From 4da8a5ef7b3ba09581a4d8b922dd57b7ccd5c586 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 31 Jan 2024 17:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-31T17:00:25.196490+00:00 --- CVE-2020/CVE-2020-361xx/CVE-2020-36129.json | 8 +- CVE-2020/CVE-2020-361xx/CVE-2020-36130.json | 6 +- CVE-2020/CVE-2020-361xx/CVE-2020-36131.json | 6 +- CVE-2020/CVE-2020-361xx/CVE-2020-36133.json | 6 +- CVE-2020/CVE-2020-361xx/CVE-2020-36134.json | 8 +- CVE-2020/CVE-2020-361xx/CVE-2020-36135.json | 6 +- CVE-2021/CVE-2021-304xx/CVE-2021-30473.json | 6 +- CVE-2021/CVE-2021-304xx/CVE-2021-30474.json | 6 +- CVE-2021/CVE-2021-304xx/CVE-2021-30475.json | 6 +- CVE-2021/CVE-2021-336xx/CVE-2021-33630.json | 10 ++- CVE-2021/CVE-2021-336xx/CVE-2021-33631.json | 10 ++- CVE-2023/CVE-2023-316xx/CVE-2023-31654.json | 70 ++++++++++++++-- CVE-2023/CVE-2023-323xx/CVE-2023-32359.json | 8 +- CVE-2023/CVE-2023-350xx/CVE-2023-35074.json | 8 +- CVE-2023/CVE-2023-361xx/CVE-2023-36177.json | 70 ++++++++++++++-- CVE-2023/CVE-2023-394xx/CVE-2023-39434.json | 8 +- CVE-2023/CVE-2023-399xx/CVE-2023-39928.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40451.json | 8 +- CVE-2023/CVE-2023-410xx/CVE-2023-41074.json | 8 +- CVE-2023/CVE-2023-419xx/CVE-2023-41983.json | 8 +- CVE-2023/CVE-2023-419xx/CVE-2023-41993.json | 6 +- CVE-2023/CVE-2023-421xx/CVE-2023-42143.json | 75 +++++++++++++++++- CVE-2023/CVE-2023-421xx/CVE-2023-42144.json | 75 +++++++++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42852.json | 6 +- CVE-2023/CVE-2023-428xx/CVE-2023-42890.json | 8 +- CVE-2023/CVE-2023-468xx/CVE-2023-46889.json | 75 +++++++++++++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6816.json | 14 +++- CVE-2024/CVE-2024-02xx/CVE-2024-0219.json | 59 ++++++++++++++ CVE-2024/CVE-2024-05xx/CVE-2024-0553.json | 6 +- CVE-2024/CVE-2024-07xx/CVE-2024-0741.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0742.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0746.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0747.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0749.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0750.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0751.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0753.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0755.json | 8 +- CVE-2024/CVE-2024-08xx/CVE-2024-0832.json | 59 ++++++++++++++ CVE-2024/CVE-2024-08xx/CVE-2024-0833.json | 59 ++++++++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1103.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-235xx/CVE-2024-23502.json | 55 +++++++++++++ CVE-2024/CVE-2024-235xx/CVE-2024-23505.json | 55 +++++++++++++ CVE-2024/CVE-2024-235xx/CVE-2024-23508.json | 55 +++++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23898.json | 76 +++++++++++++++++- README.md | 83 +++++++++---------- 46 files changed, 1077 insertions(+), 123 deletions(-) create mode 100644 CVE-2024/CVE-2024-02xx/CVE-2024-0219.json create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0832.json create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0833.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1103.json create mode 100644 CVE-2024/CVE-2024-235xx/CVE-2024-23502.json create mode 100644 CVE-2024/CVE-2024-235xx/CVE-2024-23505.json create mode 100644 CVE-2024/CVE-2024-235xx/CVE-2024-23508.json diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36129.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36129.json index dd5280d9270..94b765f3e9a 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36129.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36129.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36129", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.597", - "lastModified": "2021-12-03T15:43:59.723", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:08.330", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -100,6 +100,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36130.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36130.json index 68a93fa494b..046fbf22a5c 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36130.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36130.json @@ -2,7 +2,7 @@ "id": "CVE-2020-36130", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.650", - "lastModified": "2023-09-06T16:15:07.610", + "lastModified": "2024-01-31T15:15:08.440", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36131.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36131.json index 327a0c92606..8ed94d03ca3 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36131.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36131.json @@ -2,7 +2,7 @@ "id": "CVE-2020-36131", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.693", - "lastModified": "2023-09-06T16:15:07.743", + "lastModified": "2024-01-31T15:15:08.537", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36133.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36133.json index 5aa3503d79e..c2405fc70ab 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36133.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36133.json @@ -2,7 +2,7 @@ "id": "CVE-2020-36133", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.733", - "lastModified": "2023-09-06T16:15:07.817", + "lastModified": "2024-01-31T15:15:08.607", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36134.