admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-31T17:00:25.196490+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-31 17:00:28 +00:00
parent bfcb8cf73f
commit 4da8a5ef7b
46 changed files with 1077 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-361xx/CVE-2020-36129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36129",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.597",
"lastModified": "2021-12-03T15:43:59.723",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:08.330",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -100,6 +100,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
}
]
}

6
CVE-2020/CVE-2020-361xx/CVE-2020-36130.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36130",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.650",
"lastModified": "2023-09-06T16:15:07.610",
"lastModified": "2024-01-31T15:15:08.440",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

6
CVE-2020/CVE-2020-361xx/CVE-2020-36131.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36131",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.693",
"lastModified": "2023-09-06T16:15:07.743",
"lastModified": "2024-01-31T15:15:08.537",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

6
CVE-2020/CVE-2020-361xx/CVE-2020-36133.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36133",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.733",
"lastModified": "2023-09-06T16:15:07.817",
"lastModified": "2024-01-31T15:15:08.607",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

8
CVE-2020/CVE-2020-361xx/CVE-2020-36134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36134",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.780",
"lastModified": "2022-06-28T14:11:45.273",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:08.683",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -100,6 +100,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
}
]
}

6
CVE-2020/CVE-2020-361xx/CVE-2020-36135.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36135",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-02T22:15:08.833",
"lastModified": "2023-09-06T16:15:07.887",
"lastModified": "2024-01-31T15:15:08.767",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

6
CVE-2021/CVE-2021-304xx/CVE-2021-30473.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-30473",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-06T15:15:07.943",
"lastModified": "2023-11-07T03:33:02.233",
"lastModified": "2024-01-31T15:15:08.857",
"vulnStatus": "Modified",
"descriptions": [
{
@ -133,6 +133,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

6
CVE-2021/CVE-2021-304xx/CVE-2021-30474.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-30474",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-02T17:15:08.630",
"lastModified": "2023-09-06T16:15:08.053",
"lastModified": "2024-01-31T15:15:08.977",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

6
CVE-2021/CVE-2021-304xx/CVE-2021-30475.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-30475",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-04T14:15:07.540",
"lastModified": "2023-11-07T03:33:02.317",
"lastModified": "2024-01-31T15:15:09.073",
"vulnStatus": "Modified",
"descriptions": [
{
@ -133,6 +133,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-32",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5490",
"source": "cve@mitre.org"

10
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-31T00:15:45.270",
"lastModified": "2024-01-31T15:15:09.170",
"vulnStatus": "Modified",
"descriptions": [
{
@ -120,6 +120,14 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c",
"source": "securities@openeuler.org"

10
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-01-31T00:15:45.387",
"lastModified": "2024-01-31T15:15:09.293",
"vulnStatus": "Modified",
"descriptions": [
{
@ -134,6 +134,14 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8",
"source": "securities@openeuler.org",

70
CVE-2023/CVE-2023-316xx/CVE-2023-31654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31654",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T22:15:16.340",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:26:12.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 que Redis raft master-1b8bd86 a master-7b46079 conten\u00eda una infracci\u00f3n de ODR a trav\u00e9s del componente hiredisAllocFns en /opt/fs/redisraft/deps/hiredis/alloc.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redis:redisraft:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5863B3-455B-4994-BCFA-8F8B58EBF879"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RedisLabs/redisraft/issues/600",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-323xx/CVE-2023-32359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32359",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:09.053",
"lastModified": "2024-01-21T02:32:34.087",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:09.417",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -91,6 +91,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.800",
"lastModified": "2023-10-26T20:09:02.390",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:09.530",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com",

70
CVE-2023/CVE-2023-361xx/CVE-2023-36177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36177",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T22:15:16.390",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:45:19.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 un problema en badaix Snapcast versi\u00f3n 0.27.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada en JSON-RPC-API."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:badaix:snapcast:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.27.0",
"matchCriteriaId": "1585039A-0AEC-4192-B179-2E4786DE36F4"
}
]
}
]
}
],
"references": [
{
"url": "http://snapcast.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://oxnan.com/posts/Snapcast_jsonrpc_rce",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-394xx/CVE-2023-39434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39434",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:56.317",
"lastModified": "2023-10-12T02:09:26.247",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:09.663",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -119,6 +119,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-399xx/CVE-2023-39928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39928",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-06T16:15:13.223",
"lastModified": "2023-10-20T20:17:21.957",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:09.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -131,6 +131,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "talos-cna@cisco.com"
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831",
"source": "talos-cna@cisco.com",

