admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-17T17:00:25.501586+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-17 17:00:30 +00:00
parent 5e3686c9c5
commit 5c2aba0a07
51 changed files with 1628 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
CVE-2017/CVE-2017-140xx/CVE-2017-14021.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14021",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2017-11-01T02:29:00.210",
"lastModified": "2019-10-09T23:23:44.827",
"lastModified": "2024-01-17T15:05:39.563",
"vulnStatus": "Modified",
"descriptions": [
{
@ -106,8 +106,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5018g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "130FD179-0AFD-45CE-9ECB-A3ED71D1B37C"
"criteria": "cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CB2958-84F6-4461-9AD3-F40FCD457C93"
}
]
}
@ -133,8 +133,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D"
"criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55"
}
]
}
@ -160,8 +160,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5428g-2g-2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC86999-5BD5-4F52-828E-2FEB071CC7F5"
"criteria": "cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6497F848-1268-48E2-8DC3-840F9D44049E"
}
]
}
@ -187,8 +187,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5628g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCCBA67-BE4A-47B1-882B-D485880DA2CE"
"criteria": "cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD60DF22-585E-49DF-9D90-119A5C5DD8CA"
}
]
}
@ -214,8 +214,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5628g-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8809A638-39A1-4B1B-B382-CB15D7754894"
"criteria": "cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B88DB5A5-4F43-4AE1-B3F6-8E1810276423"
}
]
}
@ -241,8 +241,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5728g-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF75AF1-4A4C-423E-B429-3B11514D3A8D"
"criteria": "cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81174238-9B97-46F3-9FAD-AE594480CB29"
}
]
}
@ -268,8 +268,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5828g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCE941-4525-41F1-A169-0BCE56AC41C2"
"criteria": "cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C4DA7B-4E69-4831-B380-A65BE8EE8B10"
}
]
}
@ -295,8 +295,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet6710g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D7494-FB28-422F-9D79-E4FFB18FF8A6"
"criteria": "cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA"
}
]
}
@ -322,8 +322,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet6710g-hvdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55E51A56-2185-4A61-BD39-D1B74A688C6E"
"criteria": "cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD53579F-A44B-48C6-98EF-4C3D597C9E17"
}
]
}

38
CVE-2017/CVE-2017-140xx/CVE-2017-14027.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14027",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2017-11-01T02:29:00.257",
"lastModified": "2019-10-09T23:23:45.640",
"lastModified": "2024-01-17T15:05:39.563",
"vulnStatus": "Modified",
"descriptions": [
{
@ -106,8 +106,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5018g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "130FD179-0AFD-45CE-9ECB-A3ED71D1B37C"
"criteria": "cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CB2958-84F6-4461-9AD3-F40FCD457C93"
}
]
}
@ -133,8 +133,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D"
"criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55"
}
]
}
@ -160,8 +160,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5428g-2g-2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC86999-5BD5-4F52-828E-2FEB071CC7F5"
"criteria": "cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6497F848-1268-48E2-8DC3-840F9D44049E"
}
]
}
@ -187,8 +187,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5628g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCCBA67-BE4A-47B1-882B-D485880DA2CE"
"criteria": "cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD60DF22-585E-49DF-9D90-119A5C5DD8CA"
}
]
}
@ -214,8 +214,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5628g-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8809A638-39A1-4B1B-B382-CB15D7754894"
"criteria": "cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B88DB5A5-4F43-4AE1-B3F6-8E1810276423"
}
]
}
@ -241,8 +241,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5728g-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF75AF1-4A4C-423E-B429-3B11514D3A8D"
"criteria": "cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81174238-9B97-46F3-9FAD-AE594480CB29"
}
]
}
@ -268,8 +268,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5828g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCE941-4525-41F1-A169-0BCE56AC41C2"
"criteria": "cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C4DA7B-4E69-4831-B380-A65BE8EE8B10"
}
]
}
@ -295,8 +295,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet6710g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A30D7494-FB28-422F-9D79-E4FFB18FF8A6"
"criteria": "cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA"
}
]
}
@ -322,8 +322,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet6710g-hvdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55E51A56-2185-4A61-BD39-D1B74A688C6E"
"criteria": "cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD53579F-A44B-48C6-98EF-4C3D597C9E17"
}
]
}