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36134.json index e168f60f8d5..ba1e25a9968 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36134.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36134.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36134", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.780", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:08.683", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -100,6 +100,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-361xx/CVE-2020-36135.json b/CVE-2020/CVE-2020-361xx/CVE-2020-36135.json index efc14393bf2..ddbe5a4ff82 100644 --- a/CVE-2020/CVE-2020-361xx/CVE-2020-36135.json +++ b/CVE-2020/CVE-2020-361xx/CVE-2020-36135.json @@ -2,7 +2,7 @@ "id": "CVE-2020-36135", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-02T22:15:08.833", - "lastModified": "2023-09-06T16:15:07.887", + "lastModified": "2024-01-31T15:15:08.767", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2021/CVE-2021-304xx/CVE-2021-30473.json b/CVE-2021/CVE-2021-304xx/CVE-2021-30473.json index d512317ba01..36b0f30fa7e 100644 --- a/CVE-2021/CVE-2021-304xx/CVE-2021-30473.json +++ b/CVE-2021/CVE-2021-304xx/CVE-2021-30473.json @@ -2,7 +2,7 @@ "id": "CVE-2021-30473", "sourceIdentifier": "cve@mitre.org", "published": "2021-05-06T15:15:07.943", - "lastModified": "2023-11-07T03:33:02.233", + "lastModified": "2024-01-31T15:15:08.857", "vulnStatus": "Modified", "descriptions": [ { @@ -133,6 +133,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2021/CVE-2021-304xx/CVE-2021-30474.json b/CVE-2021/CVE-2021-304xx/CVE-2021-30474.json index 9279ec122cd..9e4950ddca5 100644 --- a/CVE-2021/CVE-2021-304xx/CVE-2021-30474.json +++ b/CVE-2021/CVE-2021-304xx/CVE-2021-30474.json @@ -2,7 +2,7 @@ "id": "CVE-2021-30474", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-02T17:15:08.630", - "lastModified": "2023-09-06T16:15:08.053", + "lastModified": "2024-01-31T15:15:08.977", "vulnStatus": "Modified", "descriptions": [ { @@ -114,6 +114,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00003.html", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2021/CVE-2021-304xx/CVE-2021-30475.json b/CVE-2021/CVE-2021-304xx/CVE-2021-30475.json index e4f1dcd242c..7156414db09 100644 --- a/CVE-2021/CVE-2021-304xx/CVE-2021-30475.json +++ b/CVE-2021/CVE-2021-304xx/CVE-2021-30475.json @@ -2,7 +2,7 @@ "id": "CVE-2021-30475", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-04T14:15:07.540", - "lastModified": "2023-11-07T03:33:02.317", + "lastModified": "2024-01-31T15:15:09.073", "vulnStatus": "Modified", "descriptions": [ { @@ -133,6 +133,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCI33HXH6YSOGC2LPE2REQLMIDH6US4/", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-32", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5490", "source": "cve@mitre.org" diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json index 1aa6b73fa4d..501aae1639a 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33630", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.653", - "lastModified": "2024-01-31T00:15:45.270", + "lastModified": "2024-01-31T15:15:09.170", "vulnStatus": "Modified", "descriptions": [ { @@ -120,6 +120,14 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2", + "source": "securities@openeuler.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c", "source": "securities@openeuler.org" diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json index 455a9dadbf6..ae62f7998f0 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json @@ -2,7 +2,7 @@ "id": "CVE-2021-33631", "sourceIdentifier": "securities@openeuler.org", "published": "2024-01-18T15:15:08.860", - "lastModified": "2024-01-31T00:15:45.387", + "lastModified": "2024-01-31T15:15:09.293", "vulnStatus": "Modified", "descriptions": [ { @@ -134,6 +134,14 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9", "source": "securities@openeuler.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2", + "source": "securities@openeuler.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3", + "source": "securities@openeuler.org" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8", "source": "securities@openeuler.org", diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31654.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31654.json index d531cba304d..d9f495e4858 100644 --- a/CVE-2023/CVE-2023-316xx/CVE-2023-31654.json +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31654.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31654", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T22:15:16.340", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:26:12.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 que Redis raft master-1b8bd86 a master-7b46079 conten\u00eda una infracci\u00f3n de ODR a trav\u00e9s del componente hiredisAllocFns en /opt/fs/redisraft/deps/hiredis/alloc.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redisraft:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD5863B3-455B-4994-BCFA-8F8B58EBF879" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/RedisLabs/redisraft/issues/600", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/13", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json index e337f732528..bbdc2b5c941 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32359", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:09.053", - "lastModified": "2024-01-21T02:32:34.087", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:09.