From 5220b1e9ccb51dbde9b07be77323420ad95dc2fa Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 12 Jan 2024 23:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-12T23:00:24.733670+00:00 --- CVE-2007/CVE-2007-37xx/CVE-2007-3798.json | 529 +++++++++++++++++++- CVE-2022/CVE-2022-205xx/CVE-2022-20531.json | 67 ++- CVE-2022/CVE-2022-212xx/CVE-2022-21294.json | 28 +- CVE-2022/CVE-2022-49xx/CVE-2022-4903.json | 27 +- CVE-2022/CVE-2022-49xx/CVE-2022-4949.json | 30 +- CVE-2022/CVE-2022-49xx/CVE-2022-4962.json | 88 ++++ CVE-2023/CVE-2023-00xx/CVE-2023-0001.json | 4 +- CVE-2023/CVE-2023-06xx/CVE-2023-0679.json | 25 +- CVE-2023/CVE-2023-202xx/CVE-2023-20200.json | 6 +- CVE-2023/CVE-2023-324xx/CVE-2023-32439.json | 19 +- CVE-2023/CVE-2023-326xx/CVE-2023-32636.json | 11 +- CVE-2023/CVE-2023-382xx/CVE-2023-38201.json | 60 ++- CVE-2023/CVE-2023-424xx/CVE-2023-42463.json | 55 ++ CVE-2023/CVE-2023-424xx/CVE-2023-42464.json | 26 +- CVE-2023/CVE-2023-426xx/CVE-2023-42663.json | 22 +- CVE-2023/CVE-2023-427xx/CVE-2023-42788.json | 24 +- CVE-2023/CVE-2023-42xx/CVE-2023-4257.json | 21 +- CVE-2023/CVE-2023-42xx/CVE-2023-4265.json | 21 +- CVE-2023/CVE-2023-442xx/CVE-2023-44271.json | 27 +- CVE-2023/CVE-2023-482xx/CVE-2023-48297.json | 55 ++ CVE-2023/CVE-2023-490xx/CVE-2023-49098.json | 59 +++ CVE-2023/CVE-2023-490xx/CVE-2023-49099.json | 59 +++ CVE-2023/CVE-2023-496xx/CVE-2023-49647.json | 55 ++ CVE-2023/CVE-2023-498xx/CVE-2023-49801.json | 63 +++ CVE-2023/CVE-2023-514xx/CVE-2023-51441.json | 70 ++- CVE-2023/CVE-2023-516xx/CVE-2023-51698.json | 59 +++ CVE-2023/CVE-2023-57xx/CVE-2023-5753.json | 21 +- CVE-2023/CVE-2023-68xx/CVE-2023-6801.json | 65 ++- CVE-2024/CVE-2024-04xx/CVE-2024-0468.json | 88 ++++ CVE-2024/CVE-2024-04xx/CVE-2024-0469.json | 88 ++++ CVE-2024/CVE-2024-04xx/CVE-2024-0470.json | 88 ++++ CVE-2024/CVE-2024-04xx/CVE-2024-0471.json | 88 ++++ CVE-2024/CVE-2024-04xx/CVE-2024-0472.json | 88 ++++ CVE-2024/CVE-2024-04xx/CVE-2024-0473.json | 88 ++++ CVE-2024/CVE-2024-206xx/CVE-2024-20662.json | 78 ++- CVE-2024/CVE-2024-206xx/CVE-2024-20663.json | 163 +++++- CVE-2024/CVE-2024-206xx/CVE-2024-20664.json | 163 +++++- CVE-2024/CVE-2024-216xx/CVE-2024-21639.json | 59 +++ CVE-2024/CVE-2024-216xx/CVE-2024-21654.json | 59 +++ CVE-2024/CVE-2024-216xx/CVE-2024-21655.json | 55 ++ README.md | 91 ++-- 41 files changed, 2611 insertions(+), 181 deletions(-) create mode 100644 CVE-2022/CVE-2022-49xx/CVE-2022-4962.json create mode 100644 CVE-2023/CVE-2023-424xx/CVE-2023-42463.json create mode 100644 CVE-2023/CVE-2023-482xx/CVE-2023-48297.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49098.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49099.json create mode 100644 CVE-2023/CVE-2023-496xx/CVE-2023-49647.json create mode 100644 CVE-2023/CVE-2023-498xx/CVE-2023-49801.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51698.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0468.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0469.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0470.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0471.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0472.json create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0473.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21639.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21654.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21655.json diff --git a/CVE-2007/CVE-2007-37xx/CVE-2007-3798.json b/CVE-2007/CVE-2007-37xx/CVE-2007-3798.json index 51ca23636e9..e0a43788485 100644 --- a/CVE-2007/CVE-2007-37xx/CVE-2007-3798.json +++ b/CVE-2007/CVE-2007-37xx/CVE-2007-3798.json @@ -2,8 +2,8 @@ "id": "CVE-2007-3798", "sourceIdentifier": "cve@mitre.org", "published": "2007-07-16T22:30:00.000", - "lastModified": "2018-10-15T21:30:57.613", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:06:03.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -22,6 +22,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -55,7 +77,7 @@ "description": [ { "lang": "en", - "value": "CWE-189" + "value": "CWE-252" } ] } @@ -76,92 +98,550 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", + "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", + "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", + "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "399C55D7-0D4D-4D1F-B0C0-5BEF084BBFA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "644AEB96-EABA-4637-8C51-6E8AE7BB7299" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "258358F0-DC55-44D8-9440-C803C8C5FDC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:10.1:*:*:*:*:*:*:*", + "matchCriteriaId": "653831E7-C117-4CD7-ADA4-11E6FE15A897" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:10.2:*:*:*:*:*:*:*", + "matchCriteriaId": "D1BACED6-11B1-44C7-82CC-AAD7C424112E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4BE76350-E2BF-499C-BC2B-A82ADCC20037" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slackware:slackware:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD92835-0C55-4FD8-9808-393AC77F45B6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.5", + "matchCriteriaId": "C25C4C48-0C37-4B55-9124-4D3EFA6A7B98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0", + "versionEndExcluding": "6.1", + "matchCriteriaId": "5CD4018D-F0ED-407F-8C94-CD6095871948" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:-:*:*:*:*:*:*", + "matchCriteriaId": "4E63AC19-08C0-476A-B557-0CCC24A4DC88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "46589B30-1A6C-4764-BBC5-969E2BE82F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "C3565238-C0D8-4196-BE25-5A0E9CB18F07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p12:*:*:*:*:*:*", + "matchCriteriaId": "9EEBA213-0CE9-4C14-B543-02323421698B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p13:*:*:*:*:*:*", + "matchCriteriaId": "33229F64-E6CA-436B-A495-C753CF268068" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p14:*:*:*:*:*:*", + "matchCriteriaId": "EF3D3B09-4505-4FBE-BD78-CF106530B9F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "EB8ED096-29AB-4509-92C9-E9AA9D3653FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "A6751AB8-2F96-45CE-A2B1-F13621599009" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "DA3B6BBC-3EA2-445B-94B1-B079ABB0B22D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "44136741-534D-4D3B-83E2-E1D2D367953B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "5050EAD4-3635-4EBA-BA53-3CCF4D291269" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "C21700B9-9A63-41C2-92AA-3F4FB9DA68C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:5.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "0DE96008-FDC8-480A-B144-079086CCCE29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "B513BA9C-C121-4DCB-912F-529727217E8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p1:*:*:*:*:*:*", + "matchCriteriaId": "25273989-AC00-4649-BEAE-68F27DA09E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p10:*:*:*:*:*:*", + "matchCriteriaId": "3F756D1C-1DF7-484E-8A28-FE4886EC8DA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p11:*:*:*:*:*:*", + "matchCriteriaId": "6CA31CA1-A913-4E5B-A38B-F39A734602DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p12:*:*:*:*:*:*", + "matchCriteriaId": "B4439012-E5BD-4D24-8E37-B78368AFFCDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p13:*:*:*:*:*:*", + "matchCriteriaId": "11CDF5CE-C4E8-4DEF-A1FC-C6FF8386D227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p16:*:*:*:*:*:*", + "matchCriteriaId": "DF0868FD-2166-4C97-BA26-AB04FFDD53D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p17:*:*:*:*:*:*", + "matchCriteriaId": "E9D30D8B-0A80-4D57-BC7A-6E948CD03E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p18:*:*:*:*:*:*", + "matchCriteriaId": "B8C40E1F-F185-4FBF-A93D-86222DBE4BC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p2:*:*:*:*:*:*", + "matchCriteriaId": "AB7A908F-7983-479D-B17F-5E8C0DB1E2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p4:*:*:*:*:*:*", + "matchCriteriaId": "B1057593-E615-45AE-AFED-BEB83BBA8B03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p6:*:*:*:*:*:*", + "matchCriteriaId": "FBF6AEE8-F623-4DAF-88D6-D2996C3E4371" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p7:*:*:*:*:*:*", + "matchCriteriaId": "644CDF2C-D0E2-47CC-B891-50F75FE9AD41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.1:p9:*:*:*:*:*:*", + "matchCriteriaId": "6B7A0851-82B7-4AFE-B497-143770AC2BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.2:-:*:*:*:*:*:*", + "matchCriteriaId": "99009B85-61C6-4113-B3EF-40B8F330B65C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "34B2D56E-32CE-4892-958A-CE339F69D63C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "BBCED956-7969-40E0-8E45-8A8DB8C4473F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "285D90AC-242A-403F-BB38-A52459523B4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:6.2:p6:*:*:*:*:*:*", + "matchCriteriaId": "B7749CCD-6474-4E81-8C08-F44EF0C306A9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.4.11", + "matchCriteriaId": "2F5DEE66-117C-4844-8FD4-065D0820A808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.4.11", + "matchCriteriaId": "B9ACE85A-56A0-404C-AB58-A4F5CA73243C" + } + ] + } + ] } ], "references": [ { "url": "http://bugs.gentoo.org/show_bug.cgi?id=184815", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://docs.info.apple.com/article.html?artnum=307179", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] + }, + { + "url": "http://secunia.com/advisories/26135", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26168", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26223", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26231", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26263", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26266", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26286", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26395", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26404", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/26521", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/27580", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/28136", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://security.gentoo.org/glsa/glsa-200707-14.xml", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "http://www.debian.org/security/2007/dsa-1353", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:148", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2007-0368.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2007-0387.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/archive/1/474225/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/24965", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1018434", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.trustix.org/errata/2007/0023/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.turbolinux.com/security/2007/TLSA-2007-46.