admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-10T03:00:24.523736+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-10 03:00:28 +00:00
parent 09f6e6bb7b
commit 4d75780c02
37 changed files with 2519 additions and 1461 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1173
CVE-2006/CVE-2006-49xx/CVE-2006-4997.json
View File

File diff suppressed because it is too large Load Diff

85
CVE-2006/CVE-2006-67xx/CVE-2006-6767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2006-6767",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-01-16T19:28:00.000",
"lastModified": "2017-07-29T01:29:40.767",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:46:29.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-617"
}
]
}
@ -62,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oftpd:oftpd:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.3.6",
"matchCriteriaId": "4F1F2A9C-D38E-4BF5-ADCA-A441438B20DE"
"criteria": "cpe:2.3:a:time-travellers:oftpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.3.7",
"matchCriteriaId": "A521BBF2-D84D-47F7-A9AF-43F59514148A"
}
]
}
@ -72,25 +94,66 @@
}
],
"references": [
{
"url": "http://osvdb.org/32822",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/23790",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/23797",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1017517",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/22073",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/0198",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31520",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

437
CVE-2009/CVE-2009-16xx/CVE-2009-1699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-1699",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-06-10T18:00:00.517",
"lastModified": "2022-08-09T13:48:59.100",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:48:38.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,14 +70,13 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -64,262 +85,21 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "B6E139B2-65BD-4416-9D99-48E132BEC3A5"
"versionEndExcluding": "4.0",
"matchCriteriaId": "212BF588-5C81-4801-A76D-73FB1DE211EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917"
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "614C28E3-3645-4B20-95E5-42E7F123ADDB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -327,84 +107,33 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
}
]
},
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1"
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF"
}
]
}
@ -414,19 +143,34 @@
"references": [
{
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://osvdb.org/54972",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://scary.beasts.org/security/CESA-2009-006.html",
@ -442,6 +186,21 @@
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/35379",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/43068",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://support.apple.com/kb/HT3613",
"source": "cve@mitre.org",
@ -452,42 +211,68 @@
},
{
"url": "http://support.apple.com/kb/HT3639",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/35260",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/35321",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-857-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/1522",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/1621",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.vupen.com/english/advisories/2011/0212",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.exploit-db.com/exploits/8907",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2009/CVE-2009-23xx/CVE-2009-2367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2367",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-07-08T15:30:01.377",
"lastModified": "2017-08-17T01:30:44.693",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:59:01.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,13 +70,14 @@
"description": [
{
"lang": "en",
"value": "CWE-310"
"value": "CWE-338"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -62,6 +85,17 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:iomega:storcenter_pro_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A101BCBF-C92E-497F-8CEC-DA004D346FFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:iomega:storcenter_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A12049A9-6111-408D-84AD-432A1E8DD352"
}
@ -71,16 +105,37 @@
}
],
"references": [
{
"url": "http://osvdb.org/55586",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/35666",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51539",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

17
CVE-2016/CVE-2016-107xx/CVE-2016-10707.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10707",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-01-18T23:29:00.400",
"lastModified": "2018-02-02T17:26:01.947",
"lastModified": "2024-02-10T02:43:45.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-674"
}
]
}
@ -98,16 +98,15 @@
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
"url": "https://github.com/jquery/jquery/pull/3134",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
"Issue Tracking",
"Patch"
]
},
{

227
CVE-2016/CVE-2016-36xx/CVE-2016-3627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-3627",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-05-17T14:08:02.703",
"lastModified": "2018-10-30T16:27:32.030",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:43:04.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-674"
}
]
}
@ -171,80 +171,259 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*",
"matchCriteriaId": "8663D0AF-825D-48FC-8AED-498434A0AA76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:*",
"matchCriteriaId": "457955E5-41E5-4E17-8435-AA0F6F757A21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2016/May/10",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/84992",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1035335",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2994-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1292",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://security.gentoo.org/glsa/201701-37",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2016/dsa-3593",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.tenable.com/security/tns-2016-18",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

3
CVE-2019/CVE-2019-114xx/CVE-2019-11495.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-11495",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-10T18:15:12.463",
"lastModified": "2022-04-18T16:14:39.077",
"lastModified": "2024-02-10T02:54:05.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -97,6 +97,7 @@
"url": "https://www.couchbase.com/resources/security#SecurityAlerts",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}

