admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-30T19:00:25.709460+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-30 19:00:29 +00:00
parent e617893afc
commit 47eaa41341
46 changed files with 2530 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-30T15:15:08.410",
"lastModified": "2024-01-30T18:15:46.910",
"vulnStatus": "Modified",
"descriptions": [
{
@ -108,6 +108,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c",
"source": "securities@openeuler.org"

6
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-01-30T15:15:08.533",
"lastModified": "2024-01-30T18:15:46.997",
"vulnStatus": "Modified",
"descriptions": [
{
@ -122,6 +122,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8",
"source": "securities@openeuler.org",

6
CVE-2023/CVE-2023-30xx/CVE-2023-3019.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3019",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:12.253",
"lastModified": "2024-01-25T20:15:35.763",
"lastModified": "2024-01-30T17:15:09.367",
"vulnStatus": "Modified",
"descriptions": [
{
@ -127,6 +127,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0404",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0569",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3019",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-35xx/CVE-2023-3567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:12.990",
"lastModified": "2024-01-25T20:15:36.107",
"lastModified": "2024-01-30T17:15:09.497",
"vulnStatus": "Modified",
"descriptions": [
{
@ -212,6 +212,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0448",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0575",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3567",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-37xx/CVE-2023-3772.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3772",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-25T16:15:11.660",
"lastModified": "2024-01-25T20:15:36.360",
"lastModified": "2024-01-30T17:15:09.637",
"vulnStatus": "Modified",
"descriptions": [
{
@ -201,6 +201,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0412",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0575",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3772",
"source": "secalert@redhat.com",

8
CVE-2023/CVE-2023-41xx/CVE-2023-4132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4132",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-03T15:15:32.833",
"lastModified": "2023-12-28T14:36:33.327",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-30T17:15:10.317",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -174,6 +174,10 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0575",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4132",
"source": "secalert@redhat.com",

4
CVE-2023/CVE-2023-457xx/CVE-2023-45779.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45779",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.673",
"lastModified": "2024-01-26T23:15:08.187",
"lastModified": "2024-01-30T18:15:47.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below:\n https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html \n https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 \n"
},
{
"lang": "es",

55
CVE-2023/CVE-2023-462xx/CVE-2023-46230.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46230",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-30T17:15:09.893",
"lastModified": "2024-01-30T17:15:09.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0111",
"source": "prodsec@splunk.com"
}
]
}

55
CVE-2023/CVE-2023-462xx/CVE-2023-46231.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46231",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-30T17:15:10.117",
"lastModified": "2024-01-30T17:15:10.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0110",
"source": "prodsec@splunk.com"
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47192",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.520",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:41:04.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de enlace de agente en el agente de seguridad Trend Micro Apex One podr\u00eda permitir que un atacante local escale privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1611/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47193",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.563",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:57:51.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47194."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1612/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47194",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.607",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:02:29.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47195."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1614/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47195",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.647",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:15:40.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47196."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1615/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47196",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.690",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:19:27.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47197."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1617/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47197",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.730",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:29:22.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47198."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1616/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47198",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.773",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:32:16.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47199."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1619/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-471xx/CVE-2023-47199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47199",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.820",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:33:49.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47193."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1620/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-472xx/CVE-2023-47200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47200",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.863",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:24:40.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n del origen del administrador de complementos en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47201."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "7A784073-28FF-4969-8CF5-8E39E15CCB77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1618/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2023/CVE-2023-51xx/CVE-2023-5178.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5178",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-01T17:15:11.920",
"lastModified": "2024-01-30T04:15:07.633",
"lastModified": "2024-01-30T17:15:10.483",
"vulnStatus": "Modified",
"descriptions": [
{
@ -269,6 +269,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0554",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0575",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5178",
"source": "secalert@redhat.com",