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.ubuntu.com/usn/usn-492-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Third Party Advisory", "US Government Resource" ] }, @@ -169,6 +649,7 @@ "url": "http://www.vupen.com/english/advisories/2007/2578", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, @@ -176,12 +657,16 @@ "url": "http://www.vupen.com/english/advisories/2007/4238", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20531.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20531.json index 1cfedba4870..87937ae8e04 100644 --- a/CVE-2022/CVE-2022-205xx/CVE-2022-20531.json +++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20531.json @@ -2,19 +2,78 @@ "id": "CVE-2022-20531", "sourceIdentifier": "security@android.com", "published": "2022-12-16T16:15:17.947", - "lastModified": "2023-11-07T13:58:18.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:57:29.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Telecom, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-212xx/CVE-2022-21294.json b/CVE-2022/CVE-2022-212xx/CVE-2022-21294.json index 20d40cdae98..5a5c873e1fd 100644 --- a/CVE-2022/CVE-2022-212xx/CVE-2022-21294.json +++ b/CVE-2022/CVE-2022-212xx/CVE-2022-21294.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21294", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-01-19T12:15:12.493", - "lastModified": "2023-09-08T00:15:08.517", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:13:35.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -149,8 +149,23 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C" + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08" }, { "vulnerable": true, @@ -184,6 +199,11 @@ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", + "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC" + }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json index e4760453617..fcb6d8aca73 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4903", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-10T15:15:11.717", - "lastModified": "2023-11-07T03:59:17.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:17:50.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,23 +17,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 8.1, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.2, "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -91,7 +91,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -130,7 +130,8 @@ "url": "https://github.com/codenameone/CodenameOne/issues/3583", "source": "cna@vuldb.com", "tags": [ - "Issue Tracking" + "Issue Tracking", + "Patch" ] }, { @@ -144,14 +145,14 @@ "url": "https://vuldb.com/?ctiid.220470", "source": "cna@vuldb.com", "tags": [ - "Broken Link" + "Permissions Required" ] }, { "url": "https://vuldb.com/?id.220470", "source": "cna@vuldb.com", "tags": [ - "Broken Link" + "Permissions Required" ] } ] diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json index 12aa0e3b768..208966fa947 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4949", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:15.750", - "lastModified": "2023-11-10T07:15:07.513", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:07:14.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -86,16 +86,38 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/09/3", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://xenbits.xen.org/xsa/advisory-443.html", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-adsanity-plugin/", diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json new file mode 100644 index 00000000000..86d550da90e --- /dev/null +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4962.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2022-4962", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T22:15:44.877", + "lastModified": "2024-01-12T22:15:44.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apolloconfig/apollo/issues/4684", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250430", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250430", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json index 8feb161dd48..7abb1f1ce57 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0001", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2023-02-08T18:15:11.523", - "lastModified": "2023-11-21T19:15:08.073", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:10:50.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json index a2e76e3ad8c..523971fc280 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0679", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-06T13:15:09.377", - "lastModified": "2023-11-07T04:01:11.330", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:22:40.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,23 +17,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 8.1, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.2, "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,8 +81,8 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", - "type": "Primary", + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -113,8 +113,7 @@ "url": "https://blog.csdn.net/weixin_43864034/article/details/128904906", "source": "cna@vuldb.com", "tags": [ - "Exploit", - "Third Party Advisory" + "Broken Link" ] }, { diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20200.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20200.json index 30048560860..12e72a8bb89 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20200.