admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-22T17:00:26.670467+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-22 17:00:30 +00:00
parent 34e40adc7a
commit 4387277377
41 changed files with 1600 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-39xx/CVE-2023-3966.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3966",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-22T13:15:07.770",
"lastModified": "2024-02-22T13:15:07.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3966",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363",
"source": "secalert@redhat.com"
}
]
}

63
CVE-2023/CVE-2023-443xx/CVE-2023-44379.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.060",
"lastModified": "2024-02-22T15:15:08.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_73283159",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"source": "security-advisories@github.com"
}
]
}

69
CVE-2023/CVE-2023-475xx/CVE-2023-47537.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47537",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-15T14:15:45.240",
"lastModified": "2024-02-15T14:28:20.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:26:01.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de certificado incorrecta en Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 y 7.4.0 - 7.4.1 permite que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en el Canal de comunicaci\u00f3n FortiLink entre el dispositivo FortiOS y FortiSwitch."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -46,10 +70,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "C119229A-3805-47C1-B3F9-AF1A4007A63B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.6",
"matchCriteriaId": "24D09A92-81EC-4003-B017-C67FC739EEBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17FE168A-0EA4-467C-91D2-87EB6D83917A"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-301",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-513xx/CVE-2023-51388.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.413",
"lastModified": "2024-02-22T16:15:53.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-mcqg-gqxr-hqgj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-513xx/CVE-2023-51389.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.623",
"lastModified": "2024-02-22T16:15:53.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/dromara/hertzbeat/commit/97c3f14446d1c96d1fc993df111684926b6cce17",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rmvr-9p5x-mm96",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51450.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-51450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.290",
"lastModified": "2024-02-22T15:15:08.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://basercms.net/security/JVN_09767360",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-516xx/CVE-2023-51653.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.800",
"lastModified": "2024-02-22T16:15:53.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/dromara/hertzbeat/commit/f794b0d82be49c596c04a042976446559eb315ef",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-gcmp-vf6v-59gg",
"source": "security-advisories@github.com"
}
]
}

41
CVE-2023/CVE-2023-524xx/CVE-2023-52437.json
View File

@ -2,47 +2,14 @@
"id": "CVE-2023-52437",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T21:15:08.107",
"lastModified": "2024-02-20T21:52:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T13:15:08.020",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\n\nThis reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74.\n\nThat commit introduced the following race and can cause system hung.\n\n md_write_start: raid5d:\n // mddev->in_sync == 1\n set \"MD_SB_CHANGE_PENDING\"\n // running before md_write_start wakeup it\n waiting \"MD_SB_CHANGE_PENDING\" cleared\n >>>>>>>>> hung\n wakeup mddev->thread\n ...\n waiting \"MD_SB_CHANGE_PENDING\" cleared\n >>>> hung, raid5d should clear this flag\n but get hung by same flag.\n\nThe issue reverted commit fixing is fixed by last patch in a new way."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0de40f76d567133b871cd6ad46bb87afbce46983",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84c39986fe6dd77aa15f08712339f5d4eb7dbe27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87165c64fe1a98bbab7280c58df3c83be2c98478",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aab69ef769707ad987ff905d79e0bd6591812580",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bed0acf330b2c50c688f6d9cfbcac2aa57a8e613",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bed9e27baf52a09b7ba2a3714f1e24e17ced386d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cfa46838285814c3a27faacf7357f0a65bb5d152",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e16a0bbdb7e590a6607b0d82915add738c03c069",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
"references": []
}

24
CVE-2024/CVE-2024-15xx/CVE-2024-1563.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1563",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.480",
"lastModified": "2024-02-22T15:15:08.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/",
"source": "security@mozilla.org"
}
]
}

67
CVE-2024/CVE-2024-17xx/CVE-2024-1708.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1708",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-02-21T16:15:50.233",
"lastModified": "2024-02-22T03:48:05.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-22T15:19:39.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker \n\nthe ability to execute remote code or directly impact confidential data or critical systems.\n\n"
},
{
"lang": "es",
"value": "ConnectWise ScreenConnect 23.9.7 y versiones anteriores se ven afectados por una vulnerabilidad de path traversal, que puede permitir a un atacante ejecutar c\u00f3digo remoto o afectar directamente a datos confidenciales o sistemas cr\u00edticos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.8",
"matchCriteriaId": "26FEBC12-2B0F-4F8F-BCB8-03683D71B37F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

