admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-12T19:00:25.236536+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-12 19:00:28 +00:00
parent 80ac7de3ff
commit 42a11c64f0
34 changed files with 1094 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2022/CVE-2022-343xx/CVE-2022-34310.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2022-34310",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T18:15:07.830",
"lastModified": "2024-02-12T18:15:07.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229441",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832922",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6832924",
"source": "psirt@us.ibm.com"
}
]
}

47
CVE-2022/CVE-2022-387xx/CVE-2022-38714.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-38714",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T18:15:08.057",
"lastModified": "2024-02-12T18:15:08.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235060",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6618039",
"source": "psirt@us.ibm.com"
}
]
}

58
CVE-2023/CVE-2023-255xx/CVE-2023-25543.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25543",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-06T07:15:08.170",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:12:13.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.14",
"matchCriteriaId": "008626FF-F9D3-483B-9958-AB7FD90CA2CC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-273xx/CVE-2023-27318.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27318",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2024-02-05T21:15:10.737",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:32:00.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through \n11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A \nsuccessful exploit could lead to a crash of the Local Distribution \nRouter (LDR) service.\n\n"
},
{
"lang": "es",
"value": "Las versiones 11.6.0 a 11.6.0.13 de StorageGRID (anteriormente StorageGRID Webscale) son susceptibles a una vulnerabilidad de denegaci\u00f3n de servicio (DoS). Un exploit exitoso podr\u00eda provocar una falla del servicio Local Distribution Router (LDR)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.6.0",
"versionEndIncluding": "11.6.0.13",
"matchCriteriaId": "0FFDCB61-5109-4662-A5FB-DDC7C093186F"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20240202-0012/",
"source": "security-alert@netapp.com"
"source": "security-alert@netapp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-60xx/CVE-2023-6036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6036",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:07.983",
"lastModified": "2024-02-12T16:15:07.983",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6081",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.063",
"lastModified": "2024-02-12T16:15:08.063",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6082",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.120",
"lastModified": "2024-02-12T16:15:08.120",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-62xx/CVE-2023-6294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6294",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.167",
"lastModified": "2024-02-12T16:15:08.167",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-64xx/CVE-2023-6499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6499",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.230",
"lastModified": "2024-02-12T16:15:08.230",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6501.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6501",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.283",
"lastModified": "2024-02-12T16:15:08.283",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6591",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.337",
"lastModified": "2024-02-12T16:15:08.337",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

16
CVE-2023/CVE-2023-67xx/CVE-2023-6780.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6780",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.917",
"lastModified": "2024-02-09T19:26:02.607",
"lastModified": "2024-02-12T18:57:56.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",

4
CVE-2023/CVE-2023-72xx/CVE-2023-7233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7233",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.390",
"lastModified": "2024-02-12T16:15:08.390",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-02xx/CVE-2024-0248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0248",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.443",
"lastModified": "2024-02-12T16:15:08.443",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-02xx/CVE-2024-0250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0250",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.500",
"lastModified": "2024-02-12T16:15:08.500",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.557",
"lastModified": "2024-02-12T16:15:08.557",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0421",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.620",
"lastModified": "2024-02-12T16:15:08.620",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0566",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.673",
"lastModified": "2024-02-12T16:15:08.673",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2024/CVE-2024-08xx/CVE-2024-0895.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0895",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-03T06:15:47.777",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:03:38.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The PDF Flipbook, 3D Flipbook \u2013 DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento PDF Flipbook, 3D Flipbook \u2013 DearFlip para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n del esquema en todas las versiones hasta la 2.2.26 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los datos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dearhive:pdf_flipbook\\,_3d_flipbook:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.26",
"matchCriteriaId": "9E1736EB-80CC-40ED-BF61-408870381A0E"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-10xx/CVE-2024-1064.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1064",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-03T09:15:11.250",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T18:42:14.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header"
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de encabezado de host en el componente del controlador HTTP de Crafty Controller permite a un atacante remoto no autenticado desencadenar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un encabezado de host modificado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +80,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftycontrol:crafty_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.2.2",
"matchCriteriaId": "FC44F335-507F-4CCD-A517-C200C120F091"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/crafty-controller/crafty-4/-/issues/327",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

