From 45f8ea9865a630d3447f7135b74ce3857e69c41b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 31 Jan 2024 23:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-31T23:00:24.362575+00:00 --- CVE-2019/CVE-2019-57xx/CVE-2019-5736.json | 6 +- CVE-2022/CVE-2022-470xx/CVE-2022-47072.json | 20 +++++ CVE-2023/CVE-2023-337xx/CVE-2023-33759.json | 65 ++++++++++++++- CVE-2023/CVE-2023-337xx/CVE-2023-33760.json | 65 ++++++++++++++- CVE-2024/CVE-2024-11xx/CVE-2024-1117.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-213xx/CVE-2024-21336.json | 44 ++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21626.json | 67 ++++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23618.json | 68 +++++++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23624.json | 68 +++++++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23625.json | 68 +++++++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23646.json | 73 +++++++++++++++-- CVE-2024/CVE-2024-236xx/CVE-2024-23650.json | 63 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23651.json | 63 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23652.json | 63 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23653.json | 63 +++++++++++++++ CVE-2024/CVE-2024-247xx/CVE-2024-24747.json | 63 +++++++++++++++ README.md | 64 +++++---------- 17 files changed, 940 insertions(+), 71 deletions(-) create mode 100644 CVE-2022/CVE-2022-470xx/CVE-2022-47072.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1117.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21626.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23650.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23651.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23652.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23653.json create mode 100644 CVE-2024/CVE-2024-247xx/CVE-2024-24747.json diff --git a/CVE-2019/CVE-2019-57xx/CVE-2019-5736.json b/CVE-2019/CVE-2019-57xx/CVE-2019-5736.json index b2166845416..2f0821e87db 100644 --- a/CVE-2019/CVE-2019-57xx/CVE-2019-5736.json +++ b/CVE-2019/CVE-2019-57xx/CVE-2019-5736.json @@ -2,7 +2,7 @@ "id": "CVE-2019-5736", "sourceIdentifier": "cve@mitre.org", "published": "2019-02-11T19:29:00.297", - "lastModified": "2023-11-07T03:11:54.880", + "lastModified": "2024-01-31T21:15:08.063", "vulnStatus": "Modified", "descriptions": [ { @@ -585,6 +585,10 @@ "Third Party Advisory" ] }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6", + "source": "cve@mitre.org" + }, { "url": "http://www.securityfocus.com/bid/106976", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json new file mode 100644 index 00000000000..89dd6f72188 --- /dev/null +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-47072", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-31T21:15:08.440", + "lastModified": "2024-01-31T21:15:08.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DojoSecurity/Enterprise-Architect-SQL-Injection", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33759.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33759.json index 747cdff40c2..9ac75cbd4ef 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33759.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33759.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33759", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T08:15:08.637", - "lastModified": "2024-01-25T13:38:33.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:04:13.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "SpliceCom Maximiser Soft PBX v1.5 y anteriores no restringe los intentos de autenticaci\u00f3n excesivos, lo que permite a los atacantes eludir la autenticaci\u00f3n mediante un ataque de fuerza bruta." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:splicecom:maximiser_soft_pbx:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.5", + "matchCriteriaId": "94656EDD-537D-487B-BA78-713C34D9E4A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/twignet/splicecom", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33760.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33760.json index 52f558661ae..d9ad65772fc 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33760.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33760", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T08:15:08.707", - "lastModified": "2024-01-25T13:38:33.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:05:53.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Se descubri\u00f3 que SpliceCom Maximiser Soft PBX v1.5 y anteriores utiliza un certificado SSL predeterminado. Este problema puede permitir a los atacantes espiar las comunicaciones mediante un ataque de man-in-the-middle." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:splicecom:maximiser_soft_pbx:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.5", + "matchCriteriaId": "94656EDD-537D-487B-BA78-713C34D9E4A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/twignet/splicecom", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json new file mode 100644 index 00000000000..d8370abed91 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1117.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1117", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-31T21:15:08.500", + "lastModified": "2024-01-31T21:15:08.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/Liu1nbjddxu4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252475", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252475", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21336.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21336.json index bd698c9ca75..d0e6ecd496d 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21336.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21336.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21336", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T18:15:12.040", - "lastModified": "2024-01-26T18:29:26.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:08:30.