From 453d9059d1ab71c1a44db42636b107ad4b9ffe1a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 15 Feb 2024 03:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-15T03:00:25.976820+00:00 --- CVE-2019/CVE-2019-137xx/CVE-2019-13720.json | 4 +- CVE-2019/CVE-2019-57xx/CVE-2019-5786.json | 4 +- CVE-2020/CVE-2020-159xx/CVE-2020-15999.json | 4 +- CVE-2020/CVE-2020-160xx/CVE-2020-16010.json | 4 +- CVE-2020/CVE-2020-65xx/CVE-2020-6572.json | 4 +- CVE-2021/CVE-2021-212xx/CVE-2021-21206.json | 4 +- CVE-2021/CVE-2021-305xx/CVE-2021-30533.json | 4 +- CVE-2021/CVE-2021-305xx/CVE-2021-30554.json | 4 +- CVE-2021/CVE-2021-379xx/CVE-2021-37973.json | 4 +- CVE-2021/CVE-2021-380xx/CVE-2021-38000.json | 4 +- CVE-2022/CVE-2022-06xx/CVE-2022-0609.json | 4 +- CVE-2022/CVE-2022-28xx/CVE-2022-2856.json | 4 +- CVE-2022/CVE-2022-30xx/CVE-2022-3038.json | 4 +- CVE-2022/CVE-2022-30xx/CVE-2022-3075.json | 4 +- CVE-2022/CVE-2022-41xx/CVE-2022-4135.json | 8 ++- CVE-2023/CVE-2023-468xx/CVE-2023-46837.json | 8 ++- CVE-2023/CVE-2023-503xx/CVE-2023-50387.json | 14 +++- CVE-2023/CVE-2023-508xx/CVE-2023-50868.json | 10 ++- CVE-2023/CVE-2023-521xx/CVE-2023-52138.json | 8 ++- CVE-2023/CVE-2023-52xx/CVE-2023-5217.json | 4 +- CVE-2023/CVE-2023-71xx/CVE-2023-7169.json | 57 ++++++++++++++- CVE-2024/CVE-2024-05xx/CVE-2024-0511.json | 64 +++++++++++++++-- CVE-2024/CVE-2024-09xx/CVE-2024-0965.json | 64 +++++++++++++++-- CVE-2024/CVE-2024-12xx/CVE-2024-1207.json | 64 +++++++++++++++-- CVE-2024/CVE-2024-15xx/CVE-2024-1523.json | 55 ++++++++++++++ CVE-2024/CVE-2024-213xx/CVE-2024-21351.json | 6 +- CVE-2024/CVE-2024-214xx/CVE-2024-21412.json | 6 +- CVE-2024/CVE-2024-226xx/CVE-2024-22667.json | 8 ++- CVE-2024/CVE-2024-244xx/CVE-2024-24488.json | 79 +++++++++++++++++++-- CVE-2024/CVE-2024-247xx/CVE-2024-24706.json | 56 +++++++++++++-- CVE-2024/CVE-2024-248xx/CVE-2024-24836.json | 47 +++++++++++- CVE-2024/CVE-2024-248xx/CVE-2024-24871.json | 47 +++++++++++- CVE-2024/CVE-2024-248xx/CVE-2024-24877.json | 47 +++++++++++- README.md | 46 ++++++++---- 34 files changed, 666 insertions(+), 88 deletions(-) create mode 100644 CVE-2024/CVE-2024-15xx/CVE-2024-1523.json diff --git a/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json b/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json index 7ab40376be9..5e96ad62c9c 100644 --- a/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json +++ b/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json @@ -2,12 +2,12 @@ "id": "CVE-2019-13720", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2019-11-25T15:15:33.887", - "lastModified": "2022-10-06T03:03:08.610", + "lastModified": "2024-02-15T02:00:01.647", "vulnStatus": "Analyzed", "cisaExploitAdd": "2022-05-23", "cisaActionDue": "2022-06-13", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chrome WebAudio Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2019/CVE-2019-57xx/CVE-2019-5786.json b/CVE-2019/CVE-2019-57xx/CVE-2019-5786.json index 5de674a30c9..fec90ddcb73 100644 --- a/CVE-2019/CVE-2019-57xx/CVE-2019-5786.json +++ b/CVE-2019/CVE-2019-57xx/CVE-2019-5786.json @@ -2,12 +2,12 @@ "id": "CVE-2019-5786", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2019-06-27T17:15:13.770", - "lastModified": "2023-11-07T03:12:11.333", + "lastModified": "2024-02-15T02:00:01.647", "vulnStatus": "Modified", "cisaExploitAdd": "2022-05-23", "cisaActionDue": "2022-06-13", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chrome Blink Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json b/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json index 58a6dbbe84e..12fa4a284e9 100644 --- a/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json +++ b/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json @@ -2,12 +2,12 @@ "id": "CVE-2020-15999", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2020-11-03T03:15:14.853", - "lastModified": "2024-01-15T14:15:23.853", + "lastModified": "2024-02-15T02:00:01.647", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Heap Buffer Overflow Vulnerability", + "cisaVulnerabilityName": "Google Chrome FreeType Heap Buffer Overflow Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-160xx/CVE-2020-16010.json b/CVE-2020/CVE-2020-160xx/CVE-2020-16010.json index 919a1a21a86..49a81f46228 100644 --- a/CVE-2020/CVE-2020-160xx/CVE-2020-16010.json +++ b/CVE-2020/CVE-2020-160xx/CVE-2020-16010.json @@ -2,12 +2,12 @@ "id": "CVE-2020-16010", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2020-11-03T03:15:15.603", - "lastModified": "2020-11-04T18:51:15.703", + "lastModified": "2024-02-15T02:00:01.647", "vulnStatus": "Analyzed", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome for Android Heap Overflow Vulnerability", + "cisaVulnerabilityName": "Google Chrome for Android UI Heap Buffer Overflow Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-65xx/CVE-2020-6572.json b/CVE-2020/CVE-2020-65xx/CVE-2020-6572.json index ad39025826d..4bc5bea7451 100644 --- a/CVE-2020/CVE-2020-65xx/CVE-2020-6572.json +++ b/CVE-2020/CVE-2020-65xx/CVE-2020-6572.json @@ -2,12 +2,12 @@ "id": "CVE-2020-6572", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-01-14T21:15:13.693", - "lastModified": "2021-01-21T20:00:24.710", + "lastModified": "2024-02-15T02:00:01.647", "vulnStatus": "Analyzed", "cisaExploitAdd": "2022-01-10", "cisaActionDue": "2022-07-10", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chrome Media Prior to 81.0.4044.92 Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-212xx/CVE-2021-21206.json b/CVE-2021/CVE-2021-212xx/CVE-2021-21206.json index 2bd9c67e934..beacee52120 100644 --- a/CVE-2021/CVE-2021-212xx/CVE-2021-21206.json +++ b/CVE-2021/CVE-2021-212xx/CVE-2021-21206.json @@ -2,12 +2,12 @@ "id": "CVE-2021-21206", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-04-26T17:15:08.213", - "lastModified": "2023-11-07T03:29:38.493", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chromium Blink Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-305xx/CVE-2021-30533.json b/CVE-2021/CVE-2021-305xx/CVE-2021-30533.json index 9f071017f78..f6d4177a95f 100644 --- a/CVE-2021/CVE-2021-305xx/CVE-2021-30533.json +++ b/CVE-2021/CVE-2021-305xx/CVE-2021-30533.json @@ -2,12 +2,12 @@ "id": "CVE-2021-30533", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-06-07T20:15:08.730", - "lastModified": "2023-11-07T03:33:04.943", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2022-06-27", "cisaActionDue": "2022-07-18", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Security Bypass Vulnerability", + "cisaVulnerabilityName": "Google Chromium PopupBlocker Security Bypass Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-305xx/CVE-2021-30554.json b/CVE-2021/CVE-2021-305xx/CVE-2021-30554.json index 5d3de2f027a..5c11fe918f5 100644 --- a/CVE-2021/CVE-2021-305xx/CVE-2021-30554.json +++ b/CVE-2021/CVE-2021-305xx/CVE-2021-30554.json @@ -2,12 +2,12 @@ "id": "CVE-2021-30554", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-07-02T19:15:07.893", - "lastModified": "2023-11-07T03:33:06.913", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chromium WebGL Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-379xx/CVE-2021-37973.json b/CVE-2021/CVE-2021-379xx/CVE-2021-37973.json index 229b2c63ed7..f1a1bdc53df 100644 --- a/CVE-2021/CVE-2021-379xx/CVE-2021-37973.json +++ b/CVE-2021/CVE-2021-379xx/CVE-2021-37973.json @@ -2,12 +2,12 @@ "id": "CVE-2021-37973", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-10-08T22:15:08.287", - "lastModified": "2023-11-07T03:37:06.263", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chromium Portals Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-380xx/CVE-2021-38000.json b/CVE-2021/CVE-2021-380xx/CVE-2021-38000.json index 845f8752c1e..74c05f3d80b 100644 --- a/CVE-2021/CVE-2021-380xx/CVE-2021-38000.json +++ b/CVE-2021/CVE-2021-380xx/CVE-2021-38000.json @@ -2,12 +2,12 @@ "id": "CVE-2021-38000", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-11-23T22:15:07.807", - "lastModified": "2023-11-07T03:37:07.667", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Improper Input Validation Vulnerability", + "cisaVulnerabilityName": "Google Chromium Intents Improper Input Validation Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-06xx/CVE-2022-0609.json b/CVE-2022/CVE-2022-06xx/CVE-2022-0609.json index 67cca336585..889e7f39f5c 100644 --- a/CVE-2022/CVE-2022-06xx/CVE-2022-0609.json +++ b/CVE-2022/CVE-2022-06xx/CVE-2022-0609.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0609", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2022-04-05T00:15:17.680", - "lastModified": "2022-04-08T17:14:12.533", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Analyzed", "cisaExploitAdd": "2022-02-15", "cisaActionDue": "2022-03-01", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chromium Animation Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2856.