116
CVE-2020/CVE-2020-246xx/CVE-2020-24682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24682",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-02T08:15:45.573",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:53:30.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
@ -50,10 +70,100 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.7.74",
"matchCriteriaId": "436F71CF-DD09-4E65-BB95-BF2C4A19E40A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8",
"versionEndExcluding": "4.8.6.30",
"matchCriteriaId": "04F8420B-E58C-4C17-B47B-15356571E650"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.9.4.92",
"matchCriteriaId": "0515B5D7-8B71-4D6E-B0E1-4E61B930A54E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_net\\/pvi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.7.7",
"matchCriteriaId": "2217CBD5-3C47-48F0-B820-478382164B6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_net\\/pvi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8",
"versionEndExcluding": "4.8.6",
"matchCriteriaId": "DD9047EE-9E8A-43F5-8DB5-3AE830E423C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_net\\/pvi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.9.4",
"matchCriteriaId": "742952BE-1FB2-478F-94A7-D32F4A063992"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf",
"source": "cybersecurity@ch.abb.com"
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2020/CVE-2020-70xx/CVE-2020-7010.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-7010",
"sourceIdentifier": "bressers@elastic.co",
"published": "2020-06-03T18:15:22.697",
"lastModified": "2020-06-05T18:37:29.827",
"lastModified": "2024-02-10T03:00:00.207",
"vulnStatus": "Analyzed",
"descriptions": [
{

60
CVE-2021/CVE-2021-222xx/CVE-2021-22281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-22281",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-02T08:15:46.013",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:03:31.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.12",
"matchCriteriaId": "1C6F1F09-B82E-4E1B-B2FA-CDCC529FA790"
}
]
}
]
}
],
"references": [
{
"url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf",
"source": "cybersecurity@ch.abb.com"
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2021/CVE-2021-44xx/CVE-2021-4436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4436",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-05T09:15:43.013",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T02:04:43.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorizaci\u00f3n y no verifica el archivo cargado en su acci\u00f3n p3dlite_handle_upload AJAX, lo que permite a usuarios no autenticados cargar archivos arbitrarios al servidor web. Sin embargo, existe un .htaccess que impide acceder al archivo en servidores web como Apache."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp3dprinting:3dprint_lite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.1.5",
"matchCriteriaId": "65F6B829-EBB0-4DFA-8CAC-EE0BB929B1A7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2022/CVE-2022-407xx/CVE-2022-40744.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-40744",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T04:15:07.700",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:00:14.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441."
},
{
"lang": "es",
"value": "IBM Aspera Faspex 5.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 236441."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.7",
"matchCriteriaId": "ABF452E0-F75E-4AF0-9DFF-D31CFC91F652"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236441",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7111778",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-375xx/CVE-2023-37527.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37527",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-02T19:15:07.990",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:19:03.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. \n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un atacante ejecute c\u00f3digo javascript malicioso en la sesi\u00f3n de la aplicaci\u00f3n o en la base de datos, mediante inyecci\u00f3n remota, mientras representa contenido en una p\u00e1gina web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5",
"versionEndExcluding": "9.5.24",
"matchCriteriaId": "C8477E2A-0466-4415-9420-9D1183AF9FA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "35E5DFF7-4361-4A0C-A028-38FBF2A779F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C54B20CA-80AF-4E7E-A511-C208E81FB37E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-461xx/CVE-2023-46159.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46159",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T03:15:09.920",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:01:31.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906."
},
{
"lang": "es",
"value": "IBM Storage Ceph 5.3z1, 5.3z5 y 6.1z1 podr\u00eda permitir que un usuario autenticado en la red provoque una denegaci\u00f3n de servicio por parte de RGW. ID de IBM X-Force: 268906."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_ceph:5.3z1:*:*:*:*:*:*:*",
"matchCriteriaId": "A95784B2-A37B-4BB6-8F58-5BC850E2C807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_ceph:5.3z5:*:*:*:*:*:*:*",
"matchCriteriaId": "4890230F-9EA1-4687-B1D4-B361CDAA4E5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_ceph:6.1z1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7387F66-87B3-4DCC-837C-54F0BC8FBC4E"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268906",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7112263",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-470xx/CVE-2023-47024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47024",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-20T02:15:07.600",
"lastModified": "2024-02-01T07:15:07.593",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:50:04.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C686A54F-A590-4FA1-AAE0-AA9D0682CD09"
"criteria": "cpe:2.3:a:ncratleos:terminal_handler:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7CBF0BA-23C2-4A14-9D14-2CF59375C880"
}
]
}

