From 47eaa41341b0aa26443276d6afd22d85ed66e4bd Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 30 Jan 2024 19:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-30T19:00:25.709460+00:00 --- CVE-2021/CVE-2021-336xx/CVE-2021-33630.json | 6 +- CVE-2021/CVE-2021-336xx/CVE-2021-33631.json | 6 +- CVE-2023/CVE-2023-30xx/CVE-2023-3019.json | 6 +- CVE-2023/CVE-2023-35xx/CVE-2023-3567.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3772.json | 6 +- CVE-2023/CVE-2023-41xx/CVE-2023-4132.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45779.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46230.json | 55 +++++++ CVE-2023/CVE-2023-462xx/CVE-2023-46231.json | 55 +++++++ CVE-2023/CVE-2023-471xx/CVE-2023-47192.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47193.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47194.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47195.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47196.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47197.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47198.json | 75 +++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47199.json | 75 +++++++++- CVE-2023/CVE-2023-472xx/CVE-2023-47200.json | 75 +++++++++- CVE-2023/CVE-2023-51xx/CVE-2023-5178.json | 6 +- CVE-2023/CVE-2023-520xx/CVE-2023-52094.json | 75 +++++++++- CVE-2023/CVE-2023-522xx/CVE-2023-52221.json | 57 ++++++- CVE-2023/CVE-2023-523xx/CVE-2023-52324.json | 69 ++++++++- CVE-2023/CVE-2023-523xx/CVE-2023-52325.json | 69 ++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6258.json | 59 ++++++++ CVE-2024/CVE-2024-08xx/CVE-2024-0854.json | 47 +++++- CVE-2024/CVE-2024-10xx/CVE-2024-1036.json | 88 +++++++++++ CVE-2024/CVE-2024-213xx/CVE-2024-21388.json | 43 ++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22134.json | 47 +++++- CVE-2024/CVE-2024-221xx/CVE-2024-22135.json | 47 +++++- CVE-2024/CVE-2024-221xx/CVE-2024-22152.json | 47 +++++- CVE-2024/CVE-2024-222xx/CVE-2024-22284.json | 47 +++++- CVE-2024/CVE-2024-222xx/CVE-2024-22294.json | 47 +++++- CVE-2024/CVE-2024-223xx/CVE-2024-22301.json | 47 +++++- CVE-2024/CVE-2024-223xx/CVE-2024-22308.json | 57 ++++++- CVE-2024/CVE-2024-232xx/CVE-2024-23208.json | 128 ++++++++++++++-- CVE-2024/CVE-2024-232xx/CVE-2024-23210.json | 128 ++++++++++++++-- CVE-2024/CVE-2024-232xx/CVE-2024-23211.json | 155 ++++++++++++++++++-- CVE-2024/CVE-2024-232xx/CVE-2024-23218.json | 128 ++++++++++++++-- CVE-2024/CVE-2024-236xx/CVE-2024-23647.json | 59 ++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23825.json | 59 ++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23838.json | 59 ++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23840.json | 59 ++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23841.json | 59 ++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24556.json | 59 ++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24565.json | 59 ++++++++ README.md | 92 ++++++------ 46 files changed, 2530 insertions(+), 193 deletions(-) create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46230.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46231.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6258.json create mode 100644 CVE-2024/CVE-2024-10xx/CVE-2024-1036.json create mode 100644 CVE-2024/CVE-2024-213xx/CVE-2024-21388.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23647.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23825.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23838.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23840.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23841.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24556.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24565.json diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json index cbb77907ee7..a2470557ea5 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33630", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.653", - "lastModified": "2024-01-30T15:15:08.410", + "lastModified": "2024-01-30T18:15:46.910", "vulnStatus": "Modified", "descriptions": [ { @@ -108,6 +108,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c", "source": "securities@openeuler.org" diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json index f5c5aca61c1..7a6704ec18b 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33631", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.860", - "lastModified": "2024-01-30T15:15:08.533", + "lastModified": "2024-01-30T18:15:46.997", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8", "source": "securities@openeuler.org", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json index d3ef6537699..0a4f8f03c56 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3019", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.253", - "lastModified": "2024-01-25T20:15:35.763", + "lastModified": "2024-01-30T17:15:09.367", "vulnStatus": "Modified", "descriptions": [ { @@ -127,6 +127,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0404", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0569", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3019", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json index 1489b7ee59b..f7d0cc35ebc 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3567", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.990", - "lastModified": "2024-01-25T20:15:36.107", + "lastModified": "2024-01-30T17:15:09.497", "vulnStatus": "Modified", "descriptions": [ { @@ -212,6 +212,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0448", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0575", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3567", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json index 380e49c4527..cd0e213a698 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3772", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-25T16:15:11.660", - "lastModified": "2024-01-25T20:15:36.360", + "lastModified": "2024-01-30T17:15:09.637", "vulnStatus": "Modified", "descriptions": [ { @@ -201,6 +201,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0412", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0575", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3772", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4132.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4132.json index 5e207d0a6f3..02ca2bf4a45 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4132.