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2856.json index 009c517dd29..ad912d92b18 100644 --- a/CVE-2022/CVE-2022-28xx/CVE-2022-2856.json +++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2856.json @@ -2,12 +2,12 @@ "id": "CVE-2022-2856", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2022-09-26T16:15:11.207", - "lastModified": "2023-11-07T03:46:58.497", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2022-08-18", "cisaActionDue": "2022-09-08", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Intents Insufficient Input Validation Vulnerability", + "cisaVulnerabilityName": "Google Chromium Intents Insufficient Input Validation Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3038.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3038.json index e8512e1d467..c7fb0d0ad6c 100644 --- a/CVE-2022/CVE-2022-30xx/CVE-2022-3038.json +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3038.json @@ -2,12 +2,12 @@ "id": "CVE-2022-3038", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2022-09-26T16:15:11.793", - "lastModified": "2023-11-07T03:50:43.370", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2023-03-30", "cisaActionDue": "2023-04-20", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chrome Use-After-Free Vulnerability", + "cisaVulnerabilityName": "Google Chromium Network Service Use-After-Free Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3075.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3075.json index 1c1012914ef..265e9540366 100644 --- a/CVE-2022/CVE-2022-30xx/CVE-2022-3075.json +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3075.json @@ -2,12 +2,12 @@ "id": "CVE-2022-3075", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2022-09-26T16:15:13.463", - "lastModified": "2023-11-07T03:50:45.277", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2022-09-08", "cisaActionDue": "2022-09-29", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Insufficient Data Validation Vulnerability", + "cisaVulnerabilityName": "Google Chromium Mojo Insufficient Data Validation Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4135.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4135.json index 295def7a7ab..af53e15672d 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4135.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4135.json @@ -2,16 +2,20 @@ "id": "CVE-2022-4135", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2022-11-25T01:15:09.957", - "lastModified": "2023-05-03T12:16:39.523", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Modified", "cisaExploitAdd": "2022-11-28", "cisaActionDue": "2022-12-19", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Google Chromium Heap Buffer Overflow Vulnerability", + "cisaVulnerabilityName": "Google Chromium GPU Heap Buffer Overflow Vulnerability", "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "El desbordamiento del b\u00fafer de mont\u00f3n en GPU en Google Chrome anterior a 107.0.5304.121 permiti\u00f3 a un atacante remoto que hab\u00eda comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46837.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46837.json index c083884359c..c5df3a19f7b 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46837.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46837", "sourceIdentifier": "security@xen.org", "published": "2024-01-05T17:15:11.247", - "lastModified": "2024-01-11T17:08:38.737", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T02:15:49.733", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/", + "source": "security@xen.org" + }, { "url": "https://xenbits.xenproject.org/xsa/advisory-447.html", "source": "security@xen.org", diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json index c24992f8b66..c21b47669a3 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50387.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50387", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T16:15:45.300", - "lastModified": "2024-02-15T00:15:45.210", + "lastModified": "2024-02-15T01:15:07.977", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,14 @@ ], "metrics": {}, "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-50387", + "source": "cve@mitre.org" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", + "source": "cve@mitre.org" + }, { "url": "https://datatracker.ietf.org/doc/html/rfc4035", "source": "cve@mitre.org" @@ -32,6 +40,10 @@ "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "source": "cve@mitre.org" }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", + "source": "cve@mitre.org" + }, { "url": "https://news.ycombinator.com/item?id=39367411", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json index 120417d6dc0..32ef6ecfab0 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50868", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T16:15:45.377", - "lastModified": "2024-02-15T00:15:45.293", + "lastModified": "2024-02-15T01:15:08.047", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,14 @@ ], "metrics": {}, "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-50868", + "source": "cve@mitre.org" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826", + "source": "cve@mitre.org" + }, { "url": "https://datatracker.ietf.org/doc/html/rfc5155", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52138.