8
CVE-2023/CVE-2023-507xx/CVE-2023-50711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50711",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T20:15:10.250",
"lastModified": "2024-01-08T19:36:27.290",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-10T02:15:42.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5XMCLV2P3ANS3XN4NXZTV4PUNTLWUNJ/",
"source": "security-advisories@github.com"
}
]
}

406
CVE-2023/CVE-2023-509xx/CVE-2023-50947.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50947",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-04T01:15:25.040",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T00:57:09.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 275665."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,18 +70,390 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "19.0.0.1",
"versionEndIncluding": "19.0.0.3",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "21.0.1",
"versionEndIncluding": "21.0.3.1",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "EA4F72CF-1AE0-4B3B-BD23-4BFB086C843D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "97316AAE-CB3C-4091-8A36-8FBF050E5B7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "CEC71A77-3C31-4362-BAF4-A47ED694F73B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*",
"matchCriteriaId": "12725407-1B9F-43B7-8D66-F0E3B0181830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
"matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
"matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
"matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
"matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
"matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
"matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
"matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
"matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*",
"matchCriteriaId": "84689E35-3C11-44D2-B719-0F47CC7DE6B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*",
"matchCriteriaId": "05248E0A-BE7C-4AA1-80B8-5397382D742E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*",
"matchCriteriaId": "0852419C-62F1-49BA-BD99-96700D33ED64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:containers:*:*:*",
"matchCriteriaId": "628B7F15-103F-4B84-90ED-EBFAD633BCE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if016:*:*:containers:*:*:*",
"matchCriteriaId": "91E22A7B-18F4-461C-9986-0CECBAB879F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if017:*:*:containers:*:*:*",
"matchCriteriaId": "4FE832E4-BE4B-4923-A98D-3B127758C103"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if028:*:*:containers:*:*:*",
"matchCriteriaId": "EE7E0724-C7FB-4436-A702-EC2102205175"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "4052CAAA-1247-468F-A528-2DAC2F0C745B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "96E5413A-7C63-4066-ADB9-B7A30095D457"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "3E9B8E36-CA86-459C-A0CF-F00F179119FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "827165FB-FCB2-4684-BFC5-D9560BD7FC03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "7EDE5FAA-6843-486D-BEAA-A82E088A2A74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "F7C0BC37-0F42-463F-B2E4-F2B3D3958314"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "4283CF30-9B92-4E28-8878-9AF0AAAF24D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndIncluding": "18.0.2",
"matchCriteriaId": "716DF694-558C-4115-B70E-E434602BA933"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.1",
"versionEndIncluding": "19.0.3",
"matchCriteriaId": "00B3BADE-C2D9-40BC-BAD0-39FCA9FC563B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndIncluding": "20.0.3",