34
CVE-2020/CVE-2020-125xx/CVE-2020-12501.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-12501",
"sourceIdentifier": "info@cert.vde.com",
"published": "2020-10-15T19:15:11.550",
"lastModified": "2022-10-19T18:01:40.103",
"lastModified": "2024-01-17T15:05:39.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -477,8 +477,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5428g-20sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDDCF09-9B4D-4E15-9FEB-33F800FAD84A"
"criteria": "cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41A504D7-8B61-4D78-9D66-9687D6110F47"
}
]
}
@ -504,8 +504,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5810g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC5050-301B-4285-9305-6F8483FE522E"
"criteria": "cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6C2282-D4E5-40FC-9C1A-749C1B1C623A"
}
]
}
@ -531,8 +531,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet4510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87B4EF92-35FE-4428-926D-C4F11EEF7D3D"
"criteria": "cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C864A6A1-5E58-4EFE-85FC-DEDFBBC36473"
}
]
}
@ -558,8 +558,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E011BC88-CAC2-4253-A86E-78EC83864F65"
"criteria": "cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0896AC09-3022-4A14-93DB-D6BE6795C615"
}
]
}
@ -585,8 +585,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B09548-67B6-435A-AC93-70E7A511FFC2"
"criteria": "cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86BE9095-B0A6-4268-AC78-453C462FB80B"
}
]
}
@ -612,8 +612,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet6095:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE80D21B-BA86-4677-A1FA-FF7AB0F8AA94"
"criteria": "cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E6FE6C-873E-4C58-B590-3888BCE38F1D"
}
]
}
@ -639,8 +639,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet4706:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE777BE-703A-4F8A-A28E-E516F945A8EE"
"criteria": "cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD089EE1-3D71-430C-9CA9-BE32470BEE27"
}
]
}
@ -720,8 +720,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet4706f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B166F4D-42B6-4017-B972-16424527D68E"
"criteria": "cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875F22D5-57B9-43EB-A92C-9FB0EA948164"
}
]
}

28
CVE-2022/CVE-2022-215xx/CVE-2022-21540.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21540",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-07-19T22:15:11.730",
"lastModified": "2023-11-07T03:43:35.777",
"lastModified": "2024-01-17T15:15:08.470",
"vulnStatus": "Modified",
"descriptions": [
{
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "43595867-4340-4103-b7a2-9a5208d29a85",
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -906,10 +906,34 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"source": "secalert_us@oracle.com",

24
CVE-2022/CVE-2022-215xx/CVE-2022-21541.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21541",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-07-19T22:15:11.783",
"lastModified": "2023-11-07T03:43:35.930",
"lastModified": "2024-01-17T15:15:08.750",
"vulnStatus": "Modified",
"descriptions": [
{
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "43595867-4340-4103-b7a2-9a5208d29a85",
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -901,6 +901,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
"source": "secalert_us@oracle.com"
@ -909,6 +917,18 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-215xx/CVE-2022-21549.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21549",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-07-19T22:15:12.147",
"lastModified": "2023-11-07T03:43:36.203",
"lastModified": "2024-01-17T15:15:08.940",
"vulnStatus": "Modified",
"descriptions": [
{
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "43595867-4340-4103-b7a2-9a5208d29a85",
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -196,6 +196,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-216xx/CVE-2022-21618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21618",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:12.757",
"lastModified": "2023-04-27T17:37:47.360",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.067",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -237,6 +237,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-216xx/CVE-2022-21619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21619",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:12.810",
"lastModified": "2023-04-27T17:37:27.263",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.200",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -308,6 +308,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-216xx/CVE-2022-21624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21624",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:13.657",
"lastModified": "2023-04-27T17:45:14.937",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -308,6 +308,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-216xx/CVE-2022-21626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21626",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:13.770",
"lastModified": "2023-04-27T17:37:07.933",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.433",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -262,6 +262,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

8
CVE-2022/CVE-2022-216xx/CVE-2022-21628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21628",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:13.887",
"lastModified": "2023-04-27T17:46:04.293",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.533",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -308,6 +308,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