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52138.json index 4643a88674b..f6a96d246a3 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52138.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52138.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52138", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-05T15:15:08.393", - "lastModified": "2024-02-13T00:37:13.493", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T02:15:49.843", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -117,6 +117,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IOJ3QWXTZGCXFEHP72ELY22PZ4AX2CB/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json index b065010b3b8..c0d5157d2ab 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.980", - "lastModified": "2024-02-02T18:22:32.903", + "lastModified": "2024-02-15T02:00:01.650", "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-10-02", "cisaActionDue": "2023-10-23", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", - "cisaVulnerabilityName": "Google Chrome libvpx Heap Buffer Overflow Vulnerability", + "cisaVulnerabilityName": "Google Chromium libvpx Heap Buffer Overflow Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7169.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7169.json index 04348982289..1e6651bf9f1 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7169.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7169.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7169", "sourceIdentifier": "security@snowsoftware.com", "published": "2024-02-08T13:15:08.417", - "lastModified": "2024-02-08T13:44:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:29:40.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@snowsoftware.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "security@snowsoftware.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0", + "matchCriteriaId": "5B149DB0-3F9E-42D1-B121-CF1DEF5063D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", - "source": "security@snowsoftware.com" + "source": "security@snowsoftware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0511.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0511.json index 5173ab82c05..a3b0d3188ee 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0511.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0511.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0511", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-08T06:15:51.423", - "lastModified": "2024-02-08T13:44:21.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T01:56:15.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.88", + "matchCriteriaId": "93085B8A-2E52-4B61-A114-D7DD96727501" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json index 79e34277239..9a86b309cd5 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0965", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-08T09:15:46.047", - "lastModified": "2024-02-08T13:44:21.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:00:27.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pluginsandsnippets:simple_page_access_restriction:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.21", + "matchCriteriaId": "13D15420-6A2D-4392-ABA4-4AF5EB6BBDA7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json index 44bbd69574b..f99c95d24eb 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1207", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-08T09:15:46.253", - "lastModified": "2024-02-08T13:44:21.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:05:42.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpbookingcalendar:booking_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "9.9.1", + "matchCriteriaId": "21DDCEF1-373E-48D0-B0E1-89746D515021" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1523.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1523.json new file mode 100644 index 00000000000..4a17602a4df --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1523.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1523", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-02-15T02:15:49.960", + "lastModified": "2024-02-15T02:15:49.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7672-7eeac-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21351.