112
CVE-2024/CVE-2024-17xx/CVE-2024-1709.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1709",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-02-21T16:15:50.420",
"lastModified": "2024-02-22T03:47:56.087",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-22T15:18:36.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems.\n\n"
},
{
"lang": "es",
"value": "ConnectWise ScreenConnect 23.9.7 y versiones anteriores se ven afectados por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo, que puede permitir a un atacante acceder directamente a informaci\u00f3n confidencial o sistemas cr\u00edticos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -46,46 +80,100 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.8",
"matchCriteriaId": "26FEBC12-2B0F-4F8F-BCB8-03683D71B37F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rapid7/metasploit-framework/pull/18870",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-206xx/CVE-2024-20667.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20667",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:47.377",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:30:25.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor Azure DevOps"
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:2019.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "E47C8F7E-E085-4C8C-A522-687F9B2C7B34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:2020.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A8F7E9F3-B3DC-4161-AA99-DF4E17599868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:2022.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B96825FF-D464-4430-A5FC-751500FB49F7"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-206xx/CVE-2024-20673.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20673",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:47.557",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:29:57.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Office"
}
],
"metrics": {
@ -34,10 +38,83 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*",
"matchCriteriaId": "DC9D0A78-9F16-41E0-910E-E93269DB9B30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:click-to-run:*:*:*",
"matchCriteriaId": "2C3B58F9-4BF5-4692-BBCB-1963A0A16CE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
"matchCriteriaId": "25D63F31-2978-4C24-B7CA-6A0398012700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "C971A8FC-3897-496D-BB9A-9E6C8A03AEA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3AA120-CE06-40A3-ADC4-C42077509287"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "89229922-0836-4CC2-AED2-107C3142D0EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-213xx/CVE-2024-21327.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21327",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:48.570",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:29:03.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting de Microsoft Dynamics 365 Customer Engagement"
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:customer_engagement:*:*:*",
"versionStartIncluding": "9.1",
"versionEndExcluding": "9.1.25.17",
"matchCriteriaId": "E8915EF8-6488-469E-AF02-7D9A61433A6F"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21327",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-213xx/CVE-2024-21328.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21328",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:48.740",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:28:31.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dynamics 365 Sales Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de ventas en Dynamics 365"
}
],
"metrics": {
@ -34,10 +38,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.1",
"versionEndExcluding": "9.1.25.17",
"matchCriteriaId": "B5249C78-D15C-446E-8853-A0B6C1CA7834"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21328",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-213xx/CVE-2024-21329.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21329",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:48.913",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:27:57.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Azure Connected Machine Agent Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del agente de m\u00e1quina conectada de Azure"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"matchCriteriaId": "892F1E31-9F80-4608-9B61-17505B393AEA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-213xx/CVE-2024-21342.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21342",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:49.803",
"lastModified": "2024-02-13T18:22:58.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:27:18.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Client Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del cliente DNS de Windows"
}
],
"metrics": {
@ -34,10 +38,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "6045E4CB-E5B8-4638-882C-BAD4C208A91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.709",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-223xx/CVE-2024-22393.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22393",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-22T10:15:08.340",
"lastModified": "2024-02-22T10:15:08.340",
"lastModified": "2024-02-22T16:15:53.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user\u00a0can cause such an attack by uploading an image when posting content.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. El ataque de inundaci\u00f3n de p\u00edxeles mediante la carga de archivos de p\u00edxeles de gran tama\u00f1o provocar\u00e1 que el servidor se quede sin memoria. Un usuario que haya iniciado sesi\u00f3n puede provocar un ataque de este tipo al cargar una imagen al publicar contenido. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.5], que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv",
"source": "security@apache.org"

20
CVE-2024/CVE-2024-230xx/CVE-2024-23094.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23094",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:46.830",
"lastModified": "2024-02-22T14:15:46.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TinkAnet/cve/blob/main/csrf3.md",
"source": "cve@mitre.org"
}
]
}