8
CVE-2023/CVE-2023-404xx/CVE-2023-40451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40451",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:17.090",
"lastModified": "2023-10-05T13:13:15.517",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:09.977",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-410xx/CVE-2023-41074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:26.570",
"lastModified": "2023-10-20T20:14:36.737",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:10.067",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -180,6 +180,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-419xx/CVE-2023-41983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41983",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.110",
"lastModified": "2024-01-21T02:35:06.267",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T15:15:10.187",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -209,6 +209,10 @@
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2024-01-23T01:15:09.703",
"lastModified": "2024-01-31T15:15:10.337",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-25",
"cisaActionDue": "2023-10-16",
@ -146,6 +146,10 @@
}
],
"references": [
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com",

75
CVE-2023/CVE-2023-421xx/CVE-2023-42143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42143",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.097",
"lastModified": "2024-01-24T13:49:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:57:18.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Falta la verificaci\u00f3n de integridad en Shelly TRV 20220811-152343/v2.1.8@5afc928c permite a usuarios malintencionados crear una puerta trasera al redirigir el dispositivo a una m\u00e1quina controlada por un atacante que sirve el archivo de firmware manipulado. El dispositivo se actualiza con el firmware manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-354"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:shelly:trv_firmware:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52AEA7B-6F6F-4CB0-A83D-E67CFF3DE5C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:shelly:trv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E31D77B8-D770-449B-89B6-9E5D5B149303"
}
]
}
]
}
],
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-421xx/CVE-2023-42144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42144",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.150",
"lastModified": "2024-01-24T13:49:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:48:30.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "La transmisi\u00f3n de texto plano durante la configuraci\u00f3n inicial en Shelly TRV 20220811-15234 v.2.1.8 permite a un atacante local obtener la contrase\u00f1a de Wi-Fi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:shelly:trv_firmware:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52AEA7B-6F6F-4CB0-A83D-E67CFF3DE5C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:shelly:trv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E31D77B8-D770-449B-89B6-9E5D5B149303"
}
]
}
]
}
],
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-428xx/CVE-2023-42852.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42852",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.843",
"lastModified": "2023-12-07T20:15:38.003",
"lastModified": "2024-01-31T15:15:10.463",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -178,6 +178,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/",
"source": "product-security@apple.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-428xx/CVE-2023-42890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42890",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-12-12T01:15:11.480",
"lastModified": "2023-12-18T04:15:50.870",
"vulnStatus": "Modified",
"lastModified": "2024-01-31T15:15:10.633",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -144,6 +144,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1",
"source": "product-security@apple.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com",

75
CVE-2023/CVE-2023-468xx/CVE-2023-46889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T20:15:45.190",
"lastModified": "2024-01-24T13:49:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:36:18.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Meross MSH30Q 4.5.23 es vulnerable a la transmisi\u00f3n de informaci\u00f3n confidencial en texto plano. Durante la fase de configuraci\u00f3n del dispositivo, el MSH30Q crea un punto de acceso Wi-Fi desprotegido. En esta fase, MSH30Q necesita conectarse a Internet a trav\u00e9s de un enrutador Wi-Fi. Es por eso que MSH30Q solicita el nombre de la red Wi-Fi (SSID) y la contrase\u00f1a de la red Wi-Fi. Cuando el usuario ingresa la contrase\u00f1a, se observa la transmisi\u00f3n de la contrase\u00f1a y el nombre de Wi-Fi entre el MSH30Q y la aplicaci\u00f3n m\u00f3vil en la red Wi-Fi. Aunque la contrase\u00f1a de Wi-Fi est\u00e1 cifrada, una parte del algoritmo de descifrado es p\u00fablica, por lo que complementamos las partes que faltan para descifrarlo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "88053A66-2CE3-4D0B-8119-57C49A3A2014"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92051225-D526-48A3-8B3C-81BC290AB37D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-31T13:15:10.000",
"lastModified": "2024-01-31T16:15:45.150",
"vulnStatus": "Modified",
"descriptions": [
{
@ -195,10 +195,22 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0614",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0617",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0621",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0626",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0629",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"source": "secalert@redhat.com",