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -91,6 +91,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213981", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json index 5bc6289054b..559b96c59a5 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35074", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:18:52.800", - "lastModified": "2023-10-26T20:09:02.390", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:09.530", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -168,6 +168,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213936", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36177.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36177.json index 520541a23d2..1f7f093f3a1 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36177.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36177.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36177", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T22:15:16.390", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:45:19.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 un problema en badaix Snapcast versi\u00f3n 0.27.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada en JSON-RPC-API." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:badaix:snapcast:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.27.0", + "matchCriteriaId": "1585039A-0AEC-4192-B179-2E4786DE36F4" + } + ] + } + ] + } + ], "references": [ { "url": "http://snapcast.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oxnan.com/posts/Snapcast_jsonrpc_rce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39434.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39434.json index 6fb58c504a3..8f4afdfa5a6 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39434.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39434", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:18:56.317", - "lastModified": "2023-10-12T02:09:26.247", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:09.663", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213937", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json index 9b68aac04ce..00faa307d73 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39928", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-10-06T16:15:13.223", - "lastModified": "2023-10-20T20:17:21.957", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:09.790", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -131,6 +131,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "talos-cna@cisco.com" + }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831", "source": "talos-cna@cisco.com", diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40451.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40451.json index 54bde716cc7..2a345abb573 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40451.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40451.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40451", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:19:17.090", - "lastModified": "2023-10-05T13:13:15.517", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:09.977", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213941", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41074.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41074.json index 5ba972c938c..5ce6557e8ac 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41074.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41074", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-27T15:19:26.570", - "lastModified": "2023-10-20T20:14:36.737", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:10.067", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -180,6 +180,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213936", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json index d2b1163dc06..bc808d9b3a9 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41983", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:10.110", - "lastModified": "2024-01-21T02:35:06.267", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T15:15:10.187", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -209,6 +209,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213981", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json index 27c95137507..b4a609c6304 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41993", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.660", - "lastModified": "2024-01-23T01:15:09.703", + "lastModified": "2024-01-31T15:15:10.337", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-25", "cisaActionDue": "2023-10-16", @@ -146,6 +146,10 @@ } ], "references": [ + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213940", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42143.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42143.json index 3730b4a3b1b..d93dd7efc98 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42143.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42143.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42143", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T20:15:45.097", - "lastModified": "2024-01-24T13:49:10.