120
CVE-2024/CVE-2024-231xx/CVE-2024-23113.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23113",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-15T14:15:46.503",
"lastModified": "2024-02-15T14:28:20.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-22T15:33:00.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."
},
{
"lang": "es",
"value": "Un uso de cadena de formato controlada externamente en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, FortiProxy versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, versiones de FortiPAM 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, versiones de FortiSwitchManager 7.2.0 a 7.2.3, 7.0.0 a 7.0. 3 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de paquetes especialmente manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -46,10 +70,100 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.14",
"matchCriteriaId": "94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.8",
"matchCriteriaId": "406F8C48-85CE-46AF-BE5C-0ED9E3E16A39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndIncluding": "7.4.2",
"matchCriteriaId": "A8DD8789-6485-49E6-92D3-74004D9B6E9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.3",
"matchCriteriaId": "CF2B9FD3-9581-465E-A5E1-A1BCEFB0DFA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "094185B2-8DC1-46C2-B160-31BEEFDB2CC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.13",
"matchCriteriaId": "DF27CA2F-3F4C-4CCB-B832-0E792673C429"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.6",
"matchCriteriaId": "24D09A92-81EC-4003-B017-C67FC739EEBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndIncluding": "7.4.2",
"matchCriteriaId": "49C323D0-5B01-4DB2-AB98-7113D8E607B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "3BA2C6ED-2765-4B56-9B37-10C50BD32C75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "D0060F1F-527F-4E91-A59F-F3141977CB7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0927D1-F469-4344-B4C9-3190645F5899"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-24-029",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-233xx/CVE-2024-23349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23349",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-22T10:15:08.427",
"lastModified": "2024-02-22T10:15:08.427",
"lastModified": "2024-02-22T16:15:54.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. Ataque XSS cuando el usuario ingresa un resumen. Un usuario que haya iniciado sesi\u00f3n, al modificar su propia pregunta enviada, puede ingresar c\u00f3digo malicioso en el resumen para crear dicho ataque. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.5], que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/2",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg",
"source": "security@apache.org"

54
CVE-2024/CVE-2024-257xx/CVE-2024-25710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25710",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-19T09:15:37.943",
"lastModified": "2024-02-20T19:50:53.960",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-22T15:24:45.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3",
"versionEndExcluding": "1.26.0",
"matchCriteriaId": "3EF50821-2FCC-46EF-A55F-92BF58251310"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25828.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25828",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T16:15:54.100",
"lastModified": "2024-02-22T16:15:54.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sec-Kode/cve",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25850.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25850",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T15:15:08.540",
"lastModified": "2024-02-22T15:15:08.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netis-systems.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25851.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25851",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T15:15:08.590",
"lastModified": "2024-02-22T15:15:08.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netis-systems.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25873.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25873",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:46.897",
"lastModified": "2024-02-22T14:15:46.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.enhavo.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25874.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25874",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:46.947",
"lastModified": "2024-02-22T14:15:46.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.enhavo.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25875.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25875",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:46.990",
"lastModified": "2024-02-22T14:15:46.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-undertitel-v0.13.1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.enhavo.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25876.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25876",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.033",
"lastModified": "2024-02-22T14:15:47.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.enhavo.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-262xx/CVE-2024-26281.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26281",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.633",
"lastModified": "2024-02-22T15:15:08.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868005",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-262xx/CVE-2024-26282.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26282",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.683",
"lastModified": "2024-02-22T15:15:08.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863788",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-262xx/CVE-2024-26283.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26283",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.730",
"lastModified": "2024-02-22T15:15:08.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850158",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-262xx/CVE-2024-26284.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-26284",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.780",
"lastModified": "2024-02-22T15:15:08.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/",
"source": "security@mozilla.org"
}
]
}

59
CVE-2024/CVE-2024-263xx/CVE-2024-26308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26308",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-19T09:15:38.277",
"lastModified": "2024-02-20T19:50:53.960",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-22T15:21:36.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Asignaci\u00f3n de recursos sin l\u00edmites o vulnerabilidad de limitaci\u00f3n en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.21 antes de 1.26. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.26, que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,14 +50,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0",
"versionEndExcluding": "1.26.0",
"matchCriteriaId": "05574FCF-DB85-41AE-A8EF-4AC589755667"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-263xx/CVE-2024-26349.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26349",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.080",
"lastModified": "2024-02-22T14:15:47.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Icycu123/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-263xx/CVE-2024-26350.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26350",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.133",
"lastModified": "2024-02-22T14:15:47.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Icycu123/cms/blob/main/2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-263xx/CVE-2024-26351.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.177",
"lastModified": "2024-02-22T14:15:47.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Icycu123/cms/blob/main/4.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-263xx/CVE-2024-26352.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26352",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.220",
"lastModified": "2024-02-22T14:15:47.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Icycu123/cms/blob/main/3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-264xx/CVE-2024-26445.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26445",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:47.263",
"lastModified": "2024-02-22T14:15:47.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xiaolanjing0/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