75
CVE-2023/CVE-2023-520xx/CVE-2023-52094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52094",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.293",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:37:53.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de updater link following en el agente Trend Micro Apex One podr\u00eda permitir que un atacante local abuse del actualizador para eliminar una carpeta arbitraria, lo que provocar\u00eda una escalada de privilegios locales en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12849",
"matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-028/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
CVE-2023/CVE-2023-522xx/CVE-2023-52221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52221",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:56.907",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:01:51.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ukrsolution:barcode_scanner_and_inventory_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.2",
"matchCriteriaId": "8F146A04-DD43-4E77-9642-C4BEE241783D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52324.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52324",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.337",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:40:32.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una vulnerabilidad de carga de archivos sin restricciones en Trend Micro Apex Central podr\u00eda permitir que un atacante remoto cree archivos arbitrarios en las instalaciones afectadas. Tenga en cuenta: aunque se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad, esta vulnerabilidad podr\u00eda explotarse cuando el atacante tenga un conjunto v\u00e1lido de credenciales. Adem\u00e1s, esta vulnerabilidad podr\u00eda usarse potencialmente en combinaci\u00f3n con otra vulnerabilidad para ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-077/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52325",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.383",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T18:45:29.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en uno de los widgets de Trend Micro Apex Central podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en las instalaciones afectadas. Tenga en cuenta: esta vulnerabilidad debe usarse junto con otra para explotar un sistema afectado. Adem\u00e1s, un atacante primero debe obtener un conjunto v\u00e1lido de credenciales en el sistema de destino para poder aprovechar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-024/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

59
CVE-2023/CVE-2023-62xx/CVE-2023-6258.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6258",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-30T17:15:10.657",
"lastModified": "2024-01-30T17:15:10.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1300"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/latchset/pkcs11-provider/pull/308",
"source": "secalert@redhat.com"
}
]
}

47
CVE-2024/CVE-2024-08xx/CVE-2024-0854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0854",
"sourceIdentifier": "security@synology.com",
"published": "2024-01-24T10:15:09.533",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:01:37.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@synology.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.1-69057-2",
"matchCriteriaId": "6B3B31E4-220A-42E8-9D67-CB0BC936E568"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_02",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1036.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1036",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T18:15:47.300",
"lastModified": "2024-01-30T18:15:47.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/X1ASzPP5rHel",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252311",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252311",
"source": "cna@vuldb.com"
}
]
}

43
CVE-2024/CVE-2024-213xx/CVE-2024-21388.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21388",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-30T18:15:48.140",
"lastModified": "2024-01-30T18:15:48.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388",
"source": "secure@microsoft.com"
}
]
}

47
CVE-2024/CVE-2024-221xx/CVE-2024-22134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22134",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:57.297",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:07:24.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:renzojohnson:contact_form_7_extension_for_mailchimp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.5.70",
"matchCriteriaId": "22E157CE-7190-4A2E-8F53-3686DE126BF2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-221xx/CVE-2024-22135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22135",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:57.500",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:34:58.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtoffee:order_export_\\&_order_import_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.4",
"matchCriteriaId": "D58EBEE4-E707-4A17-B288-C8709BC706FD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-221xx/CVE-2024-22152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22152",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:57.700",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:36:20.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtoffee:product_import_export_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.8",
"matchCriteriaId": "D534B9CC-6184-4432-9C7B-38459D0A0109"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-222xx/CVE-2024-22284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22284",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:57.893",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:43:02.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asgaros:asgaros_forum:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.0",
"matchCriteriaId": "FD85F36F-6478-4289-B319-3744387862EA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-222xx/CVE-2024-22294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22294",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:58.093",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:44:30.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ip2location:country_blocker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.33.4",
"matchCriteriaId": "EEE7ED7D-D8C2-48E2-B663-F80677858CBB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-223xx/CVE-2024-22301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22301",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:58.290",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:44:59.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eduva:albo_pretorio_online:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.6",
"matchCriteriaId": "BCFD425B-5F8F-40EE-862E-0F41CAC702A4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-223xx/CVE-2024-22308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22308",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T12:15:58.483",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T17:45:59.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.4.2",
"matchCriteriaId": "BFCFBC03-6936-4382-B56A-1220325E3778"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-232xx/CVE-2024-23208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23208",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.930",
"lastModified": "2024-01-26T18:15:12.463",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T17:32:04.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,145 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "20DD4CD0-D15F-44E0-8E95-FF57E2FCB24F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-232xx/CVE-2024-23210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23210",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.033",
"lastModified": "2024-01-26T18:15:12.530",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T17:21:38.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,145 @@
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda ver el n\u00famero de tel\u00e9fono de un usuario en los registros del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