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20200.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20200", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-08-23T19:15:08.020", - "lastModified": "2023-09-07T17:58:03.400", + "lastModified": "2024-01-12T22:15:56.067", "vulnStatus": "Analyzed", "descriptions": [ { @@ -130,8 +130,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:firepower_4112_firwmare:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D61D8497-03BA-4F00-AF74-C694472E1FCB" + "criteria": "cpe:2.3:o:cisco:firepower_4112_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8848D88-7FE6-43C7-804A-0C4CD3914E8D" } ] }, diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json index 7a013813169..fc906f85937 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32439", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.813", - "lastModified": "2024-01-05T14:15:46.780", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:08:33.827", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-06-23", "cisaActionDue": "2023-07-14", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -104,7 +104,10 @@ "references": [ { "url": "https://security.gentoo.org/glsa/202401-04", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213811", @@ -140,11 +143,17 @@ }, { "url": "https://support.apple.com/kb/HT213814", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT213816", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json index 7a042727f11..5f7b1f778be 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32636", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-14T20:15:09.653", - "lastModified": "2023-11-10T18:15:07.903", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:09:56.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-502" } ] }, @@ -116,7 +116,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0002/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json index 6f953691b38..c8674632614 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38201", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-25T17:15:08.530", - "lastModified": "2023-11-12T03:15:26.953", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:01:19.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -107,6 +107,51 @@ "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" } ] } @@ -116,7 +161,10 @@ "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:5080", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-38201", @@ -150,7 +198,11 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42463.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42463.json new file mode 100644 index 00000000000..e7923e12e83 --- /dev/null +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42463.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42463", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:09.117", + "lastModified": "2024-01-12T21:15:09.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json index ea84a959599..3c610d10baa 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42464", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T15:15:11.817", - "lastModified": "2023-10-06T03:15:10.460", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:18:33.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -74,6 +74,11 @@ "operator": "OR", "negate": false, "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", @@ -96,7 +101,11 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://netatalk.sourceforge.io/", @@ -107,11 +116,18 @@ }, { "url": "https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://netatalk.sourceforge.io/CVE-2023-42464.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5503", diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42663.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42663.json index abdd42e3c3e..f002abf1ed2 100644 --- a/CVE-2023/CVE-2023-426xx/CVE-2023-42663.json +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42663.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42663", "sourceIdentifier": "security@apache.org", "published": "2023-10-14T10:15:09.940", - "lastModified": "2023-11-12T15:15:07.773", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:04:05.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -40,8 +40,18 @@ }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,7 +81,11 @@ "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/12/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/apache/airflow/pull/34315", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json index 75d2b25310b..0d6f980fad2 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42788", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-10-10T17:15:12.987", - "lastModified": "2023-11-07T04:21:15.677", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:15:12.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,23 +21,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "baseScore": 6.7, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 0.8, "impactScore": 5.9 }, { - "source": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", + "source": "psirt@fortinet.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", + "source": "psirt@fortinet.com", "type": "Secondary", "description": [ { @@ -168,7 +168,11 @@ }, { "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4257.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4257.json index 165cbb71968..7aa643ebbf2 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4257.