10
CVE-2024/CVE-2024-265xx/CVE-2024-26578.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26578",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-22T10:15:08.503",
"lastModified": "2024-02-22T10:15:08.503",
"lastModified": "2024-02-22T16:15:54.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n simult\u00e1nea mediante recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('Condici\u00f3n de Ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. El env\u00edo repetido durante el registro result\u00f3 en el registro del mismo usuario. Cuando los usuarios se registran, si env\u00edan r\u00e1pidamente varios registros utilizando scripts, puede resultar en la creaci\u00f3n de varias cuentas de usuario simult\u00e1neamente con el mismo nombre. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.5], que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/3",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb",
"source": "security@apache.org"

57
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-22T13:02:05.206784+00:00
2024-02-22T17:00:26.670467+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-22T12:15:46.420000+00:00
2024-02-22T16:15:54.147000+00:00
```
### Last Data Feed Release
@ -29,26 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239207
239231
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `24`
* [CVE-2024-0220](CVE-2024/CVE-2024-02xx/CVE-2024-0220.json) (`2024-02-22T11:15:08.840`)
* [CVE-2024-1104](CVE-2024/CVE-2024-11xx/CVE-2024-1104.json) (`2024-02-22T12:15:46.033`)
* [CVE-2024-25021](CVE-2024/CVE-2024-250xx/CVE-2024-25021.json) (`2024-02-22T12:15:46.270`)
* [CVE-2024-26287](CVE-2024/CVE-2024-262xx/CVE-2024-26287.json) (`2024-02-22T12:15:46.420`)
* [CVE-2023-3966](CVE-2023/CVE-2023-39xx/CVE-2023-3966.json) (`2024-02-22T13:15:07.770`)
* [CVE-2023-44379](CVE-2023/CVE-2023-443xx/CVE-2023-44379.json) (`2024-02-22T15:15:08.060`)
* [CVE-2023-51450](CVE-2023/CVE-2023-514xx/CVE-2023-51450.json) (`2024-02-22T15:15:08.290`)
* [CVE-2023-51388](CVE-2023/CVE-2023-513xx/CVE-2023-51388.json) (`2024-02-22T16:15:53.413`)
* [CVE-2023-51389](CVE-2023/CVE-2023-513xx/CVE-2023-51389.json) (`2024-02-22T16:15:53.623`)
* [CVE-2023-51653](CVE-2023/CVE-2023-516xx/CVE-2023-51653.json) (`2024-02-22T16:15:53.800`)
* [CVE-2024-23094](CVE-2024/CVE-2024-230xx/CVE-2024-23094.json) (`2024-02-22T14:15:46.830`)
* [CVE-2024-25873](CVE-2024/CVE-2024-258xx/CVE-2024-25873.json) (`2024-02-22T14:15:46.897`)
* [CVE-2024-25874](CVE-2024/CVE-2024-258xx/CVE-2024-25874.json) (`2024-02-22T14:15:46.947`)
* [CVE-2024-25875](CVE-2024/CVE-2024-258xx/CVE-2024-25875.json) (`2024-02-22T14:15:46.990`)
* [CVE-2024-25876](CVE-2024/CVE-2024-258xx/CVE-2024-25876.json) (`2024-02-22T14:15:47.033`)
* [CVE-2024-26349](CVE-2024/CVE-2024-263xx/CVE-2024-26349.json) (`2024-02-22T14:15:47.080`)