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)" } ], "metrics": { @@ -34,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0.2277.83", + "matchCriteriaId": "00804700-C068-4562-9F64-4D348E1B76F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json new file mode 100644 index 00000000000..acb758f1f36 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-21626", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:53.780", + "lastModified": "2024-01-31T22:15:53.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-403" + }, + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/opencontainers/runc/releases/tag/v1.1.12", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json index 512ef6b1924..b9e3c8cfe71 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23618", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.263", - "lastModified": "2024-01-26T13:51:45.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:05:01.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -64,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -75,10 +105,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg6950ac2_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "705A2647-E324-45F4-9159-3899B7A8F3A7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg6950ac2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C886BE42-DD25-41A9-AEB9-64C123E09967" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/", - "source": "disclosures@exodusintel.com" + "source": "disclosures@exodusintel.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json index 2634068a77e..5864d05cc6b 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23624", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.397", - "lastModified": "2024-01-26T13:51:45.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:02:32.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -64,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -75,10 +105,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1650_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "655C33AE-0586-438E-8D67-3C61D1D932CA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D740DCDC-6FE9-44CC-80BF-B00EF94EC2BC" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/", - "source": "disclosures@exodusintel.com" + "source": "disclosures@exodusintel.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json index be576c5a787..907422c035b 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23625", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.620", - "lastModified": "2024-01-26T13:51:45.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:06:08.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -64,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "disclosures@exodusintel.com", "type": "Secondary", @@ -75,10 +105,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dap-1650_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "655C33AE-0586-438E-8D67-3C61D1D932CA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D740DCDC-6FE9-44CC-80BF-B00EF94EC2BC" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/", - "source": "disclosures@exodusintel.com" + "source": "disclosures@exodusintel.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23646.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23646.json index df4088b819c..0b1086c9b62 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23646.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23646.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23646", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-24T20:15:53.877", - "lastModified": "2024-01-25T01:59:45.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T21:10:54.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n" + }, + { + "lang": "es", + "value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. La aplicaci\u00f3n permite a los usuarios crear archivos zip a partir de archivos disponibles en el sitio. En la rama 1.x anterior a la versi\u00f3n 1.3.2, el par\u00e1metro `selectedIds` es susceptible a la inyecci\u00f3n SQL. Cualquier usuario de backend con permisos muy b\u00e1sicos puede ejecutar declaraciones SQL arbitrarias y as\u00ed alterar cualquier dato o escalar sus privilegios al menos al nivel de administrador. La versi\u00f3n 1.3.2 contiene una soluci\u00f3n para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +70,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.3.2", + "matchCriteriaId": "24A89A76-A47D-4D85-8E64-01F3B4EE170E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23650.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23650.json new file mode 100644 index 00000000000..0f89faaa654 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23650.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-23650", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:53.990", + "lastModified": "2024-01-31T22:15:53.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moby/buildkit/pull/4601", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/releases/tag/v0.12.5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23651.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23651.json new file mode 100644 index 00000000000..7006c1a6f9a --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23651.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-23651", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:54.183", + "lastModified": "2024-01-31T22:15:54.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moby/buildkit/pull/4604", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/releases/tag/v0.12.5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23652.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23652.json new file mode 100644 index 00000000000..2b80b0d9737 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23652.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-23652", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:54.377", + "lastModified": "2024-01-31T22:15:54.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moby/buildkit/pull/4603", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/releases/tag/v0.12.5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23653.