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4257.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4257", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-10-13T22:15:10.453", - "lastModified": "2023-11-14T03:15:09.867", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:03:42.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -105,15 +105,26 @@ "references": [ { "url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/11/07/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4265.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4265.json index a594569286f..5927575bde5 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4265.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4265.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4265", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-08-12T23:15:08.567", - "lastModified": "2023-11-14T03:15:10.553", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T21:58:32.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -97,15 +97,26 @@ "references": [ { "url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/11/07/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json index 0c312573365..0d8a7c0de71 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44271", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T05:15:30.137", - "lastModified": "2023-11-12T03:15:27.063", - "vulnStatus": "Modified", + "lastModified": "2024-01-12T22:09:08.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-770" } ] } @@ -66,6 +66,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] } ], "references": [ @@ -92,7 +107,11 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48297.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48297.json new file mode 100644 index 00000000000..83899976693 --- /dev/null +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48297.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48297", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:09.340", + "lastModified": "2024-01-12T21:15:09.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49098.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49098.json new file mode 100644 index 00000000000..b742318a118 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49098.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49098", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:09.540", + "lastModified": "2024-01-12T21:15:09.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49099.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49099.json new file mode 100644 index 00000000000..f76b19d0738 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49099.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49099", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:09.747", + "lastModified": "2024-01-12T21:15:09.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49647.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49647.json new file mode 100644 index 00000000000..968be6492d0 --- /dev/null +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49647.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49647", + "sourceIdentifier": "security@zoom.us", + "published": "2024-01-12T22:15:45.130", + "lastModified": "2024-01-12T22:15:45.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json new file mode 100644 index 00000000000..ae7341b7b16 --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-49801", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:09.943", + "lastModified": "2024-01-12T21:15:09.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51441.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51441.json index 1f5a956dce6..40ad058d0ab 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51441.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51441.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51441", "sourceIdentifier": "security@apache.org", "published": "2024-01-06T12:15:42.997", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:04:54.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,44 @@ "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** La vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Axis permiti\u00f3 a los usuarios con acceso al servicio de administraci\u00f3n realizar posibles SSRF. Este problema afecta a Apache Axis: hasta 1.3. Como Axis 1 ha estado en EOL, le recomendamos migrar a un motor SOAP diferente, como Apache Axis 2/Java. Alternativamente, puede usar una compilaci\u00f3n de Axis con el parche de https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 aplicado. El proyecto Apache Axis no espera crear una versi\u00f3n Axis 1.x que solucione este problema, aunque los contribuyentes que deseen trabajar para lograrlo son bienvenidos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -27,14 +60,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "D6E42C7C-08ED-4328-AAB8-FA052541C15B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51698.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51698.json new file mode 100644 index 00000000000..cdb11371cf2 --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51698.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51698", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:10.150", + "lastModified": "2024-01-12T21:15:10.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5753.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5753.json index 84e9b29c4cd..84c0cda8f75 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5753.