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4132.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4132", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-03T15:15:32.833", - "lastModified": "2023-12-28T14:36:33.327", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-30T17:15:10.317", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -174,6 +174,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0575", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4132", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json index 3744d9abc8c..9da4f24c3bf 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45779", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.673", - "lastModified": "2024-01-26T23:15:08.187", + "lastModified": "2024-01-30T18:15:47.110", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below:\n https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html \n https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 \n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46230.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46230.json new file mode 100644 index 00000000000..c470108cfdb --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46230.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46230", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-30T17:15:09.893", + "lastModified": "2024-01-30T17:15:09.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0111", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46231.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46231.json new file mode 100644 index 00000000000..ea5c881d3a3 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46231.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46231", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-30T17:15:10.117", + "lastModified": "2024-01-30T17:15:10.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0110", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47192.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47192.json index 99d89a62f8f..e2124c43a8e 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47192.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47192.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47192", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.520", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:41:04.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de enlace de agente en el agente de seguridad Trend Micro Apex One podr\u00eda permitir que un atacante local escale privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1611/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json index d2d8878b0dd..7c26e25d01b 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47193", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.563", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:57:51.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47194." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1612/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47194.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47194.json index 4b27b0a30a1..66c83ae9c6f 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47194.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47194.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47194", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.607", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:02:29.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47195." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1614/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json index 992aa9c8408..63e574100f8 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47195", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.647", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:15:40.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47196." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1615/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47196.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47196.json index 82a8894d1b2..656bd0662e2 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47196.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47196.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47196", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.690", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:19:27.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47197." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1617/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47197.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47197.json index e0bb60297cf..7092db1570f 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47197.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47197.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47197", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.730", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:29:22.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47198." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1616/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47198.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47198.json index 3ee703f6683..2c5b00c0c20 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47198.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47198", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.773", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:32:16.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47199." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1619/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47199.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47199.json index 04e587f38b4..47e119a5c39 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47199.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47199", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.820", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:33:49.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n de origen en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47193." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "5D414F00-6C14-47B3-9858-3AE458F9289D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:on-premises:windows:*:*", + "matchCriteriaId": "84F26044-A0BB-442E-93BD-E836B4DD71F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1620/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47200.