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:57:18.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "Falta la verificaci\u00f3n de integridad en Shelly TRV 20220811-152343/v2.1.8@5afc928c permite a usuarios malintencionados crear una puerta trasera al redirigir el dispositivo a una m\u00e1quina controlada por un atacante que sirve el archivo de firmware manipulado. El dispositivo se actualiza con el firmware manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:shelly:trv_firmware:2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A52AEA7B-6F6F-4CB0-A83D-E67CFF3DE5C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:shelly:trv:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E31D77B8-D770-449B-89B6-9E5D5B149303" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json index 1d0fd2ada06..7dfb7d44b2e 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42144", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T20:15:45.150", - "lastModified": "2024-01-24T13:49:10.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:48:30.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "La transmisi\u00f3n de texto plano durante la configuraci\u00f3n inicial en Shelly TRV 20220811-15234 v.2.1.8 permite a un atacante local obtener la contrase\u00f1a de Wi-Fi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:shelly:trv_firmware:2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A52AEA7B-6F6F-4CB0-A83D-E67CFF3DE5C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:shelly:trv:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E31D77B8-D770-449B-89B6-9E5D5B149303" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json index a1163d8b8b4..f5003db80a4 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42852", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:10.843", - "lastModified": "2023-12-07T20:15:38.003", + "lastModified": "2024-01-31T15:15:10.463", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -178,6 +178,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/", "source": "product-security@apple.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213981", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42890.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42890.json index 1b3f5017d1f..9a984901461 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42890.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42890.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42890", "sourceIdentifier": "product-security@apple.com", "published": "2023-12-12T01:15:11.480", - "lastModified": "2023-12-18T04:15:50.870", - "vulnStatus": "Modified", + "lastModified": "2024-01-31T15:15:10.633", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "source": "product-security@apple.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-33", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT214035", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46889.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46889.json index bc37fbeb6a5..a5eb97bc0c8 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46889.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46889", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T20:15:45.190", - "lastModified": "2024-01-24T13:49:10.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:36:18.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,78 @@ "value": "Meross MSH30Q 4.5.23 es vulnerable a la transmisi\u00f3n de informaci\u00f3n confidencial en texto plano. Durante la fase de configuraci\u00f3n del dispositivo, el MSH30Q crea un punto de acceso Wi-Fi desprotegido. En esta fase, MSH30Q necesita conectarse a Internet a trav\u00e9s de un enrutador Wi-Fi. Es por eso que MSH30Q solicita el nombre de la red Wi-Fi (SSID) y la contrase\u00f1a de la red Wi-Fi. Cuando el usuario ingresa la contrase\u00f1a, se observa la transmisi\u00f3n de la contrase\u00f1a y el nombre de Wi-Fi entre el MSH30Q y la aplicaci\u00f3n m\u00f3vil en la red Wi-Fi. Aunque la contrase\u00f1a de Wi-Fi est\u00e1 cifrada, una parte del algoritmo de descifrado es p\u00fablica, por lo que complementamos las partes que faltan para descifrarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*", + "matchCriteriaId": "88053A66-2CE3-4D0B-8119-57C49A3A2014" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92051225-D526-48A3-8B3C-81BC290AB37D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json index 0b9e01ed57d..9bc6c289e6d 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6816.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6816", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-18T05:15:08.607", - "lastModified": "2024-01-31T13:15:10.000", + "lastModified": "2024-01-31T16:15:45.150", "vulnStatus": "Modified", "descriptions": [ { @@ -195,10 +195,22 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0614", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0617", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:0621", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0626", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0629", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6816", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json new file mode 100644 index 00000000000..e52940fded0 --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0219", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-31T16:15:45.290", + "lastModified": "2024-01-31T16:15:45.