155
CVE-2024/CVE-2024-232xx/CVE-2024-23211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23211",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.087",
"lastModified": "2024-01-26T18:15:12.603",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T17:07:02.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,47 +14,176 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de las preferencias del usuario. Este problema se solucion\u00f3 en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. La actividad de navegaci\u00f3n privada de un usuario puede ser visible en Configuraci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214056",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-232xx/CVE-2024-23218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23218",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.403",
"lastModified": "2024-01-26T18:15:12.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T17:56:02.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,145 @@
"value": "Se solucion\u00f3 un problema del canal lateral de temporizaci\u00f3n con mejoras en el c\u00e1lculo de tiempo constante en funciones criptogr\u00e1ficas. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Un atacante puede descifrar textos cifrados RSA PKCS#1 v1.5 heredados sin tener la clave privada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-236xx/CVE-2024-23647.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23647",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:10.913",
"lastModified": "2024-01-30T17:15:10.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23825.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23825",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:11.180",
"lastModified": "2024-01-30T17:15:11.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.0,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23838.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23838",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:11.437",
"lastModified": "2024-01-30T17:15:11.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23840.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23840",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:11.810",
"lastModified": "2024-01-30T17:15:11.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23841.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23841",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T18:15:48.313",
"lastModified": "2024-01-30T18:15:48.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24556.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24556",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T18:15:48.507",
"lastModified": "2024-01-30T18:15:48.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24565.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24565",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:12.110",
"lastModified": "2024-01-30T17:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96",
"source": "security-advisories@github.com"
}
]
}