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47200.json index 6b144842179..f78ff83c35e 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47200.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47200.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47200", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.863", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:24:40.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de validaci\u00f3n del origen del administrador de complementos en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47201." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*", + "versionEndExcluding": "14.0.12737", + "matchCriteriaId": "7A784073-28FF-4969-8CF5-8E39E15CCB77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*", + "matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1618/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json index ebe864b7df3..1862e842420 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5178", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-01T17:15:11.920", - "lastModified": "2024-01-30T04:15:07.633", + "lastModified": "2024-01-30T17:15:10.483", "vulnStatus": "Modified", "descriptions": [ { @@ -269,6 +269,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0554", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0575", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5178", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json index abc74be9d56..ca8dab52331 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52094", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.293", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:37:53.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,80 @@ "value": "Una vulnerabilidad de updater link following en el agente Trend Micro Apex One podr\u00eda permitir que un atacante local abuse del actualizador para eliminar una carpeta arbitraria, lo que provocar\u00eda una escalada de privilegios locales en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*", + "versionEndExcluding": "14.0.12849", + "matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*", + "matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-028/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json index 96907606324..4062c80448c 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52221.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52221", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:56.907", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:01:51.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ukrsolution:barcode_scanner_and_inventory_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.5.2", + "matchCriteriaId": "8F146A04-DD43-4E77-9642-C4BEE241783D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52324.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52324.json index 3cc60d4dad2..95f5bdafde3 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52324.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52324.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52324", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.337", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:40:32.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Una vulnerabilidad de carga de archivos sin restricciones en Trend Micro Apex Central podr\u00eda permitir que un atacante remoto cree archivos arbitrarios en las instalaciones afectadas. Tenga en cuenta: aunque se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad, esta vulnerabilidad podr\u00eda explotarse cuando el atacante tenga un conjunto v\u00e1lido de credenciales. Adem\u00e1s, esta vulnerabilidad podr\u00eda usarse potencialmente en combinaci\u00f3n con otra vulnerabilidad para ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*", + "matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-077/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52325.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52325.json index 37c90e4247d..1c64be612fd 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52325.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52325", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.383", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T18:45:29.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en uno de los widgets de Trend Micro Apex Central podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en las instalaciones afectadas. Tenga en cuenta: esta vulnerabilidad debe usarse junto con otra para explotar un sistema afectado. Adem\u00e1s, un atacante primero debe obtener un conjunto v\u00e1lido de credenciales en el sistema de destino para poder aprovechar esta vulnerabilidad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*", + "matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-024/", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6258.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6258.json new file mode 100644 index 00000000000..d29fc1fab9f --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6258.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6258", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-30T17:15:10.657", + "lastModified": "2024-01-30T17:15:10.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1300" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/latchset/pkcs11-provider/pull/308", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0854.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0854.json index 0346029faa1..d7c2287f323 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0854.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0854.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0854", "sourceIdentifier": "security@synology.com", "published": "2024-01-24T10:15:09.533", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:01:37.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@synology.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.2.1-69057-2", + "matchCriteriaId": "6B3B31E4-220A-42E8-9D67-CB0BC936E568" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_02", - "source": "security@synology.com" + "source": "security@synology.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1036.