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21351.json index 64286253d17..62ad0fa7f39 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21351.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21351.json @@ -2,8 +2,12 @@ "id": "CVE-2024-21351", "sourceIdentifier": "secure@microsoft.com", "published": "2024-02-13T18:15:51.333", - "lastModified": "2024-02-13T18:22:58.333", + "lastModified": "2024-02-15T02:00:01.653", "vulnStatus": "Awaiting Analysis", + "cisaExploitAdd": "2024-02-13", + "cisaActionDue": "2024-03-05", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21412.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21412.json index 1652651c060..ce2044cec2d 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21412.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21412.json @@ -2,8 +2,12 @@ "id": "CVE-2024-21412", "sourceIdentifier": "secure@microsoft.com", "published": "2024-02-13T18:15:59.903", - "lastModified": "2024-02-13T18:22:43.577", + "lastModified": "2024-02-15T02:00:01.653", "vulnStatus": "Awaiting Analysis", + "cisaExploitAdd": "2024-02-13", + "cisaActionDue": "2024-03-05", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json index 8c0c0e4a840..9ffc236c3cd 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22667", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T08:15:44.110", - "lastModified": "2024-02-14T19:49:17.490", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T02:15:50.197", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24488.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24488.json index 86e91d47aea..bed70e84a6a 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24488.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24488.json @@ -2,19 +2,90 @@ "id": "CVE-2024-24488", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T20:15:49.467", - "lastModified": "2024-02-07T22:02:11.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:23:45.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component." + }, + { + "lang": "es", + "value": "Un problema en Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s del componente de contrase\u00f1a." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tendacn:cp3_firmware:11.10.00.2311090948:*:*:*:*:*:*:*", + "matchCriteriaId": "80C2B105-4531-4A52-BFAD-808AC7669875" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tendacn:cp3:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0B18DD11-F4F9-42E3-848C-B23AFDD725B1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/minj-ae/CVE-2024-24488", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json index 40f7973b19b..f3de3f22248 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24706.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24706", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-07T17:15:11.120", - "lastModified": "2024-02-07T17:38:33.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:09:50.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site request forgery (CSRF) en Forum One WP-CFM wp-cfm. Este problema afecta a WP-CFM: desde n/a hasta 1.7.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:forumone:wp-cfm:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.9", + "matchCriteriaId": "C059EAB7-0ECD-4B4A-9A61-D9A3D55C8541" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24836.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24836.json index 7fbc3f0ddd2..518b7ca2446 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24836.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24836.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24836", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-08T13:15:09.857", - "lastModified": "2024-02-08T13:44:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:40:53.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:whodunit:gdpr_data_request_form:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7", + "matchCriteriaId": "0E534307-F037-49C6-89B4-0FB46DBA3206" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/gdpr-data-request-form/wordpress-gdpr-data-request-form-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24871.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24871.json index a5ea6fbe832..382fcd90cec 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24871.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24871.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24871", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-08T13:15:10.060", - "lastModified": "2024-02-08T13:44:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:49:29.