"matchCriteriaId": "F99EDA35-605B-4AC3-AFFA-F6507F1DD8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0413501D-975D-469E-A854-61E12039A8D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "21D8DE68-5651-4068-B978-79B28F2DC5D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "BBEA972A-A41E-44C9-8D35-1A991D3384B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "D3009F4E-7157-43D3-B6A0-2531CDE619BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "1DA97C23-9B80-4956-9873-317902A0D804"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "1D0B6203-C775-4C5E-BAE9-C956E718F261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "257A7A17-7EDF-4E23-88A6-216BC29EC467"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "26FF217B-1BD4-46E5-8023-2B2989FF7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "C60E58EA-C4D5-4D4D-8C9B-3EC33A7027E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*",
"matchCriteriaId": "7817670E-5649-42A9-B5F9-7586D7AEB4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*",
"matchCriteriaId": "FC7F85E8-8185-418A-B25F-8E64A58177DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*",
"matchCriteriaId": "37616DCD-C26C-44EA-AA7F-732DC128FFE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*",
"matchCriteriaId": "26CAC076-6FED-49E2-BF33-230F1D1195F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*",
"matchCriteriaId": "5A88C56C-22CC-4791-BB33-C1494E7F41EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*",
"matchCriteriaId": "12652B2E-307E-4568-920B-A869914ED650"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*",
"matchCriteriaId": "8F4E242F-BDF4-4CFE-B808-4A4B7A6FAD0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*",
"matchCriteriaId": "88E736CF-CA6E-400B-9AE3-2C58D2265752"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*",
"matchCriteriaId": "02488B2F-8D6E-4BDC-8DA9-45F5EBC42049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*",
"matchCriteriaId": "854F4AF8-B712-446E-9DE1-A2496D5E9C1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*",
"matchCriteriaId": "CF3F1B62-089B-41ED-AD3E-F31F8E967F18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*",
"matchCriteriaId": "ABB843C3-F26D-43A5-AD3E-9D30D00339D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*",
"matchCriteriaId": "42A67A28-CBF1-4C37-A217-F4789ED1850E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*",
"matchCriteriaId": "BFEF1033-B100-400A-9B2B-94AEE3A7B94A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_023:*:*:*:*:*:*",
"matchCriteriaId": "5F109F93-1CE8-4F86-9070-73012ED0FE79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_024:*:*:*:*:*:*",
"matchCriteriaId": "6CC66606-EE8D-4273-832A-4A0391B5DBAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_025:*:*:*:*:*:*",
"matchCriteriaId": "8CEF57DE-61D6-41E6-8C34-06A1F859F9AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_026:*:*:*:*:*:*",
"matchCriteriaId": "7C441A0C-5FE4-4F7A-8E88-85E198790D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_028:*:*:*:*:*:*",
"matchCriteriaId": "9A6F6F2E-0ED8-4478-BFC5-92C736323A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35A26E3-D2F7-466C-9010-06AA76568A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF1F79-6E1E-49EE-8D8E-B524F040AA29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "684E6AB2-84C1-4700-B519-88D0C7D8D3CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78EB3854-3AE9-4AD1-A511-21F02270DB4A"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7114419",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7114430",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-53xx/CVE-2023-5371.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5371",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-10-04T17:15:10.437",
"lastModified": "2024-02-04T10:15:08.080",
"lastModified": "2024-02-10T02:15:42.320",
"vulnStatus": "Modified",
"descriptions": [
{
@ -116,6 +116,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/",
"source": "cve@gitlab.com"
},
{
"url": "https://security.gentoo.org/glsa/202402-09",
"source": "cve@gitlab.com"