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1036.json new file mode 100644 index 00000000000..4281d605556 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1036.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1036", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-30T18:15:47.300", + "lastModified": "2024-01-30T18:15:47.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/X1ASzPP5rHel", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252311", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252311", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json new file mode 100644 index 00000000000..bfce362bfa4 --- /dev/null +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21388", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-01-30T18:15:48.140", + "lastModified": "2024-01-30T18:15:48.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json index 8af47d7f455..5a42b75af53 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22134.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22134", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:57.297", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:07:24.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:renzojohnson:contact_form_7_extension_for_mailchimp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.5.70", + "matchCriteriaId": "22E157CE-7190-4A2E-8F53-3686DE126BF2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json index 5a349a9fcd1..81df9fd9c8e 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22135.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22135", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:57.500", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:34:58.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtoffee:order_export_\\&_order_import_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.4", + "matchCriteriaId": "D58EBEE4-E707-4A17-B288-C8709BC706FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json index 0322a31c8ac..8f4888137eb 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22152.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22152", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:57.700", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:36:20.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtoffee:product_import_export_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.8", + "matchCriteriaId": "D534B9CC-6184-4432-9C7B-38459D0A0109" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json index f51b295b810..13941b043ba 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22284.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22284", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:57.893", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:43:02.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:asgaros:asgaros_forum:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8.0", + "matchCriteriaId": "FD85F36F-6478-4289-B319-3744387862EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json index acd716d6d27..89094a45f93 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22294.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22294", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:58.093", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:44:30.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ip2location:country_blocker:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.33.4", + "matchCriteriaId": "EEE7ED7D-D8C2-48E2-B663-F80677858CBB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json index 76b055b35cc..83c4c9c127a 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22301.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22301", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:58.290", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:44:59.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eduva:albo_pretorio_online:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.6.6", + "matchCriteriaId": "BCFD425B-5F8F-40EE-862E-0F41CAC702A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json index 47c451f3935..57c93965ee1 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22308.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22308", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-24T12:15:58.483", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T17:45:59.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.2", + "matchCriteriaId": "BFCFBC03-6936-4382-B56A-1220325E3778" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23208.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23208.json index 872a10b1dbb..a2613a0ad35 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23208.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23208.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23208", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:10.930", - "lastModified": "2024-01-26T18:15:12.463", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T17:32:04.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,145 @@ "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "20DD4CD0-D15F-44E0-8E95-FF57E2FCB24F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/36", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/39", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/40", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23210.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23210.json index 78d87a62aec..5cfab61fa9b 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23210.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23210.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23210", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.033", - "lastModified": "2024-01-26T18:15:12.530", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T17:21:38.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,145 @@ "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda ver el n\u00famero de tel\u00e9fono de un usuario en los registros del sistema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/36", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/39", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/40", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json index c7d952b11d0..34946ad586e 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23211", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.087", - "lastModified": "2024-01-26T18:15:12.