76
CVE-2024/CVE-2024-11xx/CVE-2024-1194.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T21:15:08.413",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:34:23.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Armcode AlienIP 2.41 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Locate Host Handler es afectada por esta funci\u00f3n. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible lanzar el ataque al servidor local. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252684. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:armcode:alienip:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B50A3179-4C11-44E3-A96E-38AD6A47D933"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/25-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252684",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.252684",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-11xx/CVE-2024-1195.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T22:15:25.757",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:33:51.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en iTop VPN hasta 4.0.0.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda ITopVpnCallbackProcess.sys del componente IOCTL Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque debe abordarse localmente. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252685. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iobit:itop_vpn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0.1",
"matchCriteriaId": "62034783-DD4D-4989-B145-75BA708E41F0"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252685",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.252685",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.youtube.com/watch?v=JdQMINPVJd8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
}
]
}

61
CVE-2024/CVE-2024-11xx/CVE-2024-1198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1198",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T00:15:44.220",
"lastModified": "2024-02-09T20:15:54.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:33:30.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.3",
"matchCriteriaId": "A88E17CB-93CA-46A4-9F90-8F18ECCAE32B"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/qFXZZfp1NLa3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252696",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.252696",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-11xx/CVE-2024-1199.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1199",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T00:15:44.447",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:33:06.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \\employee-tasks-php\\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en CodeAstro Employee Task Management System 1.0 y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida del archivo \\employee-tasks-php\\attendance-info.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento aten_id conduce a una denegaci\u00f3n de servicio. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252697."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_task_management_system_project:employee_task_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "730BF1E8-9D6D-4F70-8684-ABC3862873CE"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qq.com/doc/DYnhIWEdkZXViTXdD",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.252697",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.252697",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-12xx/CVE-2024-1200.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1200",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T02:15:52.943",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:35:01.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Jspxcms 10.2.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /template/1/default/ es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252698 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CC8654-4A79-4A1D-8AFA-C8309ED94FCD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252698",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.252698",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
CVE-2024/CVE-2024-12xx/CVE-2024-1225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1225",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-05T13:15:58.977",
"lastModified": "2024-02-09T20:15:54.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:09:34.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qibosoft:qibocms_x1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.6",
"matchCriteriaId": "B67BDA0D-E469-435C-AD9C-B2AABB811700"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/jDWk6INLzO12",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252847",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252847",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2024/CVE-2024-228xx/CVE-2024-22853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22853",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T02:15:08.757",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:50:31.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 tiene una contrase\u00f1a codificada para la cuenta Alphanetworks, que permite a atacantes remotos obtener acceso root a trav\u00e9s de una sesi\u00f3n de telnet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*",
"matchCriteriaId": "11857770-E809-483A-993F-1C827428B334"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:go-rt-ac750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE067003-B0B5-4419-8BB3-A31C015276D0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-230xx/CVE-2024-23049.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-23049",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T23:15:08.463",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:17:31.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component."
},
{
"lang": "es",
"value": "Un problema en Symphony v.3.6.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente log4j."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:b3log:symphony:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.6.3",
"matchCriteriaId": "DB80FFE7-5262-4C69-A9E7-53C5895E126F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/88250/symphony/issues/82",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

65
CVE-2024/CVE-2024-241xx/CVE-2024-24112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24112",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T01:15:09.700",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:36:55.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 que xmall v1.1 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro orderDir."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exrick:xmall:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E46154B1-2E17-432C-839B-1F13469BCA05"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Exrick/xmall/issues/78",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Product"
]
}
]
}

10
CVE-2024/CVE-2024-242xx/CVE-2024-24258.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-24258",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.083",
"lastModified": "2024-02-07T23:01:10.597",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-12T17:15:08.140",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function."
"value": "freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function."
},
{
"lang": "es",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/freeglut/freeglut/pull/155",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md",
"source": "cve@mitre.org",