6
CVE-2023/CVE-2023-61xx/CVE-2023-6174.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6174",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-16T12:15:07.240",
"lastModified": "2024-02-04T10:15:08.337",
"lastModified": "2024-02-10T02:15:42.427",
"vulnStatus": "Modified",
"descriptions": [
{
@ -122,6 +122,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/",
"source": "cve@gitlab.com"
},
{
"url": "https://security.gentoo.org/glsa/202402-09",
"source": "cve@gitlab.com"

8
CVE-2024/CVE-2024-02xx/CVE-2024-0208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0208",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:10.340",
"lastModified": "2024-01-09T19:19:21.827",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-10T02:15:42.520",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/",
"source": "cve@gitlab.com"
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-01.html",
"source": "cve@gitlab.com",

129
CVE-2024/CVE-2024-02xx/CVE-2024-0253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0253",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-02-02T13:15:09.700",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:04:56.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
@ -38,10 +58,113 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "3489D84B-5960-4FA7-A2DD-88AE35C34CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "076FDAE7-9DB2-4A04-B09E-E53858D208C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "07C08B57-FA76-4E24-BC10-B837597BC7E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*",
"matchCriteriaId": "0D734ACB-33E8-4315-8A79-2B97CE1D0509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*",
"matchCriteriaId": "9314CA98-7A69-4D2B-9928-40F55888C9FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "BCE7999C-D6AE-4406-A563-A520A171381D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*",
"matchCriteriaId": "D5716895-4553-4613-B774-0964D3E88AA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7251:*:*:*:*:*:*",
"matchCriteriaId": "C40A093F-C442-4B05-8746-B533DE0683A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7260:*:*:*:*:*:*",
"matchCriteriaId": "562563FC-DBAD-441C-B01A-796AFB67DA0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7270:*:*:*:*:*:*",
"matchCriteriaId": "094FB6FD-1ADF-4583-91D4-94A9B6395AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html",
"source": "0fc0942c-577d-436f-ae8e-945763c79b02"
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-03xx/CVE-2024-0371.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0371",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:00.483",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T02:13:01.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
},
{
"lang": "es",
"value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'create_view' en todas las versiones hasta la 3.2.2 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, creen vistas de formulario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-03xx/CVE-2024-0372.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0372",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:00.667",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T02:19:07.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
},
{
"lang": "es",
"value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress son vulnerables al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'get_form_fields' en todas las versiones hasta la 3.2.2 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, creen vistas de formulario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-03xx/CVE-2024-0373.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0373",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:00.840",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T02:20:26.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.2.2 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'save_view'. Esto hace posible que atacantes no autenticados modifiquen t\u00edtulos de publicaciones arbitrarias mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-03xx/CVE-2024-0374.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0374",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:01.020",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T02:27:25.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.2.2 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'create_view'. Esto hace posible que atacantes no autenticados creen vistas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-11xx/CVE-2024-1186.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1186",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T17:15:11.277",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:12:30.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Munsoft Easy Archive Recovery 2.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del componente Registration Key Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Un ataque debe abordarse localmente. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252676. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +93,64 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:munsoft:easy_archive_recovery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD6BA63-2FD9-4AC2-9F3B-5826618CDBF7"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/12-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252676",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252676",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.exploit-db.com/exploits/45884",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2024/CVE-2024-11xx/CVE-2024-1187.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1187",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T18:15:32.107",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:34:36.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Munsoft Easy Outlook Express Recovery 2.0 y clasificada como problem\u00e1tica. Este problema afecta a un procesamiento desconocido del componente Registration Key Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252677. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,56 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:munsoft:easy_outlook_express_recovery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33D0A80D-4D22-4617-94DE-F3145EEE3D74"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/13-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252677",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252677",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

72
CVE-2024/CVE-2024-11xx/CVE-2024-1188.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1188",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T18:15:32.327",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:19:55.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Rizone Soft Notepad3 1.0.2.350 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Encryption Passphrase Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Atacar localmente es un requisito. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252678 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,56 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rizonesoft:notepad3:1.0.2.350:*:*:*:*:*:*:*",
"matchCriteriaId": "DB741863-0B40-42B5-A67B-EE48162CD8B7"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/14-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252678",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252678",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

75
CVE-2024/CVE-2024-11xx/CVE-2024-1189.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1189",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T19:15:08.217",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:21:33.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en AMPPS 2.7 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Encryption Passphrase Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.0 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-252679. NOTA: El proveedor explica que AMPPS 4.0 es una revisi\u00f3n completa y que el c\u00f3digo se reescribi\u00f3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,59 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ampps:ampps:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0",
"matchCriteriaId": "6BC27CCB-47AA-42F5-8BDE-8DA2513243B8"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/15-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252679",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252679",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-11xx/CVE-2024-1190.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1190",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T19:15:08.460",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:15:58.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Global Scape CuteFTP 9.3.0.3 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n del argumento Host/Nombre de usuario/Contrase\u00f1a conduce a la denegaci\u00f3n de servicio. El ataque debe abordarse localmente. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252680. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,58 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:globalscape:cuteftp:9.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D20-0410-41DF-9629-F0DD71D2F069"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/16-exploit-perl.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252680",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252680",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-217xx/CVE-2024-21762.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2024-21762",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-09T09:15:08.087",
"lastModified": "2024-02-09T14:31:23.603",
"lastModified": "2024-02-10T02:00:01.770",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2024-02-09",
"cisaActionDue": "2024-02-16",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Fortinet FortiOS Out-of-Bound Write Vulnerability",
"descriptions": [
{
"lang": "en",