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T17:07:02.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,47 +14,176 @@ "value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de las preferencias del usuario. Este problema se solucion\u00f3 en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. La actividad de navegaci\u00f3n privada de un usuario puede ser visible en Configuraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartExcluding": "16.0", + "versionEndExcluding": "16.7.5", + "matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartExcluding": "17.0", + "versionEndExcluding": "17.3", + "matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartExcluding": "16.0", + "versionEndExcluding": "16.7.5", + "matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartExcluding": "17.0", + "versionEndExcluding": "17.3", + "matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/27", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/34", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/36", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/39", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214056", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214063", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23218.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23218.json index 9f00d339cce..bc15df0a2f2 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23218.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23218.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23218", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.403", - "lastModified": "2024-01-26T18:15:12.933", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T17:56:02.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,145 @@ "value": "Se solucion\u00f3 un problema del canal lateral de temporizaci\u00f3n con mejoras en el c\u00e1lculo de tiempo constante en funciones criptogr\u00e1ficas. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Un atacante puede descifrar textos cifrados RSA PKCS#1 v1.5 heredados sin tener la clave privada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.3", + "matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/36", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/39", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/40", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214060", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json new file mode 100644 index 00000000000..949bc79fc09 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23647", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T17:15:10.913", + "lastModified": "2024-01-30T17:15:10.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23825.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23825.json new file mode 100644 index 00000000000..f790c4d2dcf --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23825.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23825", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T17:15:11.180", + "lastModified": "2024-01-30T17:15:11.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23838.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23838.json new file mode 100644 index 00000000000..e9d67d7352e --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23838.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23838", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T17:15:11.437", + "lastModified": "2024-01-30T17:15:11.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23840.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23840.json new file mode 100644 index 00000000000..75828e829f6 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23840.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23840", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T17:15:11.810", + "lastModified": "2024-01-30T17:15:11.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json new file mode 100644 index 00000000000..264ef2132cf --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23841", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T18:15:48.313", + "lastModified": "2024-01-30T18:15:48.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json new file mode 100644 index 00000000000..2dfd4a4dca9 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24556", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T18:15:48.507", + "lastModified": "2024-01-30T18:15:48.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24565.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24565.json new file mode 100644 index 00000000000..c161b2a5e10 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24565.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24565", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-30T17:15:12.110", + "lastModified": "2024-01-30T17:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6dedf47e70d..f6e2e1ca0cd 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-30T17:00:24.805712+00:00 +2024-01-30T19:00:25.709460+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-30T16:50:22.897000+00:00 +2024-01-30T18:45:29.687000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237140 +237152 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `12` -* [CVE-2023-37518](CVE-2023/CVE-2023-375xx/CVE-2023-37518.json) (`2024-01-30T16:15:46.330`) -* [CVE-2024-24324](CVE-2024/CVE-2024-243xx/CVE-2024-24324.json) (`2024-01-30T15:15:09.277`) -* [CVE-2024-24325](CVE-2024/CVE-2024-243xx/CVE-2024-24325.json) (`2024-01-30T15:15:09.333`) -* [CVE-2024-24326](CVE-2024/CVE-2024-243xx/CVE-2024-24326.json) (`2024-01-30T15:15:09.380`) -* [CVE-2024-24327](CVE-2024/CVE-2024-243xx/CVE-2024-24327.json) (`2024-01-30T15:15:09.430`) -* [CVE-2024-24328](CVE-2024/CVE-2024-243xx/CVE-2024-24328.json) (`2024-01-30T15:15:09.487`) -* [CVE-2024-24329](CVE-2024/CVE-2024-243xx/CVE-2024-24329.json) (`2024-01-30T15:15:09.540`) -* [CVE-2024-24330](CVE-2024/CVE-2024-243xx/CVE-2024-24330.json) (`2024-01-30T15:15:09.597`) -* [CVE-2024-24331](CVE-2024/CVE-2024-243xx/CVE-2024-24331.json) (`2024-01-30T15:15:09.643`) -* [CVE-2024-24332](CVE-2024/CVE-2024-243xx/CVE-2024-24332.json) (`2024-01-30T15:15:09.693`) -* [CVE-2024-24333](CVE-2024/CVE-2024-243xx/CVE-2024-24333.json) (`2024-01-30T15:15:09.740`) -* [CVE-2024-0564](CVE-2024/CVE-2024-05xx/CVE-2024-0564.