10
CVE-2024/CVE-2024-242xx/CVE-2024-24259.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-24259",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.133",
"lastModified": "2024-02-07T23:01:25.850",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-12T17:15:08.220",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function."
"value": "freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function."
},
{
"lang": "es",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/freeglut/freeglut/pull/155",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md",
"source": "cve@mitre.org",

77
CVE-2024/CVE-2024-244xx/CVE-2024-24482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24482",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T05:15:10.007",
"lastModified": "2024-02-02T13:36:37.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T17:46:35.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Aprktool anterior a 2.9.3 en Windows permite ../ y /.. directory traversal. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apktool:apktool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.3",
"matchCriteriaId": "F7466617-07A9-4DBA-A6F5-BCB1E5D3C704"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-253xx/CVE-2024-25360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25360",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T16:15:08.730",
"lastModified": "2024-02-12T16:15:08.730",
"vulnStatus": "Received",
"lastModified": "2024-02-12T17:31:21.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-12T17:00:23.901745+00:00
2024-02-12T19:00:25.236536+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-12T16:55:42.290000+00:00
2024-02-12T18:57:56.580000+00:00
```
### Last Data Feed Release
@ -29,44 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238177
238179
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `2`
* [CVE-2023-6036](CVE-2023/CVE-2023-60xx/CVE-2023-6036.json) (`2024-02-12T16:15:07.983`)
* [CVE-2023-6081](CVE-2023/CVE-2023-60xx/CVE-2023-6081.json) (`2024-02-12T16:15:08.063`)
* [CVE-2023-6082](CVE-2023/CVE-2023-60xx/CVE-2023-6082.json) (`2024-02-12T16:15:08.120`)
* [CVE-2023-6294](CVE-2023/CVE-2023-62xx/CVE-2023-6294.json) (`2024-02-12T16:15:08.167`)
* [CVE-2023-6499](CVE-2023/CVE-2023-64xx/CVE-2023-6499.json) (`2024-02-12T16:15:08.230`)
* [CVE-2023-6501](CVE-2023/CVE-2023-65xx/CVE-2023-6501.json) (`2024-02-12T16:15:08.283`)
* [CVE-2023-6591](CVE-2023/CVE-2023-65xx/CVE-2023-6591.json) (`2024-02-12T16:15:08.337`)
* [CVE-2023-7233](CVE-2023/CVE-2023-72xx/CVE-2023-7233.json) (`2024-02-12T16:15:08.390`)
* [CVE-2024-1420](CVE-2024/CVE-2024-14xx/CVE-2024-1420.json) (`2024-02-12T15:15:07.733`)
* [CVE-2024-0248](CVE-2024/CVE-2024-02xx/CVE-2024-0248.json) (`2024-02-12T16:15:08.443`)
* [CVE-2024-0250](CVE-2024/CVE-2024-02xx/CVE-2024-0250.json) (`2024-02-12T16:15:08.500`)
* [CVE-2024-0420](CVE-2024/CVE-2024-04xx/CVE-2024-0420.json) (`2024-02-12T16:15:08.557`)
* [CVE-2024-0421](CVE-2024/CVE-2024-04xx/CVE-2024-0421.json) (`2024-02-12T16:15:08.620`)
* [CVE-2024-0566](CVE-2024/CVE-2024-05xx/CVE-2024-0566.json) (`2024-02-12T16:15:08.673`)
* [CVE-2024-25360](CVE-2024/CVE-2024-253xx/CVE-2024-25360.json) (`2024-02-12T16:15:08.730`)
* [CVE-2022-34310](CVE-2022/CVE-2022-343xx/CVE-2022-34310.json) (`2024-02-12T18:15:07.830`)