* [CVE-2024-26350](CVE-2024/CVE-2024-263xx/CVE-2024-26350.json) (`2024-02-22T14:15:47.133`)
* [CVE-2024-26351](CVE-2024/CVE-2024-263xx/CVE-2024-26351.json) (`2024-02-22T14:15:47.177`)
* [CVE-2024-26352](CVE-2024/CVE-2024-263xx/CVE-2024-26352.json) (`2024-02-22T14:15:47.220`)
* [CVE-2024-26445](CVE-2024/CVE-2024-264xx/CVE-2024-26445.json) (`2024-02-22T14:15:47.263`)
* [CVE-2024-1563](CVE-2024/CVE-2024-15xx/CVE-2024-1563.json) (`2024-02-22T15:15:08.480`)
* [CVE-2024-25850](CVE-2024/CVE-2024-258xx/CVE-2024-25850.json) (`2024-02-22T15:15:08.540`)
* [CVE-2024-25851](CVE-2024/CVE-2024-258xx/CVE-2024-25851.json) (`2024-02-22T15:15:08.590`)
* [CVE-2024-26281](CVE-2024/CVE-2024-262xx/CVE-2024-26281.json) (`2024-02-22T15:15:08.633`)
* [CVE-2024-26282](CVE-2024/CVE-2024-262xx/CVE-2024-26282.json) (`2024-02-22T15:15:08.683`)
* [CVE-2024-26283](CVE-2024/CVE-2024-262xx/CVE-2024-26283.json) (`2024-02-22T15:15:08.730`)
* [CVE-2024-26284](CVE-2024/CVE-2024-262xx/CVE-2024-26284.json) (`2024-02-22T15:15:08.780`)
* [CVE-2024-25828](CVE-2024/CVE-2024-258xx/CVE-2024-25828.json) (`2024-02-22T16:15:54.100`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `16`
* [CVE-2023-1289](CVE-2023/CVE-2023-12xx/CVE-2023-1289.json) (`2024-02-22T11:15:07.980`)
* [CVE-2023-34151](CVE-2023/CVE-2023-341xx/CVE-2023-34151.json) (`2024-02-22T11:15:08.500`)
* [CVE-2023-5341](CVE-2023/CVE-2023-53xx/CVE-2023-5341.json) (`2024-02-22T11:15:08.650`)
* [CVE-2023-52437](CVE-2023/CVE-2023-524xx/CVE-2023-52437.json) (`2024-02-22T13:15:08.020`)
* [CVE-2023-47537](CVE-2023/CVE-2023-475xx/CVE-2023-47537.json) (`2024-02-22T15:26:01.937`)
* [CVE-2024-1709](CVE-2024/CVE-2024-17xx/CVE-2024-1709.json) (`2024-02-22T15:18:36.983`)
* [CVE-2024-1708](CVE-2024/CVE-2024-17xx/CVE-2024-1708.json) (`2024-02-22T15:19:39.123`)
* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-22T15:21:36.213`)
* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-22T15:24:45.240`)
* [CVE-2024-21342](CVE-2024/CVE-2024-213xx/CVE-2024-21342.json) (`2024-02-22T15:27:18.243`)
* [CVE-2024-21329](CVE-2024/CVE-2024-213xx/CVE-2024-21329.json) (`2024-02-22T15:27:57.770`)
* [CVE-2024-21328](CVE-2024/CVE-2024-213xx/CVE-2024-21328.json) (`2024-02-22T15:28:31.723`)
* [CVE-2024-21327](CVE-2024/CVE-2024-213xx/CVE-2024-21327.json) (`2024-02-22T15:29:03.963`)
* [CVE-2024-20673](CVE-2024/CVE-2024-206xx/CVE-2024-20673.json) (`2024-02-22T15:29:57.733`)
* [CVE-2024-20667](CVE-2024/CVE-2024-206xx/CVE-2024-20667.json) (`2024-02-22T15:30:25.733`)
* [CVE-2024-23113](CVE-2024/CVE-2024-231xx/CVE-2024-23113.json) (`2024-02-22T15:33:00.970`)
* [CVE-2024-22393](CVE-2024/CVE-2024-223xx/CVE-2024-22393.json) (`2024-02-22T16:15:53.987`)
* [CVE-2024-23349](CVE-2024/CVE-2024-233xx/CVE-2024-23349.json) (`2024-02-22T16:15:54.047`)
* [CVE-2024-26578](CVE-2024/CVE-2024-265xx/CVE-2024-26578.json) (`2024-02-22T16:15:54.147`)
## Download and Usage