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:creativethemes:blocksy:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.19", + "matchCriteriaId": "A2CE9966-E7DA-4B43-BE8E-8D6D1733785A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24877.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24877.json index 9c385cfabd1..391ba41efbc 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24877.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24877.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24877", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-08T13:15:10.253", - "lastModified": "2024-02-08T13:44:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T02:53:41.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wonderplugin:wonder_slider_lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "047350A2-21E2-412D-ABDD-66F4AD054B3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 1114387bb16..8243e677953 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-15T00:55:25.301365+00:00 +2024-02-15T03:00:25.976820+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-15T00:15:45.347000+00:00 +2024-02-15T02:53:41.823000+00:00 ``` ### Last Data Feed Release @@ -23,33 +23,51 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-02-14T01:00:28.557652+00:00 +2024-02-15T01:00:28.246777+00:00 ``` ### Total Number of included CVEs ```plain -238605 +238606 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `1` -* [CVE-2022-48219](CVE-2022/CVE-2022-482xx/CVE-2022-48219.json) (`2024-02-14T23:15:07.960`) -* [CVE-2022-48220](CVE-2022/CVE-2022-482xx/CVE-2022-48220.json) (`2024-02-14T23:15:08.033`) -* [CVE-2023-6138](CVE-2023/CVE-2023-61xx/CVE-2023-6138.json) (`2024-02-14T23:15:08.093`) -* [CVE-2024-24300](CVE-2024/CVE-2024-243xx/CVE-2024-24300.json) (`2024-02-14T23:15:08.140`) -* [CVE-2024-24301](CVE-2024/CVE-2024-243xx/CVE-2024-24301.json) (`2024-02-14T23:15:08.190`) -* [CVE-2024-25620](CVE-2024/CVE-2024-256xx/CVE-2024-25620.json) (`2024-02-15T00:15:45.347`) +* [CVE-2024-1523](CVE-2024/CVE-2024-15xx/CVE-2024-1523.json) (`2024-02-15T02:15:49.960`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `32` -* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-15T00:15:45.210`) -* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-15T00:15:45.293`) +* [CVE-2021-30554](CVE-2021/CVE-2021-305xx/CVE-2021-30554.json) (`2024-02-15T02:00:01.650`) +* [CVE-2021-37973](CVE-2021/CVE-2021-379xx/CVE-2021-37973.json) (`2024-02-15T02:00:01.650`) +* [CVE-2021-38000](CVE-2021/CVE-2021-380xx/CVE-2021-38000.json) (`2024-02-15T02:00:01.650`) +* [CVE-2022-0609](CVE-2022/CVE-2022-06xx/CVE-2022-0609.json) (`2024-02-15T02:00:01.650`) +* [CVE-2022-2856](CVE-2022/CVE-2022-28xx/CVE-2022-2856.json) (`2024-02-15T02:00:01.650`) +* [CVE-2022-3038](CVE-2022/CVE-2022-30xx/CVE-2022-3038.json) (`2024-02-15T02:00:01.650`) +* [CVE-2022-3075](CVE-2022/CVE-2022-30xx/CVE-2022-3075.json) (`2024-02-15T02:00:01.650`) +* [CVE-2022-4135](CVE-2022/CVE-2022-41xx/CVE-2022-4135.json) (`2024-02-15T02:00:01.650`) +* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-15T01:15:07.977`) +* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-15T01:15:08.047`) +* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2024-02-15T02:00:01.650`) +* [CVE-2023-46837](CVE-2023/CVE-2023-468xx/CVE-2023-46837.json) (`2024-02-15T02:15:49.733`) +* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-15T02:15:49.843`) +* [CVE-2023-7169](CVE-2023/CVE-2023-71xx/CVE-2023-7169.json) (`2024-02-15T02:29:40.877`) +* [CVE-2024-0511](CVE-2024/CVE-2024-05xx/CVE-2024-0511.json) (`2024-02-15T01:56:15.227`) +* [CVE-2024-21351](CVE-2024/CVE-2024-213xx/CVE-2024-21351.json) (`2024-02-15T02:00:01.653`) +* [CVE-2024-21412](CVE-2024/CVE-2024-214xx/CVE-2024-21412.json) (`2024-02-15T02:00:01.653`) +* [CVE-2024-0965](CVE-2024/CVE-2024-09xx/CVE-2024-0965.json) (`2024-02-15T02:00:27.450`) +* [CVE-2024-1207](CVE-2024/CVE-2024-12xx/CVE-2024-1207.json) (`2024-02-15T02:05:42.313`) +* [CVE-2024-24706](CVE-2024/CVE-2024-247xx/CVE-2024-24706.json) (`2024-02-15T02:09:50.480`) +* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-15T02:15:50.197`) +* [CVE-2024-24488](CVE-2024/CVE-2024-244xx/CVE-2024-24488.json) (`2024-02-15T02:23:45.887`) +* [CVE-2024-24836](CVE-2024/CVE-2024-248xx/CVE-2024-24836.json) (`2024-02-15T02:40:53.413`) +* [CVE-2024-24871](CVE-2024/CVE-2024-248xx/CVE-2024-24871.json) (`2024-02-15T02:49:29.963`) +* [CVE-2024-24877](CVE-2024/CVE-2024-248xx/CVE-2024-24877.json) (`2024-02-15T02:53:41.823`) ## Download and Usage