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", + "source": "security@progress.com" + }, + { + "url": "https://www.telerik.com/devcraft", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json index 20a1475b238..d34f46cb664 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0553", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-16T12:15:45.557", - "lastModified": "2024-01-29T17:15:09.360", + "lastModified": "2024-01-31T16:15:45.513", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0533", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0627", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0553", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0741.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0741.json index dcaa12b119b..1c210610680 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0741.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0741.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0741", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.173", - "lastModified": "2024-01-29T22:42:31.483", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:45.613", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0742.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0742.json index 26a343a4119..9cbc53b26b9 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0742.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0742", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.230", - "lastModified": "2024-01-29T16:11:20.047", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:45.700", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json index 4f68696e28e..654884623d4 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0746", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.417", - "lastModified": "2024-01-30T16:10:43.927", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:45.770", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0747.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0747.json index b612425f815..4253edd56a8 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0747.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0747.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0747", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.463", - "lastModified": "2024-01-30T16:16:51.227", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:45.850", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0749.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0749.json index f378c4c69a3..3efa4af8c8b 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0749.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0749", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.550", - "lastModified": "2024-01-30T16:35:49.257", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:45.923", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json index 5d8af36a540..1f740e33bc6 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0750", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.597", - "lastModified": "2024-01-30T16:49:20.873", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:46.000", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json index b1cbf0d3060..f8ef7e2bdf3 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0751", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.643", - "lastModified": "2024-01-30T16:44:51.983", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:46.070", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0753.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0753.json index b5b95357517..9e1e5fb9e85 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0753.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0753.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0753", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.730", - "lastModified": "2024-01-30T15:54:23.863", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:46.140", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0755.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0755.json index f4bbda45d31..b74d9245bc7 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0755.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0755.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0755", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.820", - "lastModified": "2024-01-29T22:47:49.327", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T16:15:46.210", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "source": "security@mozilla.org", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json new file mode 100644 index 00000000000..9a9eff9efdd --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0832", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-31T16:15:46.287", + "lastModified": "2024-01-31T16:15:46.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", + "source": "security@progress.com" + }, + { + "url": "https://www.telerik.com/devcraft", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json new file mode 100644 index 00000000000..2c6dbf9fe40 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0833", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-31T16:15:46.600", + "lastModified": "2024-01-31T16:15:46.