)
* [CVE-2023-51946](CVE-2023/CVE-2023-519xx/CVE-2023-51946.json) (`2024-01-19T14:15:12.500`)
* [CVE-2023-51947](CVE-2023/CVE-2023-519xx/CVE-2023-51947.json) (`2024-01-19T14:15:12.553`)
* [CVE-2023-51948](CVE-2023/CVE-2023-519xx/CVE-2023-51948.json) (`2024-01-19T14:15:12.663`)
* [CVE-2024-0712](CVE-2024/CVE-2024-07xx/CVE-2024-0712.json) (`2024-01-19T14:15:12.837`)
* [CVE-2024-0713](CVE-2024/CVE-2024-07xx/CVE-2024-0713.json) (`2024-01-19T14:15:13.277`)
* [CVE-2024-22876](CVE-2024/CVE-2024-228xx/CVE-2024-22876.json) (`2024-01-19T14:15:13.510`)
* [CVE-2024-22877](CVE-2024/CVE-2024-228xx/CVE-2024-22877.json) (`2024-01-19T14:15:13.557`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `46`
* [CVE-2024-0486](CVE-2024/CVE-2024-04xx/CVE-2024-0486.json) (`2024-01-19T14:21:56.513`)
* [CVE-2024-0485](CVE-2024/CVE-2024-04xx/CVE-2024-0485.json) (`2024-01-19T14:22:14.600`)
* [CVE-2024-0474](CVE-2024/CVE-2024-04xx/CVE-2024-0474.json) (`2024-01-19T14:23:04.517`)
* [CVE-2024-0484](CVE-2024/CVE-2024-04xx/CVE-2024-0484.json) (`2024-01-19T14:23:24.007`)
* [CVE-2024-20985](CVE-2024/CVE-2024-209xx/CVE-2024-20985.json) (`2024-01-19T14:24:29.627`)
* [CVE-2024-20983](CVE-2024/CVE-2024-209xx/CVE-2024-20983.json) (`2024-01-19T14:24:38.097`)
* [CVE-2024-20981](CVE-2024/CVE-2024-209xx/CVE-2024-20981.json) (`2024-01-19T14:24:48.497`)
* [CVE-2024-20977](CVE-2024/CVE-2024-209xx/CVE-2024-20977.json) (`2024-01-19T14:25:05.253`)
* [CVE-2024-20975](CVE-2024/CVE-2024-209xx/CVE-2024-20975.json) (`2024-01-19T14:25:11.520`)
* [CVE-2024-20973](CVE-2024/CVE-2024-209xx/CVE-2024-20973.json) (`2024-01-19T14:25:24.967`)
* [CVE-2024-20971](CVE-2024/CVE-2024-209xx/CVE-2024-20971.json) (`2024-01-19T14:25:31.020`)
* [CVE-2024-20969](CVE-2024/CVE-2024-209xx/CVE-2024-20969.json) (`2024-01-19T14:25:42.850`)
* [CVE-2024-20967](CVE-2024/CVE-2024-209xx/CVE-2024-20967.json) (`2024-01-19T14:25:50.880`)
* [CVE-2024-20965](CVE-2024/CVE-2024-209xx/CVE-2024-20965.json) (`2024-01-19T14:26:06.187`)
* [CVE-2024-20963](CVE-2024/CVE-2024-209xx/CVE-2024-20963.json) (`2024-01-19T14:26:13.473`)
* [CVE-2024-20961](CVE-2024/CVE-2024-209xx/CVE-2024-20961.json) (`2024-01-19T14:26:21.527`)
* [CVE-2024-0233](CVE-2024/CVE-2024-02xx/CVE-2024-0233.json) (`2024-01-19T14:28:14.077`)
* [CVE-2024-0235](CVE-2024/CVE-2024-02xx/CVE-2024-0235.json) (`2024-01-19T14:28:22.047`)
* [CVE-2024-0236](CVE-2024/CVE-2024-02xx/CVE-2024-0236.json) (`2024-01-19T14:28:41.540`)
* [CVE-2024-0237](CVE-2024/CVE-2024-02xx/CVE-2024-0237.json) (`2024-01-19T14:29:02.700`)
* [CVE-2024-0238](CVE-2024/CVE-2024-02xx/CVE-2024-0238.json) (`2024-01-19T14:29:13.280`)
* [CVE-2024-22628](CVE-2024/CVE-2024-226xx/CVE-2024-22628.json) (`2024-01-19T14:33:00.143`)
* [CVE-2024-22627](CVE-2024/CVE-2024-226xx/CVE-2024-22627.json) (`2024-01-19T14:38:53.237`)
* [CVE-2024-22626](CVE-2024/CVE-2024-226xx/CVE-2024-22626.json) (`2024-01-19T14:40:09.903`)
* [CVE-2024-22625](CVE-2024/CVE-2024-226xx/CVE-2024-22625.json) (`2024-01-19T14:40:27.910`)
## Download and Usage