25
CVE-2024/CVE-2024-224xx/CVE-2024-22420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22420",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T21:15:09.667",
"lastModified": "2024-02-02T03:15:10.977",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:51:45.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,6 +104,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
@ -123,7 +138,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-224xx/CVE-2024-22421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22421",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T21:15:09.870",
"lastModified": "2024-02-02T03:15:11.097",
"vulnStatus": "Modified",
"lastModified": "2024-02-10T02:51:03.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,6 +104,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
@ -123,7 +138,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-235xx/CVE-2024-23553.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23553",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-02T21:15:08.647",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T00:59:00.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. \n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) en el componente Web Reports de HCL BigFix Platform debido a que falta un atributo de encabezado http espec\u00edfico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5",
"versionEndExcluding": "9.5.24",
"matchCriteriaId": "C8477E2A-0466-4415-9420-9D1183AF9FA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "35E5DFF7-4361-4A0C-A028-38FBF2A779F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C54B20CA-80AF-4E7E-A511-C208E81FB37E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-236xx/CVE-2024-23635.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23635",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-02T17:15:11.527",
"lastModified": "2024-02-02T21:13:53.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:38:06.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later. "
},
{
"lang": "es",
"value": "AntiSamy es una librer\u00eda para realizar una limpieza r\u00e1pida y configurable de HTML proveniente de fuentes no confiables. Antes de la versi\u00f3n 1.7.5, existe la posibilidad de que se produzca una vulnerabilidad de mutaci\u00f3n XSS (mXSS) en AntiSamy causada por un an\u00e1lisis defectuoso del HTML que se est\u00e1 sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\u00edtica. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Parcheado en AntiSamy 1.7.5 y posteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,44 @@
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.5",
"matchCriteriaId": "0C64CE8A-9F99-4835-AC40-F6668D8031F8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-238xx/CVE-2024-23831.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23831",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-02T16:15:55.593",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-10T01:43:51.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n"
},
{
"lang": "es",
"value": "LedgerSMB es un sistema de contabilidad por partida doble gratuito basado en la web. Cuando un administrador de base de datos LedgerSMB tiene una sesi\u00f3n activa en /setup.pl, un atacante puede enga\u00f1ar al administrador para que haga clic en un enlace que env\u00eda autom\u00e1ticamente una solicitud a setup.pl sin el consentimiento del administrador. Esta solicitud se puede utilizar para crear una nueva cuenta de usuario con privilegios completos de aplicaci\u00f3n (/login.pl), lo que lleva a una escalada de privilegios. La vulnerabilidad est\u00e1 parcheada en las versiones 1.10.30 y 1.11.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"versionEndExcluding": "1.10.30",
"matchCriteriaId": "E75E01ED-83A6-4BEF-BCCE-3DC1A99C0F90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.9",