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", + "source": "security@progress.com" + }, + { + "url": "https://www.telerik.com/devcraft", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1103.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1103.json new file mode 100644 index 00000000000..b1a4763685f --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1103.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1103", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-31T15:15:10.863", + "lastModified": "2024-01-31T15:15:10.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252458", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252458", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23502.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23502.json new file mode 100644 index 00000000000..1d38cbb2d6f --- /dev/null +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23502.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23502", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T16:15:46.890", + "lastModified": "2024-01-31T16:15:46.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category \u2013 List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category \u2013 List Category Posts Or Recent Posts: from n/a through 3.3.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23505.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23505.json new file mode 100644 index 00000000000..8d2953570cc --- /dev/null +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23505.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23505", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T16:15:47.163", + "lastModified": "2024-01-31T16:15:47.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook \u2013 DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook \u2013 DearPDF: from n/a through 2.0.38.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23508.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23508.json new file mode 100644 index 00000000000..a01a31c5243 --- /dev/null +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23508.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23508", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T16:15:47.407", + "lastModified": "2024-01-31T16:15:47.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster \u2013 PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster \u2013 PDF Embedder Plugin for WordPress: from n/a through 2.1.17.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json index 5d232cc385e..7db81655bfc 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json @@ -2,19 +2,87 @@ "id": "CVE-2024-23898", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.420", - "lastModified": "2024-01-25T10:15:08.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T16:49:06.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller." + }, + { + "lang": "es", + "value": "Jenkins 2.217 a 2.441 (ambos incluida), LTS 2.222.1 a 2.426.2 (ambos incluida) no realizan la validaci\u00f3n del origen de las solicitudes realizadas a trav\u00e9s del endpoint CLI WebSocket, lo que genera una vulnerabilidad de secuestro de WebSocket entre sitios (CSWSH), lo que permite a los atacantes para ejecutar comandos CLI en el controlador Jenkins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionStartIncluding": "2.217", + "versionEndIncluding": "2.441", + "matchCriteriaId": "E4343714-1807-4231-833C-AB3D6E637769" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionStartIncluding": "2.222.1", + "versionEndIncluding": "2.426.2", + "matchCriteriaId": "225EA384-5268-4ACD-A8E1-65002A5D74AB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d7992d6e36d..7b9cb311d3e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-31T15:00:25.497029+00:00 +2024-01-31T17:00:25.196490+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-31T14:51:46.890000+00:00 +2024-01-31T16:57:18.603000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237201 +237208 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `7` -* [CVE-2023-7043](CVE-2023/CVE-2023-70xx/CVE-2023-7043.json) (`2024-01-31T13:15:10.147`) -* [CVE-2023-5992](CVE-2023/CVE-2023-59xx/CVE-2023-5992.json) (`2024-01-31T14:15:48.147`) -* [CVE-2023-6246](CVE-2023/CVE-2023-62xx/CVE-2023-6246.json) (`2024-01-31T14:15:48.420`) -* [CVE-2023-6779](CVE-2023/CVE-2023-67xx/CVE-2023-6779.json) (`2024-01-31T14:15:48.700`) -* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-01-31T14:15:48.917`) -* [CVE-2024-1087](CVE-2024/CVE-2024-10xx/CVE-2024-1087.json) (`2024-01-31T13:15:11.030`) -* [CVE-2024-0589](CVE-2024/CVE-2024-05xx/CVE-2024-0589.json) (`2024-01-31T13:15:10.567`) -* [CVE-2024-1085](CVE-2024/CVE-2024-10xx/CVE-2024-1085.json) (`2024-01-31T13:15:10.630`) -* [CVE-2024-1086](CVE-2024/CVE-2024-10xx/CVE-2024-1086.json) (`2024-01-31T13:15:10.827`) -* [CVE-2024-22143](CVE-2024/CVE-2024-221xx/CVE-2024-22143.json) (`2024-01-31T13:15:11.093`) -* [CVE-2024-22285](CVE-2024/CVE-2024-222xx/CVE-2024-22285.json) (`2024-01-31T13:15:11.307`) -* [CVE-2024-22291](CVE-2024/CVE-2024-222xx/CVE-2024-22291.json) (`2024-01-31T13:15:11.500`) -* [CVE-2024-22304](CVE-2024/CVE-2024-223xx/CVE-2024-22304.json) (`2024-01-31T13:15:11.690`) -* [