59
CVE-2024/CVE-2024-02xx/CVE-2024-0219.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0219",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:45.290",
"lastModified": "2024-01-31T16:15:45.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability",
"source": "security@progress.com"
},
{
"url": "https://www.telerik.com/devcraft",
"source": "security@progress.com"
}
]
}

6
CVE-2024/CVE-2024-05xx/CVE-2024-0553.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0553",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T12:15:45.557",
"lastModified": "2024-01-29T17:15:09.360",
"lastModified": "2024-01-31T16:15:45.513",
"vulnStatus": "Modified",
"descriptions": [
{
@ -146,6 +146,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0627",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0553",
"source": "secalert@redhat.com",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0741",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.173",
"lastModified": "2024-01-29T22:42:31.483",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:45.613",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0742",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.230",
"lastModified": "2024-01-29T16:11:20.047",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:45.700",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0746",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.417",
"lastModified": "2024-01-30T16:10:43.927",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:45.770",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0747",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.463",
"lastModified": "2024-01-30T16:16:51.227",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:45.850",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0749",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.550",
"lastModified": "2024-01-30T16:35:49.257",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:45.923",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0750",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.597",
"lastModified": "2024-01-30T16:49:20.873",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:46.000",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0751",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.643",
"lastModified": "2024-01-30T16:44:51.983",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:46.070",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0753",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.730",
"lastModified": "2024-01-30T15:54:23.863",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:46.140",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0755.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0755",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.820",
"lastModified": "2024-01-29T22:47:49.327",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T16:15:46.210",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -112,6 +112,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org",

59
CVE-2024/CVE-2024-08xx/CVE-2024-0832.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0832",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:46.287",
"lastModified": "2024-01-31T16:15:46.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability",
"source": "security@progress.com"
},
{
"url": "https://www.telerik.com/devcraft",
"source": "security@progress.com"
}
]
}

59
CVE-2024/CVE-2024-08xx/CVE-2024-0833.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0833",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:46.600",
"lastModified": "2024-01-31T16:15:46.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability",
"source": "security@progress.com"
},
{
"url": "https://www.telerik.com/devcraft",
"source": "security@progress.com"
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1103.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T15:15:10.863",
"lastModified": "2024-01-31T15:15:10.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252458",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252458",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2024/CVE-2024-235xx/CVE-2024-23502.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23502",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T16:15:46.890",
"lastModified": "2024-01-31T16:15:46.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category \u2013 List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category \u2013 List Category Posts Or Recent Posts: from n/a through 3.3.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-235xx/CVE-2024-23505.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23505",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T16:15:47.163",
"lastModified": "2024-01-31T16:15:47.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook \u2013 DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook \u2013 DearPDF: from n/a through 2.0.38.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-235xx/CVE-2024-23508.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23508",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T16:15:47.407",
"lastModified": "2024-01-31T16:15:47.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster \u2013 PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster \u2013 PDF Embedder Plugin for WordPress: from n/a through 2.1.17.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