"matchCriteriaId": "6BAB4653-68D6-4094-8E16-62DD69A1BAA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-10T00:55:24.986005+00:00
2024-02-10T03:00:24.523736+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-10T00:52:17.927000+00:00
2024-02-10T03:00:00.207000+00:00
```
### Last Data Feed Release
@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-02-09T01:00:28.232666+00:00
2024-02-10T01:00:28.246433+00:00
```
### Total Number of included CVEs
@ -34,26 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `0`
* [CVE-2023-6935](CVE-2023/CVE-2023-69xx/CVE-2023-6935.json) (`2024-02-09T23:15:08.030`)
* [CVE-2024-1404](CVE-2024/CVE-2024-14xx/CVE-2024-1404.json) (`2024-02-09T23:15:08.243`)
* [CVE-2024-21624](CVE-2024/CVE-2024-216xx/CVE-2024-21624.json) (`2024-02-09T23:15:08.553`)
* [CVE-2024-23322](CVE-2024/CVE-2024-233xx/CVE-2024-23322.json) (`2024-02-09T23:15:08.747`)
* [CVE-2024-23323](CVE-2024/CVE-2024-233xx/CVE-2024-23323.json) (`2024-02-09T23:15:08.977`)
* [CVE-2024-23324](CVE-2024/CVE-2024-233xx/CVE-2024-23324.json) (`2024-02-09T23:15:09.223`)
* [CVE-2024-23325](CVE-2024/CVE-2024-233xx/CVE-2024-23325.json) (`2024-02-09T23:15:09.437`)
* [CVE-2024-23327](CVE-2024/CVE-2024-233xx/CVE-2024-23327.json) (`2024-02-09T23:15:09.647`)
* [CVE-2024-24828](CVE-2024/CVE-2024-248xx/CVE-2024-24828.json) (`2024-02-09T23:15:09.837`)
* [CVE-2024-25109](CVE-2024/CVE-2024-251xx/CVE-2024-25109.json) (`2024-02-09T23:15:10.057`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `36`
* [CVE-2024-21591](CVE-2024/CVE-2024-215xx/CVE-2024-21591.json) (`2024-02-10T00:15:07.937`)
* [CVE-2024-1193](CVE-2024/CVE-2024-11xx/CVE-2024-1193.json) (`2024-02-10T00:52:17.927`)
* [CVE-2022-40744](CVE-2022/CVE-2022-407xx/CVE-2022-40744.json) (`2024-02-10T01:00:14.547`)
* [CVE-2023-50947](CVE-2023/CVE-2023-509xx/CVE-2023-50947.json) (`2024-02-10T00:57:09.610`)
* [CVE-2023-46159](CVE-2023/CVE-2023-461xx/CVE-2023-46159.json) (`2024-02-10T01:01:31.177`)
* [CVE-2023-37527](CVE-2023/CVE-2023-375xx/CVE-2023-37527.json) (`2024-02-10T01:19:03.593`)
* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-02-10T02:15:42.177`)
* [CVE-2023-5371](CVE-2023/CVE-2023-53xx/CVE-2023-5371.json) (`2024-02-10T02:15:42.320`)
* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2024-02-10T02:15:42.427`)
* [CVE-2023-47024](CVE-2023/CVE-2023-470xx/CVE-2023-47024.json) (`2024-02-10T02:50:04.503`)
* [CVE-2024-23553](CVE-2024/CVE-2024-235xx/CVE-2024-23553.json) (`2024-02-10T00:59:00.423`)
* [CVE-2024-0253](CVE-2024/CVE-2024-02xx/CVE-2024-0253.json) (`2024-02-10T01:04:56.070`)
* [CVE-2024-1186](CVE-2024/CVE-2024-11xx/CVE-2024-1186.json) (`2024-02-10T01:12:30.777`)
* [CVE-2024-1190](CVE-2024/CVE-2024-11xx/CVE-2024-1190.json) (`2024-02-10T01:15:58.950`)
* [CVE-2024-1188](CVE-2024/CVE-2024-11xx/CVE-2024-1188.json) (`2024-02-10T01:19:55.690`)
* [CVE-2024-1189](CVE-2024/CVE-2024-11xx/CVE-2024-1189.json) (`2024-02-10T01:21:33.527`)
* [CVE-2024-1187](CVE-2024/CVE-2024-11xx/CVE-2024-1187.json) (`2024-02-10T01:34:36.783`)
* [CVE-2024-23635](CVE-2024/CVE-2024-236xx/CVE-2024-23635.json) (`2024-02-10T01:38:06.613`)
* [CVE-2024-23831](CVE-2024/CVE-2024-238xx/CVE-2024-23831.json) (`2024-02-10T01:43:51.527`)
* [CVE-2024-21762](CVE-2024/CVE-2024-217xx/CVE-2024-21762.json) (`2024-02-10T02:00:01.770`)
* [CVE-2024-0371](CVE-2024/CVE-2024-03xx/CVE-2024-0371.json) (`2024-02-10T02:13:01.613`)
* [CVE-2024-0208](CVE-2024/CVE-2024-02xx/CVE-2024-0208.json) (`2024-02-10T02:15:42.520`)
* [CVE-2024-0372](CVE-2024/CVE-2024-03xx/CVE-2024-0372.json) (`2024-02-10T02:19:07.437`)
* [CVE-2024-0373](CVE-2024/CVE-2024-03xx/CVE-2024-0373.json) (`2024-02-10T02:20:26.317`)
* [CVE-2024-0374](CVE-2024/CVE-2024-03xx/CVE-2024-0374.json) (`2024-02-10T02:27:25.150`)
* [CVE-2024-22421](CVE-2024/CVE-2024-224xx/CVE-2024-22421.json) (`2024-02-10T02:51:03.987`)
* [CVE-2024-22420](CVE-2024/CVE-2024-224xx/CVE-2024-22420.json) (`2024-02-10T02:51:45.717`)
## Download and Usage