CVE-2024-1112](CVE-2024/CVE-2024-11xx/CVE-2024-1112.json) (`2024-01-31T14:15:49.197`) -* [CVE-2024-22136](CVE-2024/CVE-2024-221xx/CVE-2024-22136.json) (`2024-01-31T14:15:49.430`) -* [CVE-2024-22140](CVE-2024/CVE-2024-221xx/CVE-2024-22140.json) (`2024-01-31T14:15:49.653`) +* [CVE-2024-1103](CVE-2024/CVE-2024-11xx/CVE-2024-1103.json) (`2024-01-31T15:15:10.863`) +* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-01-31T16:15:45.290`) +* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-01-31T16:15:46.287`) +* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-01-31T16:15:46.600`) +* [CVE-2024-23502](CVE-2024/CVE-2024-235xx/CVE-2024-23502.json) (`2024-01-31T16:15:46.890`) +* [CVE-2024-23505](CVE-2024/CVE-2024-235xx/CVE-2024-23505.json) (`2024-01-31T16:15:47.163`) +* [CVE-2024-23508](CVE-2024/CVE-2024-235xx/CVE-2024-23508.json) (`2024-01-31T16:15:47.407`) ### CVEs modified in the last Commit -Recently modified CVEs: `47` +Recently modified CVEs: `38` -* [CVE-2023-52337](CVE-2023/CVE-2023-523xx/CVE-2023-52337.json) (`2024-01-31T14:15:49.160`) -* [CVE-2023-52338](CVE-2023/CVE-2023-523xx/CVE-2023-52338.json) (`2024-01-31T14:38:35.867`) -* [CVE-2023-38994](CVE-2023/CVE-2023-389xx/CVE-2023-38994.json) (`2024-01-31T14:48:27.263`) -* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-31T13:15:10.350`) -* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-31T13:15:10.460`) -* [CVE-2024-23170](CVE-2024/CVE-2024-231xx/CVE-2024-23170.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-23775](CVE-2024/CVE-2024-237xx/CVE-2024-23775.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-1098](CVE-2024/CVE-2024-10xx/CVE-2024-1098.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-1099](CVE-2024/CVE-2024-10xx/CVE-2024-1099.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-22287](CVE-2024/CVE-2024-222xx/CVE-2024-22287.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-22290](CVE-2024/CVE-2024-222xx/CVE-2024-22290.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-22305](CVE-2024/CVE-2024-223xx/CVE-2024-22305.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-23507](CVE-2024/CVE-2024-235xx/CVE-2024-23507.json) (`2024-01-31T14:05:19.990`) -* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-1059](CVE-2024/CVE-2024-10xx/CVE-2024-1059.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-1060](CVE-2024/CVE-2024-10xx/CVE-2024-1060.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-1077](CVE-2024/CVE-2024-10xx/CVE-2024-1077.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-23834](CVE-2024/CVE-2024-238xx/CVE-2024-23834.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-23745](CVE-2024/CVE-2024-237xx/CVE-2024-23745.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-1069](CVE-2024/CVE-2024-10xx/CVE-2024-1069.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-0914](CVE-2024/CVE-2024-09xx/CVE-2024-0914.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-22236](CVE-2024/CVE-2024-222xx/CVE-2024-22236.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-0836](CVE-2024/CVE-2024-08xx/CVE-2024-0836.json) (`2024-01-31T14:05:27.507`) -* [CVE-2024-1012](CVE-2024/CVE-2024-10xx/CVE-2024-1012.json) (`2024-01-31T14:05:27.507`) +* [CVE-2023-39434](CVE-2023/CVE-2023-394xx/CVE-2023-39434.json) (`2024-01-31T15:15:09.663`) +* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2024-01-31T15:15:09.790`) +* [CVE-2023-40451](CVE-2023/CVE-2023-404xx/CVE-2023-40451.json) (`2024-01-31T15:15:09.977`) +* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2024-01-31T15:15:10.067`) +* [CVE-2023-41983](CVE-2023/CVE-2023-419xx/CVE-2023-41983.json) (`2024-01-31T15:15:10.187`) +* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-31T15:15:10.337`) +* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2024-01-31T15:15:10.463`) +* [CVE-2023-42890](CVE-2023/CVE-2023-428xx/CVE-2023-42890.json) (`2024-01-31T15:15:10.633`) +* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-31T16:15:45.150`) +* [CVE-2023-31654](CVE-2023/CVE-2023-316xx/CVE-2023-31654.json) (`2024-01-31T16:26:12.397`) +* [CVE-2023-46889](CVE-2023/CVE-2023-468xx/CVE-2023-46889.json) (`2024-01-31T16:36:18.020`) +* [CVE-2023-36177](CVE-2023/CVE-2023-361xx/CVE-2023-36177.json) (`2024-01-31T16:45:19.120`) +* [CVE-2023-42144](CVE-2023/CVE-2023-421xx/CVE-2023-42144.json) (`2024-01-31T16:48:30.507`) +* [CVE-2023-42143](CVE-2023/CVE-2023-421xx/CVE-2023-42143.json) (`2024-01-31T16:57:18.603`) +* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-31T16:15:45.513`) +* [CVE-2024-0741](CVE-2024/CVE-2024-07xx/CVE-2024-0741.json) (`2024-01-31T16:15:45.613`) +* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-01-31T16:15:45.700`) +* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-31T16:15:45.770`) +* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-31T16:15:45.850`) +* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-31T16:15:45.923`) +* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-31T16:15:46.000`) +* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-31T16:15:46.070`) +* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-31T16:15:46.140`) +* [CVE-2024-0755](CVE-2024/CVE-2024-07xx/CVE-2024-0755.json) (`2024-01-31T16:15:46.210`) +* [CVE-2024-23898](CVE-2024/CVE-2024-238xx/CVE-2024-23898.json) (`2024-01-31T16:49:06.600`) ## Download and Usage