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23653.json new file mode 100644 index 00000000000..13903bf3448 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23653.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-23653", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:54.600", + "lastModified": "2024-01-31T22:15:54.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/moby/buildkit/pull/4602", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/releases/tag/v0.12.5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24747.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24747.json new file mode 100644 index 00000000000..17013cf9f02 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24747.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-24747", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T22:15:54.813", + "lastModified": "2024-01-31T22:15:54.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/minio/minio/commit/0ae4915a9391ef4b3ec80f5fcdcf24ee6884e776", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/minio/minio/releases/tag/RELEASE.2024-01-31T20-20-33Z", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4e65deb29c6..b5826d9fe11 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-31T21:00:25.887100+00:00 +2024-01-31T23:00:24.362575+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-31T20:40:45.133000+00:00 +2024-01-31T22:15:54.813000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237245 +237253 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `8` -* [CVE-2023-28807](CVE-2023/CVE-2023-288xx/CVE-2023-28807.json) (`2024-01-31T20:15:44.903`) -* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-01-31T19:15:08.187`) -* [CVE-2024-21916](CVE-2024/CVE-2024-219xx/CVE-2024-21916.json) (`2024-01-31T19:15:08.427`) -* [CVE-2024-21917](CVE-2024/CVE-2024-219xx/CVE-2024-21917.json) (`2024-01-31T19:15:08.633`) -* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-01-31T19:15:08.820`) -* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-01-31T19:15:09.013`) -* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-01-31T19:15:09.270`) -* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-01-31T19:15:09.470`) -* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-01-31T19:15:09.650`) -* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-01-31T20:15:45.140`) -* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-01-31T20:15:45.367`) -* [CVE-2024-1115](CVE-2024/CVE-2024-11xx/CVE-2024-1115.json) (`2024-01-31T20:15:45.590`) -* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-01-31T20:15:45.807`) +* [CVE-2022-47072](CVE-2022/CVE-2022-470xx/CVE-2022-47072.json) (`2024-01-31T21:15:08.440`) +* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-01-31T21:15:08.500`) +* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-01-31T22:15:53.780`) +* [CVE-2024-23650](CVE-2024/CVE-2024-236xx/CVE-2024-23650.json) (`2024-01-31T22:15:53.990`) +* [CVE-2024-23651](CVE-2024/CVE-2024-236xx/CVE-2024-23651.json) (`2024-01-31T22:15:54.183`) +* [CVE-2024-23652](CVE-2024/CVE-2024-236xx/CVE-2024-23652.json) (`2024-01-31T22:15:54.377`) +* [CVE-2024-23653](CVE-2024/CVE-2024-236xx/CVE-2024-23653.json) (`2024-01-31T22:15:54.600`) +* [CVE-2024-24747](CVE-2024/CVE-2024-247xx/CVE-2024-24747.json) (`2024-01-31T22:15:54.813`) ### CVEs modified in the last Commit -Recently modified CVEs: `70` +Recently modified CVEs: `8` -* [CVE-2024-23508](CVE-2024/CVE-2024-235xx/CVE-2024-23508.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-24566](CVE-2024/CVE-2024-245xx/CVE-2024-24566.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-24579](CVE-2024/CVE-2024-245xx/CVE-2024-24579.json) (`2024-01-31T19:54:51.757`) -* [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-01-31T20:08:28.943`) -* [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-01-31T20:09:14.593`) -* [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-01-31T20:09:22.623`) -* [CVE-2024-21382](CVE-2024/CVE-2024-213xx/CVE-2024-21382.json) (`2024-01-31T20:10:16.277`) -* [CVE-2024-21326](CVE-2024/CVE-2024-213xx/CVE-2024-21326.json) (`2024-01-31T20:10:24.203`) -* [CVE-2024-0456](CVE-2024/CVE-2024-04xx/CVE-2024-0456.json) (`2024-01-31T20:12:00.077`) -* [CVE-2024-0736](CVE-2024/CVE-2024-07xx/CVE-2024-0736.json) (`2024-01-31T20:19:04.667`) -* [CVE-2024-0695](CVE-2024/CVE-2024-06xx/CVE-2024-0695.json) (`2024-01-31T20:20:20.147`) -* [CVE-2024-0693](CVE-2024/CVE-2024-06xx/CVE-2024-0693.json) (`2024-01-31T20:20:32.517`) -* [CVE-2024-22154](CVE-2024/CVE-2024-221xx/CVE-2024-22154.json) (`2024-01-31T20:20:56.647`) -* [CVE-2024-23616](CVE-2024/CVE-2024-236xx/CVE-2024-23616.json) (`2024-01-31T20:28:48.513`) -* [CVE-2024-23617](CVE-2024/CVE-2024-236xx/CVE-2024-23617.json) (`2024-01-31T20:29:19.920`) -* [CVE-2024-23619](CVE-2024/CVE-2024-236xx/CVE-2024-23619.json) (`2024-01-31T20:29:34.730`) -* [CVE-2024-23620](CVE-2024/CVE-2024-236xx/CVE-2024-23620.json) (`2024-01-31T20:29:50.697`) -* [CVE-2024-23621](CVE-2024/CVE-2024-236xx/CVE-2024-23621.json) (`2024-01-31T20:30:17.927`) -* [CVE-2024-23622](CVE-2024/CVE-2024-236xx/CVE-2024-23622.json) (`2024-01-31T20:30:40.207`) -* [CVE-2024-22099](CVE-2024/CVE-2024-220xx/CVE-2024-22099.json) (`2024-01-31T20:32:02.720`) -* [CVE-2024-23307](CVE-2024/CVE-2024-233xx/CVE-2024-23307.json) (`2024-01-31T20:38:12.743`) +* [CVE-2019-5736](CVE-2019/CVE-2019-57xx/CVE-2019-5736.json) (`2024-01-31T21:15:08.063`) +* [CVE-2023-33759](CVE-2023/CVE-2023-337xx/CVE-2023-33759.json) (`2024-01-31T21:04:13.810`) +* [CVE-2023-33760](CVE-2023/CVE-2023-337xx/CVE-2023-33760.json) (`2024-01-31T21:05:53.297`) +* [CVE-2024-23624](CVE-2024/CVE-2024-236xx/CVE-2024-23624.json) (`2024-01-31T21:02:32.867`) +* [CVE-2024-23618](CVE-2024/CVE-2024-236xx/CVE-2024-23618.json) (`2024-01-31T21:05:01.817`) +* [CVE-2024-23625](CVE-2024/CVE-2024-236xx/CVE-2024-23625.json) (`2024-01-31T21:06:08.260`) +* [CVE-2024-21336](CVE-2024/CVE-2024-213xx/CVE-2024-21336.json) (`2024-01-31T21:08:30.463`) +* [CVE-2024-23646](CVE-2024/CVE-2024-236xx/CVE-2024-23646.json) (`2024-01-31T21:10:54.027`) ## Download and Usage