92
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-30T17:00:24.805712+00:00
2024-01-30T19:00:25.709460+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-30T16:50:22.897000+00:00
2024-01-30T18:45:29.687000+00:00
```
### Last Data Feed Release
@ -29,64 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237140
237152
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `12`
* [CVE-2023-37518](CVE-2023/CVE-2023-375xx/CVE-2023-37518.json) (`2024-01-30T16:15:46.330`)
* [CVE-2024-24324](CVE-2024/CVE-2024-243xx/CVE-2024-24324.json) (`2024-01-30T15:15:09.277`)
* [CVE-2024-24325](CVE-2024/CVE-2024-243xx/CVE-2024-24325.json) (`2024-01-30T15:15:09.333`)
* [CVE-2024-24326](CVE-2024/CVE-2024-243xx/CVE-2024-24326.json) (`2024-01-30T15:15:09.380`)
* [CVE-2024-24327](CVE-2024/CVE-2024-243xx/CVE-2024-24327.json) (`2024-01-30T15:15:09.430`)
* [CVE-2024-24328](CVE-2024/CVE-2024-243xx/CVE-2024-24328.json) (`2024-01-30T15:15:09.487`)
* [CVE-2024-24329](CVE-2024/CVE-2024-243xx/CVE-2024-24329.json) (`2024-01-30T15:15:09.540`)
* [CVE-2024-24330](CVE-2024/CVE-2024-243xx/CVE-2024-24330.json) (`2024-01-30T15:15:09.597`)
* [CVE-2024-24331](CVE-2024/CVE-2024-243xx/CVE-2024-24331.json) (`2024-01-30T15:15:09.643`)
* [CVE-2024-24332](CVE-2024/CVE-2024-243xx/CVE-2024-24332.json) (`2024-01-30T15:15:09.693`)
* [CVE-2024-24333](CVE-2024/CVE-2024-243xx/CVE-2024-24333.json) (`2024-01-30T15:15:09.740`)
* [CVE-2024-0564](CVE-2024/CVE-2024-05xx/CVE-2024-0564.json) (`2024-01-30T15:15:08.687`)
* [CVE-2024-1034](CVE-2024/CVE-2024-10xx/CVE-2024-1034.json) (`2024-01-30T15:15:08.933`)
* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-01-30T16:15:47.123`)
* [CVE-2024-1035](CVE-2024/CVE-2024-10xx/CVE-2024-1035.json) (`2024-01-30T16:15:47.350`)
* [CVE-2024-21649](CVE-2024/CVE-2024-216xx/CVE-2024-21649.json) (`2024-01-30T16:15:47.653`)
* [CVE-2024-21653](CVE-2024/CVE-2024-216xx/CVE-2024-21653.json) (`2024-01-30T16:15:47.863`)
* [CVE-2024-21671](CVE-2024/CVE-2024-216xx/CVE-2024-21671.json) (`2024-01-30T16:15:48.090`)
* [CVE-2024-22193](CVE-2024/CVE-2024-221xx/CVE-2024-22193.json) (`2024-01-30T16:15:48.310`)
* [CVE-2024-22200](CVE-2024/CVE-2024-222xx/CVE-2024-22200.json) (`2024-01-30T16:15:48.553`)
* [CVE-2023-46230](CVE-2023/CVE-2023-462xx/CVE-2023-46230.json) (`2024-01-30T17:15:09.893`)
* [CVE-2023-46231](CVE-2023/CVE-2023-462xx/CVE-2023-46231.json) (`2024-01-30T17:15:10.117`)
* [CVE-2023-6258](CVE-2023/CVE-2023-62xx/CVE-2023-6258.json) (`2024-01-30T17:15:10.657`)
* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-01-30T17:15:10.913`)
* [CVE-2024-23825](CVE-2024/CVE-2024-238xx/CVE-2024-23825.json) (`2024-01-30T17:15:11.180`)
* [CVE-2024-23838](CVE-2024/CVE-2024-238xx/CVE-2024-23838.json) (`2024-01-30T17:15:11.437`)
* [CVE-2024-23840](CVE-2024/CVE-2024-238xx/CVE-2024-23840.json) (`2024-01-30T17:15:11.810`)
* [CVE-2024-24565](CVE-2024/CVE-2024-245xx/CVE-2024-24565.json) (`2024-01-30T17:15:12.110`)
* [CVE-2024-1036](CVE-2024/CVE-2024-10xx/CVE-2024-1036.json) (`2024-01-30T18:15:47.300`)
* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-01-30T18:15:48.140`)
* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-01-30T18:15:48.313`)
* [CVE-2024-24556](CVE-2024/CVE-2024-245xx/CVE-2024-24556.json) (`2024-01-30T18:15:48.507`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `33`
* [CVE-2023-44401](CVE-2023/CVE-2023-444xx/CVE-2023-44401.json) (`2024-01-30T16:31:33.093`)
* [CVE-2023-47034](CVE-2023/CVE-2023-470xx/CVE-2023-47034.json) (`2024-01-30T16:48:28.163`)
* [CVE-2023-47033](CVE-2023/CVE-2023-470xx/CVE-2023-47033.json) (`2024-01-30T16:50:22.897`)
* [CVE-2024-23347](CVE-2024/CVE-2024-233xx/CVE-2024-23347.json) (`2024-01-30T15:09:12.163`)
* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-30T15:18:57.190`)
* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-30T15:19:19.787`)
* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-30T15:19:33.147`)
* [CVE-2024-22415](CVE-2024/CVE-2024-224xx/CVE-2024-22415.json) (`2024-01-30T15:22:32.770`)
* [CVE-2024-22203](CVE-2024/CVE-2024-222xx/CVE-2024-22203.json) (`2024-01-30T15:30:42.923`)
* [CVE-2024-0752](CVE-2024/CVE-2024-07xx/CVE-2024-0752.json) (`2024-01-30T15:49:15.790`)
* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-30T15:54:23.863`)
* [CVE-2024-0754](CVE-2024/CVE-2024-07xx/CVE-2024-0754.json) (`2024-01-30T15:55:28.450`)
* [CVE-2024-23217](CVE-2024/CVE-2024-232xx/CVE-2024-23217.json) (`2024-01-30T15:58:49.633`)
* [CVE-2024-0745](CVE-2024/CVE-2024-07xx/CVE-2024-0745.json) (`2024-01-30T16:08:53.497`)
* [CVE-2024-23214](CVE-2024/CVE-2024-232xx/CVE-2024-23214.json) (`2024-01-30T16:10:13.890`)
* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-30T16:10:43.927`)
* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-30T16:16:51.227`)
* [CVE-2024-23215](CVE-2024/CVE-2024-232xx/CVE-2024-23215.json) (`2024-01-30T16:17:32.130`)
* [CVE-2024-23212](CVE-2024/CVE-2024-232xx/CVE-2024-23212.json) (`2024-01-30T16:21:23.323`)
* [CVE-2024-0748](CVE-2024/CVE-2024-07xx/CVE-2024-0748.json) (`2024-01-30T16:21:36.890`)
* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-30T16:26:53.437`)
* [CVE-2024-22076](CVE-2024/CVE-2024-220xx/CVE-2024-22076.json) (`2024-01-30T16:30:47.387`)
* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-30T16:35:49.257`)
* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-30T16:44:51.983`)
* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-30T16:49:20.873`)
* [CVE-2023-47200](CVE-2023/CVE-2023-472xx/CVE-2023-47200.json) (`2024-01-30T17:24:40.857`)
* [CVE-2023-47198](CVE-2023/CVE-2023-471xx/CVE-2023-47198.json) (`2024-01-30T17:32:16.743`)
* [CVE-2023-52094](CVE-2023/CVE-2023-520xx/CVE-2023-52094.json) (`2024-01-30T17:37:53.377`)
* [CVE-2023-47192](CVE-2023/CVE-2023-471xx/CVE-2023-47192.json) (`2024-01-30T17:41:04.340`)
* [CVE-2023-47193](CVE-2023/CVE-2023-471xx/CVE-2023-47193.json) (`2024-01-30T17:57:51.480`)
* [CVE-2023-47194](CVE-2023/CVE-2023-471xx/CVE-2023-47194.json) (`2024-01-30T18:02:29.137`)
* [CVE-2023-47195](CVE-2023/CVE-2023-471xx/CVE-2023-47195.json) (`2024-01-30T18:15:40.130`)
* [CVE-2023-45779](CVE-2023/CVE-2023-457xx/CVE-2023-45779.json) (`2024-01-30T18:15:47.110`)
* [CVE-2023-47196](CVE-2023/CVE-2023-471xx/CVE-2023-47196.json) (`2024-01-30T18:19:27.810`)
* [CVE-2023-47197](CVE-2023/CVE-2023-471xx/CVE-2023-47197.json) (`2024-01-30T18:29:22.343`)
* [CVE-2023-47199](CVE-2023/CVE-2023-471xx/CVE-2023-47199.json) (`2024-01-30T18:33:49.407`)
* [CVE-2023-52324](CVE-2023/CVE-2023-523xx/CVE-2023-52324.json) (`2024-01-30T18:40:32.970`)
* [CVE-2023-52325](CVE-2023/CVE-2023-523xx/CVE-2023-52325.json) (`2024-01-30T18:45:29.687`)
* [CVE-2024-0854](CVE-2024/CVE-2024-08xx/CVE-2024-0854.json) (`2024-01-30T17:01:37.127`)
* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-01-30T17:07:02.920`)
* [CVE-2024-22134](CVE-2024/CVE-2024-221xx/CVE-2024-22134.json) (`2024-01-30T17:07:24.310`)
* [CVE-2024-23210](CVE-2024/CVE-2024-232xx/CVE-2024-23210.json) (`2024-01-30T17:21:38.127`)
* [CVE-2024-23208](CVE-2024/CVE-2024-232xx/CVE-2024-23208.json) (`2024-01-30T17:32:04.487`)
* [CVE-2024-22135](CVE-2024/CVE-2024-221xx/CVE-2024-22135.json) (`2024-01-30T17:34:58.917`)
* [CVE-2024-22152](CVE-2024/CVE-2024-221xx/CVE-2024-22152.json) (`2024-01-30T17:36:20.533`)
* [CVE-2024-22284](CVE-2024/CVE-2024-222xx/CVE-2024-22284.json) (`2024-01-30T17:43:02.180`)
* [CVE-2024-22294](CVE-2024/CVE-2024-222xx/CVE-2024-22294.json) (`2024-01-30T17:44:30.747`)
* [CVE-2024-22301](CVE-2024/CVE-2024-223xx/CVE-2024-22301.json) (`2024-01-30T17:44:59.847`)
* [CVE-2024-22308](CVE-2024/CVE-2024-223xx/CVE-2024-22308.json) (`2024-01-30T17:45:59.927`)
* [CVE-2024-23218](CVE-2024/CVE-2024-232xx/CVE-2024-23218.json) (`2024-01-30T17:56:02.483`)
## Download and Usage