76
CVE-2024/CVE-2024-238xx/CVE-2024-23898.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2024-23898",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.420",
"lastModified": "2024-01-25T10:15:08.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T16:49:06.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller."
},
{
"lang": "es",
"value": "Jenkins 2.217 a 2.441 (ambos incluida), LTS 2.222.1 a 2.426.2 (ambos incluida) no realizan la validaci\u00f3n del origen de las solicitudes realizadas a trav\u00e9s del endpoint CLI WebSocket, lo que genera una vulnerabilidad de secuestro de WebSocket entre sitios (CSWSH), lo que permite a los atacantes para ejecutar comandos CLI en el controlador Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionStartIncluding": "2.217",
"versionEndIncluding": "2.441",
"matchCriteriaId": "E4343714-1807-4231-833C-AB3D6E637769"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "2.222.1",
"versionEndIncluding": "2.426.2",
"matchCriteriaId": "225EA384-5268-4ACD-A8E1-65002A5D74AB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-31T15:00:25.497029+00:00
2024-01-31T17:00:25.196490+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-31T14:51:46.890000+00:00
2024-01-31T16:57:18.603000+00:00
```
### Last Data Feed Release
@ -29,60 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237201
237208
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `7`
* [CVE-2023-7043](CVE-2023/CVE-2023-70xx/CVE-2023-7043.json) (`2024-01-31T13:15:10.147`)
* [CVE-2023-5992](CVE-2023/CVE-2023-59xx/CVE-2023-5992.json) (`2024-01-31T14:15:48.147`)
* [CVE-2023-6246](CVE-2023/CVE-2023-62xx/CVE-2023-6246.json) (`2024-01-31T14:15:48.420`)
* [CVE-2023-6779](CVE-2023/CVE-2023-67xx/CVE-2023-6779.json) (`2024-01-31T14:15:48.700`)
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-01-31T14:15:48.917`)
* [CVE-2024-1087](CVE-2024/CVE-2024-10xx/CVE-2024-1087.json) (`2024-01-31T13:15:11.030`)
* [CVE-2024-0589](CVE-2024/CVE-2024-05xx/CVE-2024-0589.json) (`2024-01-31T13:15:10.567`)
* [CVE-2024-1085](CVE-2024/CVE-2024-10xx/CVE-2024-1085.json) (`2024-01-31T13:15:10.630`)
* [CVE-2024-1086](CVE-2024/CVE-2024-10xx/CVE-2024-1086.json) (`2024-01-31T13:15:10.827`)
* [CVE-2024-22143](CVE-2024/CVE-2024-221xx/CVE-2024-22143.json) (`2024-01-31T13:15:11.093`)
* [CVE-2024-22285](CVE-2024/CVE-2024-222xx/CVE-2024-22285.json) (`2024-01-31T13:15:11.307`)
* [CVE-2024-22291](CVE-2024/CVE-2024-222xx/CVE-2024-22291.json) (`2024-01-31T13:15:11.500`)
* [CVE-2024-22304](CVE-2024/CVE-2024-223xx/CVE-2024-22304.json) (`2024-01-31T13:15:11.690`)
* [CVE-2024-1112](CVE-2024/CVE-2024-11xx/CVE-2024-1112.json) (`2024-01-31T14:15:49.197`)
* [CVE-2024-22136](CVE-2024/CVE-2024-221xx/CVE-2024-22136.json) (`2024-01-31T14:15:49.430`)
* [CVE-2024-22140](CVE-2024/CVE-2024-221xx/CVE-2024-22140.json) (`2024-01-31T14:15:49.653`)
* [CVE-2024-1103](CVE-2024/CVE-2024-11xx/CVE-2024-1103.json) (`2024-01-31T15:15:10.863`)
* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-01-31T16:15:45.290`)
* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-01-31T16:15:46.287`)
* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-01-31T16:15:46.600`)
* [CVE-2024-23502](CVE-2024/CVE-2024-235xx/CVE-2024-23502.json) (`2024-01-31T16:15:46.890`)
* [CVE-2024-23505](CVE-2024/CVE-2024-235xx/CVE-2024-23505.json) (`2024-01-31T16:15:47.163`)
* [CVE-2024-23508](CVE-2024/CVE-2024-235xx/CVE-2024-23508.json) (`2024-01-31T16:15:47.407`)
### CVEs modified in the last Commit
Recently modified CVEs: `47`
Recently modified CVEs: `38`
* [CVE-2023-52337](CVE-2023/CVE-2023-523xx/CVE-2023-52337.json) (`2024-01-31T14:15:49.160`)
* [CVE-2023-52338](CVE-2023/CVE-2023-523xx/CVE-2023-52338.json) (`2024-01-31T14:38:35.867`)
* [CVE-2023-38994](CVE-2023/CVE-2023-389xx/CVE-2023-38994.json) (`2024-01-31T14:48:27.263`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-31T13:15:10.350`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-31T13:15:10.460`)