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5753.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5753", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-10-25T18:17:44.950", - "lastModified": "2023-11-14T03:15:11.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-12T22:04:24.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -105,15 +105,26 @@ "references": [ { "url": "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Nov/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/11/07/1", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6801.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6801.json index cb45b6fb00e..212d4bd5f74 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6801.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6801.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6801", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-06T10:15:46.133", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:05:21.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:rss_aggregator_by_feedzy:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.3.3", + "matchCriteriaId": "F0D415BA-7AFD-494E-9DBC-AFB3AAFA1915" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0468.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0468.json new file mode 100644 index 00000000000..e8138e0a575 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0468.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0468", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T21:15:10.350", + "lastModified": "2024-01-12T21:15:10.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250573", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250573", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0469.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0469.json new file mode 100644 index 00000000000..c88670bc579 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0469.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0469", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T21:15:10.573", + "lastModified": "2024-01-12T21:15:10.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250574", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250574", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0470.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0470.json new file mode 100644 index 00000000000..ff40346c2b0 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0470.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0470", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T21:15:10.800", + "lastModified": "2024-01-12T21:15:10.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250575", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250575", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0471.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0471.json new file mode 100644 index 00000000000..df5705c5c52 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0471.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0471", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T21:15:11.050", + "lastModified": "2024-01-12T21:15:11.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250576", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250576", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0472.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0472.json new file mode 100644 index 00000000000..2df891875d4 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0472.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0472", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T22:15:45.323", + "lastModified": "2024-01-12T22:15:45.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 5.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250577", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250577", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0473.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0473.json new file mode 100644 index 00000000000..3e8fc4c5b3c --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0473.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0473", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T22:15:45.533", + "lastModified": "2024-01-12T22:15:45.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250578", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250578", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json index 4cbf535a835..a7b8e99b0cf 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20662", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:49.447", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:47:48.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Online Certificate Status Protocol (OCSP) de Windows" } ], "metrics": { @@ -34,10 +38,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20662", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json index f7fc6cf67e7..810dfcfda3e 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20663", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:49.640", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:45:42.