json) (`2024-01-30T15:15:08.687`) -* [CVE-2024-1034](CVE-2024/CVE-2024-10xx/CVE-2024-1034.json) (`2024-01-30T15:15:08.933`) -* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-01-30T16:15:47.123`) -* [CVE-2024-1035](CVE-2024/CVE-2024-10xx/CVE-2024-1035.json) (`2024-01-30T16:15:47.350`) -* [CVE-2024-21649](CVE-2024/CVE-2024-216xx/CVE-2024-21649.json) (`2024-01-30T16:15:47.653`) -* [CVE-2024-21653](CVE-2024/CVE-2024-216xx/CVE-2024-21653.json) (`2024-01-30T16:15:47.863`) -* [CVE-2024-21671](CVE-2024/CVE-2024-216xx/CVE-2024-21671.json) (`2024-01-30T16:15:48.090`) -* [CVE-2024-22193](CVE-2024/CVE-2024-221xx/CVE-2024-22193.json) (`2024-01-30T16:15:48.310`) -* [CVE-2024-22200](CVE-2024/CVE-2024-222xx/CVE-2024-22200.json) (`2024-01-30T16:15:48.553`) +* [CVE-2023-46230](CVE-2023/CVE-2023-462xx/CVE-2023-46230.json) (`2024-01-30T17:15:09.893`) +* [CVE-2023-46231](CVE-2023/CVE-2023-462xx/CVE-2023-46231.json) (`2024-01-30T17:15:10.117`) +* [CVE-2023-6258](CVE-2023/CVE-2023-62xx/CVE-2023-6258.json) (`2024-01-30T17:15:10.657`) +* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-01-30T17:15:10.913`) +* [CVE-2024-23825](CVE-2024/CVE-2024-238xx/CVE-2024-23825.json) (`2024-01-30T17:15:11.180`) +* [CVE-2024-23838](CVE-2024/CVE-2024-238xx/CVE-2024-23838.json) (`2024-01-30T17:15:11.437`) +* [CVE-2024-23840](CVE-2024/CVE-2024-238xx/CVE-2024-23840.json) (`2024-01-30T17:15:11.810`) +* [CVE-2024-24565](CVE-2024/CVE-2024-245xx/CVE-2024-24565.json) (`2024-01-30T17:15:12.110`) +* [CVE-2024-1036](CVE-2024/CVE-2024-10xx/CVE-2024-1036.json) (`2024-01-30T18:15:47.300`) +* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-01-30T18:15:48.140`) +* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-01-30T18:15:48.313`) +* [CVE-2024-24556](CVE-2024/CVE-2024-245xx/CVE-2024-24556.json) (`2024-01-30T18:15:48.507`) ### CVEs modified in the last Commit -Recently modified CVEs: `40` +Recently modified CVEs: `33` -* [CVE-2023-44401](CVE-2023/CVE-2023-444xx/CVE-2023-44401.json) (`2024-01-30T16:31:33.093`) -* [CVE-2023-47034](CVE-2023/CVE-2023-470xx/CVE-2023-47034.json) (`2024-01-30T16:48:28.163`) -* [CVE-2023-47033](CVE-2023/CVE-2023-470xx/CVE-2023-47033.json) (`2024-01-30T16:50:22.897`) -* [CVE-2024-23347](CVE-2024/CVE-2024-233xx/CVE-2024-23347.json) (`2024-01-30T15:09:12.163`) -* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-30T15:18:57.190`) -* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-30T15:19:19.787`) -* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-30T15:19:33.147`) -* [CVE-2024-22415](CVE-2024/CVE-2024-224xx/CVE-2024-22415.json) (`2024-01-30T15:22:32.770`) -* [CVE-2024-22203](CVE-2024/CVE-2024-222xx/CVE-2024-22203.json) (`2024-01-30T15:30:42.923`) -* [CVE-2024-0752](CVE-2024/CVE-2024-07xx/CVE-2024-0752.json) (`2024-01-30T15:49:15.790`) -* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-30T15:54:23.863`) -* [CVE-2024-0754](CVE-2024/CVE-2024-07xx/CVE-2024-0754.json) (`2024-01-30T15:55:28.450`) -* [CVE-2024-23217](CVE-2024/CVE-2024-232xx/CVE-2024-23217.json) (`2024-01-30T15:58:49.633`) -* [CVE-2024-0745](CVE-2024/CVE-2024-07xx/CVE-2024-0745.json) (`2024-01-30T16:08:53.497`) -* [CVE-2024-23214](CVE-2024/CVE-2024-232xx/CVE-2024-23214.json) (`2024-01-30T16:10:13.890`) -* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-30T16:10:43.927`) -* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-30T16:16:51.227`) -* [CVE-2024-23215](CVE-2024/CVE-2024-232xx/CVE-2024-23215.json) (`2024-01-30T16:17:32.130`) -* [CVE-2024-23212](CVE-2024/CVE-2024-232xx/CVE-2024-23212.json) (`2024-01-30T16:21:23.323`) -* [CVE-2024-0748](CVE-2024/CVE-2024-07xx/CVE-2024-0748.json) (`2024-01-30T16:21:36.890`) -* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-30T16:26:53.437`) -* [CVE-2024-22076](CVE-2024/CVE-2024-220xx/CVE-2024-22076.json) (`2024-01-30T16:30:47.387`) -* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-30T16:35:49.257`) -* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-30T16:44:51.983`) -* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-30T16:49:20.873`) +* [CVE-2023-47200](CVE-2023/CVE-2023-472xx/CVE-2023-47200.json) (`2024-01-30T17:24:40.857`) +* [CVE-2023-47198](CVE-2023/CVE-2023-471xx/CVE-2023-47198.json) (`2024-01-30T17:32:16.743`) +* [CVE-2023-52094](CVE-2023/CVE-2023-520xx/CVE-2023-52094.json) (`2024-01-30T17:37:53.377`) +* [CVE-2023-47192](CVE-2023/CVE-2023-471xx/CVE-2023-47192.json) (`2024-01-30T17:41:04.340`) +* [CVE-2023-47193](CVE-2023/CVE-2023-471xx/CVE-2023-47193.json) (`2024-01-30T17:57:51.480`) +* [CVE-2023-47194](CVE-2023/CVE-2023-471xx/CVE-2023-47194.json) (`2024-01-30T18:02:29.137`) +* [CVE-2023-47195](CVE-2023/CVE-2023-471xx/CVE-2023-47195.json) (`2024-01-30T18:15:40.130`) +* [CVE-2023-45779](CVE-2023/CVE-2023-457xx/CVE-2023-45779.json) (`2024-01-30T18:15:47.110`) +* [CVE-2023-47196](CVE-2023/CVE-2023-471xx/CVE-2023-47196.json) (`2024-01-30T18:19:27.810`) +* [CVE-2023-47197](CVE-2023/CVE-2023-471xx/CVE-2023-47197.json) (`2024-01-30T18:29:22.343`) +* [CVE-2023-47199](CVE-2023/CVE-2023-471xx/CVE-2023-47199.json) (`2024-01-30T18:33:49.407`) +* [CVE-2023-52324](CVE-2023/CVE-2023-523xx/CVE-2023-52324.json) (`2024-01-30T18:40:32.970`) +* [CVE-2023-52325](CVE-2023/CVE-2023-523xx/CVE-2023-52325.json) (`2024-01-30T18:45:29.687`) +* [CVE-2024-0854](CVE-2024/CVE-2024-08xx/CVE-2024-0854.json) (`2024-01-30T17:01:37.127`) +* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-01-30T17:07:02.920`) +* [CVE-2024-22134](CVE-2024/CVE-2024-221xx/CVE-2024-22134.json) (`2024-01-30T17:07:24.310`) +* [CVE-2024-23210](CVE-2024/CVE-2024-232xx/CVE-2024-23210.json) (`2024-01-30T17:21:38.127`) +* [CVE-2024-23208](CVE-2024/CVE-2024-232xx/CVE-2024-23208.json) (`2024-01-30T17:32:04.487`) +* [CVE-2024-22135](CVE-2024/CVE-2024-221xx/CVE-2024-22135.json) (`2024-01-30T17:34:58.917`) +* [CVE-2024-22152](CVE-2024/CVE-2024-221xx/CVE-2024-22152.json) (`2024-01-30T17:36:20.533`) +* [CVE-2024-22284](CVE-2024/CVE-2024-222xx/CVE-2024-22284.json) (`2024-01-30T17:43:02.180`) +* [CVE-2024-22294](CVE-2024/CVE-2024-222xx/CVE-2024-22294.json) (`2024-01-30T17:44:30.747`) +* [CVE-2024-22301](CVE-2024/CVE-2024-223xx/CVE-2024-22301.json) (`2024-01-30T17:44:59.847`) +* [CVE-2024-22308](CVE-2024/CVE-2024-223xx/CVE-2024-22308.json) (`2024-01-30T17:45:59.927`) +* [CVE-2024-23218](CVE-2024/CVE-2024-232xx/CVE-2024-23218.json) (`2024-01-30T17:56:02.483`) ## Download and Usage