* [CVE-2024-23170](CVE-2024/CVE-2024-231xx/CVE-2024-23170.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-23775](CVE-2024/CVE-2024-237xx/CVE-2024-23775.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-1098](CVE-2024/CVE-2024-10xx/CVE-2024-1098.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-1099](CVE-2024/CVE-2024-10xx/CVE-2024-1099.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-22287](CVE-2024/CVE-2024-222xx/CVE-2024-22287.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-22290](CVE-2024/CVE-2024-222xx/CVE-2024-22290.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-22305](CVE-2024/CVE-2024-223xx/CVE-2024-22305.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-23507](CVE-2024/CVE-2024-235xx/CVE-2024-23507.json) (`2024-01-31T14:05:19.990`)
* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-1059](CVE-2024/CVE-2024-10xx/CVE-2024-1059.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-1060](CVE-2024/CVE-2024-10xx/CVE-2024-1060.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-1077](CVE-2024/CVE-2024-10xx/CVE-2024-1077.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-23834](CVE-2024/CVE-2024-238xx/CVE-2024-23834.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-23745](CVE-2024/CVE-2024-237xx/CVE-2024-23745.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-1069](CVE-2024/CVE-2024-10xx/CVE-2024-1069.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-0914](CVE-2024/CVE-2024-09xx/CVE-2024-0914.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-22236](CVE-2024/CVE-2024-222xx/CVE-2024-22236.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-0836](CVE-2024/CVE-2024-08xx/CVE-2024-0836.json) (`2024-01-31T14:05:27.507`)
* [CVE-2024-1012](CVE-2024/CVE-2024-10xx/CVE-2024-1012.json) (`2024-01-31T14:05:27.507`)
* [CVE-2023-39434](CVE-2023/CVE-2023-394xx/CVE-2023-39434.json) (`2024-01-31T15:15:09.663`)
* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2024-01-31T15:15:09.790`)
* [CVE-2023-40451](CVE-2023/CVE-2023-404xx/CVE-2023-40451.json) (`2024-01-31T15:15:09.977`)
* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2024-01-31T15:15:10.067`)
* [CVE-2023-41983](CVE-2023/CVE-2023-419xx/CVE-2023-41983.json) (`2024-01-31T15:15:10.187`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-31T15:15:10.337`)
* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2024-01-31T15:15:10.463`)
* [CVE-2023-42890](CVE-2023/CVE-2023-428xx/CVE-2023-42890.json) (`2024-01-31T15:15:10.633`)
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-31T16:15:45.150`)
* [CVE-2023-31654](CVE-2023/CVE-2023-316xx/CVE-2023-31654.json) (`2024-01-31T16:26:12.397`)
* [CVE-2023-46889](CVE-2023/CVE-2023-468xx/CVE-2023-46889.json) (`2024-01-31T16:36:18.020`)
* [CVE-2023-36177](CVE-2023/CVE-2023-361xx/CVE-2023-36177.json) (`2024-01-31T16:45:19.120`)
* [CVE-2023-42144](CVE-2023/CVE-2023-421xx/CVE-2023-42144.json) (`2024-01-31T16:48:30.507`)
* [CVE-2023-42143](CVE-2023/CVE-2023-421xx/CVE-2023-42143.json) (`2024-01-31T16:57:18.603`)
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-31T16:15:45.513`)
* [CVE-2024-0741](CVE-2024/CVE-2024-07xx/CVE-2024-0741.json) (`2024-01-31T16:15:45.613`)
* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-01-31T16:15:45.700`)
* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-31T16:15:45.770`)
* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-31T16:15:45.850`)
* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-31T16:15:45.923`)
* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-31T16:15:46.000`)
* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-31T16:15:46.070`)
* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-31T16:15:46.140`)
* [CVE-2024-0755](CVE-2024/CVE-2024-07xx/CVE-2024-0755.json) (`2024-01-31T16:15:46.210`)
* [CVE-2024-23898](CVE-2024/CVE-2024-238xx/CVE-2024-23898.json) (`2024-01-31T16:49:06.600`)
## Download and Usage