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Message Queuing Client (MSMQC) Information Disclosure" + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n de Message Queuing Client (MSMQC) de Windows" } ], "metrics": { @@ -34,10 +38,163 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "46ABD897-272E-49BD-BCD1-79EA0908349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "B85886E7-0E67-4BBD-9E42-4507DF422BCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "1301CF7B-D772-4AAA-BFF2-88BF493A324E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "DDEB129C-34A6-47E5-A652-51FCE0A3A880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "F0470D92-707F-4073-886A-ECDC4F2E1CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "A7997F10-4040-4664-B55E-0039E25B4F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "91F6049F-03C1-494C-8AA1-6DE27D335139" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20663", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json index 42c92e03ac9..d030b601282 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20664", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:49.863", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-12T21:40:25.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Message Queue Server" } ], "metrics": { @@ -34,10 +38,163 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "46ABD897-272E-49BD-BCD1-79EA0908349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20402", + "matchCriteriaId": "B85886E7-0E67-4BBD-9E42-4507DF422BCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "1301CF7B-D772-4AAA-BFF2-88BF493A324E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6614", + "matchCriteriaId": "DDEB129C-34A6-47E5-A652-51FCE0A3A880" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "F0470D92-707F-4073-886A-ECDC4F2E1CAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5329", + "matchCriteriaId": "A7997F10-4040-4664-B55E-0039E25B4F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.3930", + "matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3930", + "matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2713", + "matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3007", + "matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "91F6049F-03C1-494C-8AA1-6DE27D335139" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3007", + "matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20664", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json new file mode 100644 index 00000000000..13dc5d4bce5 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21639", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T22:15:45.750", + "lastModified": "2024-01-12T22:15:45.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json new file mode 100644 index 00000000000..8d2963aed81 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21654", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:11.287", + "lastModified": "2024-01-12T21:15:11.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21655.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21655.json new file mode 100644 index 00000000000..001ce08462e --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21655.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-21655", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-12T21:15:11.510", + "lastModified": "2024-01-12T21:15:11.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c8c6c1b2291..6ee14e79afa 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-12T21:00:27.409864+00:00 +2024-01-12T23:00:24.733670+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-12T20:50:42.863000+00:00 +2024-01-12T22:22:40.437000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235791 +235808 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `17` -* [CVE-2010-10011](CVE-2010/CVE-2010-100xx/CVE-2010-10011.json) (`2024-01-12T20:15:46.833`) -* [CVE-2023-31024](CVE-2023/CVE-2023-310xx/CVE-2023-31024.json) (`2024-01-12T19:15:09.397`) -* [CVE-2023-31025](CVE-2023/CVE-2023-310xx/CVE-2023-31025.json) (`2024-01-12T19:15:09.627`) -* [CVE-2023-31029](CVE-2023/CVE-2023-310xx/CVE-2023-31029.json) (`2024-01-12T19:15:09.847`) -* [CVE-2023-31030](CVE-2023/CVE-2023-310xx/CVE-2023-31030.json) (`2024-01-12T19:15:10.067`) -* [CVE-2023-31031](CVE-2023/CVE-2023-310xx/CVE-2023-31031.json) (`2024-01-12T19:15:10.257`) -* [CVE-2023-31032](CVE-2023/CVE-2023-310xx/CVE-2023-31032.json) (`2024-01-12T19:15:10.490`) -* [CVE-2023-31033](CVE-2023/CVE-2023-310xx/CVE-2023-31033.json) (`2024-01-12T19:15:10.680`) -* [CVE-2023-31034](CVE-2023/CVE-2023-310xx/CVE-2023-31034.json) (`2024-01-12T19:15:10.867`) -* [CVE-2023-31035](CVE-2023/CVE-2023-310xx/CVE-2023-31035.json) (`2024-01-12T19:15:11.057`) -* [CVE-2023-6683](CVE-2023/CVE-2023-66xx/CVE-2023-6683.json) (`2024-01-12T19:15:11.480`) -* [CVE-2024-0464](CVE-2024/CVE-2024-04xx/CVE-2024-0464.json) (`2024-01-12T19:15:11.777`) -* [CVE-2024-0465](CVE-2024/CVE-2024-04xx/CVE-2024-0465.json) (`2024-01-12T19:15:12.577`) -* [CVE-2024-0466](CVE-2024/CVE-2024-04xx/CVE-2024-0466.json) (`2024-01-12T19:15:12.920`) -* [CVE-2024-0467](CVE-2024/CVE-2024-04xx/CVE-2024-0467.json) (`2024-01-12T20:15:47.177`) -* [CVE-2024-22206](CVE-2024/CVE-2024-222xx/CVE-2024-22206.json) (`2024-01-12T20:15:47.420`) +* [CVE-2022-4962](CVE-2022/CVE-2022-49xx/CVE-2022-4962.json) (`2024-01-12T22:15:44.877`) +* [CVE-2023-42463](CVE-2023/CVE-2023-424xx/CVE-2023-42463.json) (`2024-01-12T21:15:09.117`) +* [CVE-2023-48297](CVE-2023/CVE-2023-482xx/CVE-2023-48297.json) (`2024-01-12T21:15:09.340`) +* [CVE-2023-49098](CVE-2023/CVE-2023-490xx/CVE-2023-49098.json) (`2024-01-12T21:15:09.540`) +* [CVE-2023-49099](CVE-2023/CVE-2023-490xx/CVE-2023-49099.json) (`2024-01-12T21:15:09.747`) +* [CVE-2023-49801](CVE-2023/CVE-2023-498xx/CVE-2023-49801.json) (`2024-01-12T21:15:09.943