* [CVE-2022-38714](CVE-2022/CVE-2022-387xx/CVE-2022-38714.json) (`2024-02-12T18:15:08.057`)
### CVEs modified in the last Commit
Recently modified CVEs: `10`
Recently modified CVEs: `31`
* [CVE-2023-4637](CVE-2023/CVE-2023-46xx/CVE-2023-4637.json) (`2024-02-12T15:55:22.053`)
* [CVE-2023-6526](CVE-2023/CVE-2023-65xx/CVE-2023-6526.json) (`2024-02-12T16:00:51.520`)
* [CVE-2023-40544](CVE-2023/CVE-2023-405xx/CVE-2023-40544.json) (`2024-02-12T16:43:42.320`)
* [CVE-2023-42765](CVE-2023/CVE-2023-427xx/CVE-2023-42765.json) (`2024-02-12T16:44:16.617`)
* [CVE-2023-45213](CVE-2023/CVE-2023-452xx/CVE-2023-45213.json) (`2024-02-12T16:44:57.010`)
* [CVE-2023-45222](CVE-2023/CVE-2023-452xx/CVE-2023-45222.json) (`2024-02-12T16:45:27.167`)
* [CVE-2023-45227](CVE-2023/CVE-2023-452xx/CVE-2023-45227.json) (`2024-02-12T16:45:47.247`)
* [CVE-2023-45735](CVE-2023/CVE-2023-457xx/CVE-2023-45735.json) (`2024-02-12T16:46:48.997`)
* [CVE-2023-37528](CVE-2023/CVE-2023-375xx/CVE-2023-37528.json) (`2024-02-12T16:55:42.290`)
* [CVE-2024-24560](CVE-2024/CVE-2024-245xx/CVE-2024-24560.json) (`2024-02-12T15:23:42.867`)
* [CVE-2023-6501](CVE-2023/CVE-2023-65xx/CVE-2023-6501.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-6591](CVE-2023/CVE-2023-65xx/CVE-2023-6591.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-7233](CVE-2023/CVE-2023-72xx/CVE-2023-7233.json) (`2024-02-12T17:31:21.670`)
* [CVE-2023-27318](CVE-2023/CVE-2023-273xx/CVE-2023-27318.json) (`2024-02-12T17:32:00.683`)
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-12T18:57:56.580`)
* [CVE-2024-0895](CVE-2024/CVE-2024-08xx/CVE-2024-0895.json) (`2024-02-12T17:03:38.533`)
* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-12T17:09:34.727`)
* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-12T17:15:08.140`)
* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-12T17:15:08.220`)
* [CVE-2024-23049](CVE-2024/CVE-2024-230xx/CVE-2024-23049.json) (`2024-02-12T17:17:31.967`)
* [CVE-2024-0248](CVE-2024/CVE-2024-02xx/CVE-2024-0248.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0250](CVE-2024/CVE-2024-02xx/CVE-2024-0250.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0420](CVE-2024/CVE-2024-04xx/CVE-2024-0420.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0421](CVE-2024/CVE-2024-04xx/CVE-2024-0421.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-0566](CVE-2024/CVE-2024-05xx/CVE-2024-0566.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-25360](CVE-2024/CVE-2024-253xx/CVE-2024-25360.json) (`2024-02-12T17:31:21.670`)
* [CVE-2024-1199](CVE-2024/CVE-2024-11xx/CVE-2024-1199.json) (`2024-02-12T17:33:06.010`)
* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-12T17:33:30.703`)
* [CVE-2024-1195](CVE-2024/CVE-2024-11xx/CVE-2024-1195.json) (`2024-02-12T17:33:51.340`)
* [CVE-2024-1194](CVE-2024/CVE-2024-11xx/CVE-2024-1194.json) (`2024-02-12T17:34:23.970`)
* [CVE-2024-1200](CVE-2024/CVE-2024-12xx/CVE-2024-1200.json) (`2024-02-12T17:35:01.263`)
* [CVE-2024-24112](CVE-2024/CVE-2024-241xx/CVE-2024-24112.json) (`2024-02-12T17:36:55.950`)
* [CVE-2024-24482](CVE-2024/CVE-2024-244xx/CVE-2024-24482.json) (`2024-02-12T17:46:35.760`)
* [CVE-2024-22853](CVE-2024/CVE-2024-228xx/CVE-2024-22853.json) (`2024-02-12T17:50:31.950`)
* [CVE-2024-1064](CVE-2024/CVE-2024-10xx/CVE-2024-1064.json) (`2024-02-12T18:42:14.777`)
## Download and Usage