`) +* [CVE-2023-51698](CVE-2023/CVE-2023-516xx/CVE-2023-51698.json) (`2024-01-12T21:15:10.150`) +* [CVE-2023-49647](CVE-2023/CVE-2023-496xx/CVE-2023-49647.json) (`2024-01-12T22:15:45.130`) +* [CVE-2024-0468](CVE-2024/CVE-2024-04xx/CVE-2024-0468.json) (`2024-01-12T21:15:10.350`) +* [CVE-2024-0469](CVE-2024/CVE-2024-04xx/CVE-2024-0469.json) (`2024-01-12T21:15:10.573`) +* [CVE-2024-0470](CVE-2024/CVE-2024-04xx/CVE-2024-0470.json) (`2024-01-12T21:15:10.800`) +* [CVE-2024-0471](CVE-2024/CVE-2024-04xx/CVE-2024-0471.json) (`2024-01-12T21:15:11.050`) +* [CVE-2024-21654](CVE-2024/CVE-2024-216xx/CVE-2024-21654.json) (`2024-01-12T21:15:11.287`) +* [CVE-2024-21655](CVE-2024/CVE-2024-216xx/CVE-2024-21655.json) (`2024-01-12T21:15:11.510`) +* [CVE-2024-0472](CVE-2024/CVE-2024-04xx/CVE-2024-0472.json) (`2024-01-12T22:15:45.323`) +* [CVE-2024-0473](CVE-2024/CVE-2024-04xx/CVE-2024-0473.json) (`2024-01-12T22:15:45.533`) +* [CVE-2024-21639](CVE-2024/CVE-2024-216xx/CVE-2024-21639.json) (`2024-01-12T22:15:45.750`) ### CVEs modified in the last Commit -Recently modified CVEs: `44` +Recently modified CVEs: `23` -* [CVE-2023-51971](CVE-2023/CVE-2023-519xx/CVE-2023-51971.json) (`2024-01-12T19:22:55.453`) -* [CVE-2023-6147](CVE-2023/CVE-2023-61xx/CVE-2023-6147.json) (`2024-01-12T19:40:20.017`) -* [CVE-2023-49235](CVE-2023/CVE-2023-492xx/CVE-2023-49235.json) (`2024-01-12T19:51:24.593`) -* [CVE-2023-6149](CVE-2023/CVE-2023-61xx/CVE-2023-6149.json) (`2024-01-12T19:55:38.860`) -* [CVE-2023-6148](CVE-2023/CVE-2023-61xx/CVE-2023-6148.json) (`2024-01-12T20:12:53.267`) -* [CVE-2023-50974](CVE-2023/CVE-2023-509xx/CVE-2023-50974.json) (`2024-01-12T20:25:04.120`) -* [CVE-2023-49236](CVE-2023/CVE-2023-492xx/CVE-2023-49236.json) (`2024-01-12T20:39:27.197`) -* [CVE-2023-20900](CVE-2023/CVE-2023-209xx/CVE-2023-20900.json) (`2024-01-12T20:41:42.680`) -* [CVE-2023-4753](CVE-2023/CVE-2023-47xx/CVE-2023-4753.json) (`2024-01-12T20:46:22.983`) -* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-12T20:46:59.220`) -* [CVE-2023-45992](CVE-2023/CVE-2023-459xx/CVE-2023-45992.json) (`2024-01-12T20:50:42.863`) -* [CVE-2024-20694](CVE-2024/CVE-2024-206xx/CVE-2024-20694.json) (`2024-01-12T19:07:21.457`) -* [CVE-2024-20692](CVE-2024/CVE-2024-206xx/CVE-2024-20692.json) (`2024-01-12T19:10:41.183`) -* [CVE-2024-20710](CVE-2024/CVE-2024-207xx/CVE-2024-20710.json) (`2024-01-12T19:14:08.107`) -* [CVE-2024-20711](CVE-2024/CVE-2024-207xx/CVE-2024-20711.json) (`2024-01-12T19:14:18.940`) -* [CVE-2024-20712](CVE-2024/CVE-2024-207xx/CVE-2024-20712.json) (`2024-01-12T19:14:30.933`) -* [CVE-2024-20713](CVE-2024/CVE-2024-207xx/CVE-2024-20713.json) (`2024-01-12T19:14:39.960`) -* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-12T19:21:36.473`) -* [CVE-2024-0462](CVE-2024/CVE-2024-04xx/CVE-2024-0462.json) (`2024-01-12T19:21:49.423`) -* [CVE-2024-0463](CVE-2024/CVE-2024-04xx/CVE-2024-0463.json) (`2024-01-12T19:21:49.423`) -* [CVE-2024-0213](CVE-2024/CVE-2024-02xx/CVE-2024-0213.json) (`2024-01-12T19:27:52.903`) -* [CVE-2024-22370](CVE-2024/CVE-2024-223xx/CVE-2024-22370.json) (`2024-01-12T19:29:18.790`) -* [CVE-2024-22125](CVE-2024/CVE-2024-221xx/CVE-2024-22125.json) (`2024-01-12T19:42:36.637`) -* [CVE-2024-0226](CVE-2024/CVE-2024-02xx/CVE-2024-0226.json) (`2024-01-12T20:04:24.130`) -* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-12T20:46:41.213`) +* [CVE-2007-3798](CVE-2007/CVE-2007-37xx/CVE-2007-3798.json) (`2024-01-12T22:06:03.783`) +* [CVE-2022-20531](CVE-2022/CVE-2022-205xx/CVE-2022-20531.json) (`2024-01-12T21:57:29.507`) +* [CVE-2022-4949](CVE-2022/CVE-2022-49xx/CVE-2022-4949.json) (`2024-01-12T22:07:14.007`) +* [CVE-2022-21294](CVE-2022/CVE-2022-212xx/CVE-2022-21294.json) (`2024-01-12T22:13:35.553`) +* [CVE-2022-4903](CVE-2022/CVE-2022-49xx/CVE-2022-4903.json) (`2024-01-12T22:17:50.847`) +* [CVE-2023-51441](CVE-2023/CVE-2023-514xx/CVE-2023-51441.json) (`2024-01-12T21:04:54.340`) +* [CVE-2023-6801](CVE-2023/CVE-2023-68xx/CVE-2023-6801.json) (`2024-01-12T21:05:21.497`) +* [CVE-2023-4265](CVE-2023/CVE-2023-42xx/CVE-2023-4265.json) (`2024-01-12T21:58:32.967`) +* [CVE-2023-38201](CVE-2023/CVE-2023-382xx/CVE-2023-38201.json) (`2024-01-12T22:01:19.793`) +* [CVE-2023-4257](CVE-2023/CVE-2023-42xx/CVE-2023-4257.json) (`2024-01-12T22:03:42.873`) +* [CVE-2023-42663](CVE-2023/CVE-2023-426xx/CVE-2023-42663.json) (`2024-01-12T22:04:05.890`) +* [CVE-2023-5753](CVE-2023/CVE-2023-57xx/CVE-2023-5753.json) (`2024-01-12T22:04:24.617`) +* [CVE-2023-32439](CVE-2023/CVE-2023-324xx/CVE-2023-32439.json) (`2024-01-12T22:08:33.827`) +* [CVE-2023-44271](CVE-2023/CVE-2023-442xx/CVE-2023-44271.json) (`2024-01-12T22:09:08.133`) +* [CVE-2023-32636](CVE-2023/CVE-2023-326xx/CVE-2023-32636.json) (`2024-01-12T22:09:56.247`) +* [CVE-2023-0001](CVE-2023/CVE-2023-00xx/CVE-2023-0001.json) (`2024-01-12T22:10:50.817`) +* [CVE-2023-42788](CVE-2023/CVE-2023-427xx/CVE-2023-42788.json) (`2024-01-12T22:15:12.640`) +* [CVE-2023-20200](CVE-2023/CVE-2023-202xx/CVE-2023-20200.json) (`2024-01-12T22:15:56.067`) +* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2024-01-12T22:18:33.463`) +* [CVE-2023-0679](CVE-2023/CVE-2023-06xx/CVE-2023-0679.json) (`2024-01-12T22:22:40.437`) +* [CVE-2024-20664](CVE-2024/CVE-2024-206xx/CVE-2024-20664.json) (`2024-01-12T21:40:25.993`) +* [CVE-2024-20663](CVE-2024/CVE-2024-206xx/CVE-2024-20663.json) (`2024-01-12T21:45:42.930`) +* [CVE-2024-20662](CVE-2024/CVE-2024-206xx/CVE-2024-20662.json) (`2024-01-12T21:47:48.250`) ## Download and Usage