6
CVE-2022/CVE-2022-341xx/CVE-2022-34169.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34169",
"sourceIdentifier": "security@apache.org",
"published": "2022-07-19T18:15:11.740",
"lastModified": "2023-05-05T08:15:08.767",
"lastModified": "2024-01-17T15:15:09.640",
"vulnStatus": "Modified",
"descriptions": [
{
@ -1043,6 +1043,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
"source": "security@apache.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "security@apache.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"source": "security@apache.org",

55
CVE-2022/CVE-2022-364xx/CVE-2022-36418.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-36418",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:45.817",
"lastModified": "2024-01-17T16:15:45.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hreflang-tags-by-dcgws/wordpress-hreflang-tags-lite-plugin-2-0-0-unauthenticated-plugin-data-reset-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-381xx/CVE-2022-38141.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-38141",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:46.033",
"lastModified": "2024-01-17T16:15:46.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-advanced-sales-report-email/wordpress-sales-report-email-for-woocommerce-plugin-2-8-auth-test-email-submission-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2022/CVE-2022-393xx/CVE-2022-39399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39399",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-10-18T21:15:14.730",
"lastModified": "2023-04-27T17:47:44.157",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:09.797",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -241,6 +241,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0012/",
"source": "secalert_us@oracle.com",

55
CVE-2022/CVE-2022-402xx/CVE-2022-40203.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-40203",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:46.230",
"lastModified": "2024-01-17T16:15:46.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-5-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2022/CVE-2022-429xx/CVE-2022-42920.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42920",
"sourceIdentifier": "security@apache.org",
"published": "2022-11-07T13:15:10.270",
"lastModified": "2023-11-07T03:53:41.760",
"lastModified": "2024-01-17T15:15:09.927",
"vulnStatus": "Modified",
"descriptions": [
{
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -121,6 +121,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/",
"source": "security@apache.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "security@apache.org"
}
]
}

8
CVE-2023/CVE-2023-218xx/CVE-2023-21830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21830",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-01-18T00:15:12.873",
"lastModified": "2023-07-21T19:22:27.383",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:10.047",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -153,6 +153,10 @@
}
],
"references": [
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2023.html",
"source": "secalert_us@oracle.com",

8
CVE-2023/CVE-2023-218xx/CVE-2023-21835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21835",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-01-18T00:15:13.147",
"lastModified": "2023-04-27T17:48:26.237",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:10.157",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -139,6 +139,10 @@
}
],
"references": [
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2023.html",
"source": "secalert_us@oracle.com",

8
CVE-2023/CVE-2023-218xx/CVE-2023-21843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21843",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-01-18T00:15:13.717",
"lastModified": "2023-04-27T17:49:30.817",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:15:10.240",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -184,6 +184,10 @@
}
],
"references": [
{
"url": "https://security.gentoo.org/glsa/202401-25",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2023.html",
"source": "secalert_us@oracle.com",

55
CVE-2023/CVE-2023-343xx/CVE-2023-34379.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34379",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:46.427",
"lastModified": "2024-01-17T16:15:46.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cart2cart-magento-to-woocommerce-migration/wordpress-cart2cart-magento-to-woocommerce-migration-plugin-2-0-0-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

92
CVE-2023/CVE-2023-380xx/CVE-2023-38021.json
View File

@ -2,35 +2,111 @@
"id": "CVE-2023-38021",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.303",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:17:38.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la plataforma Fortanix EnclaveOS Confidential Computing Manager (CCM) anterior a 3.32 para Intel SGX. La falta de l\u00f3gica de validaci\u00f3n de alineaci\u00f3n del puntero en las funciones de entrada permite que un atacante local acceda a informaci\u00f3n no autorizada. Esto se relaciona con la funci\u00f3n enclave_ecall y la capa de llamada al sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortanix:confidential_computing_manager:*:*:*:*:*:intel_software_guard_extensions:*:*",
"versionEndExcluding": "3.32",
"matchCriteriaId": "D5747D7E-7453-4B91-86E6-0937373746C3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-380xx/CVE-2023-38022.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-38022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.360",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:09:09.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform anterior a 3.29 para Intel SGX. Una validaci\u00f3n de puntero insuficiente permite que un atacante local acceda a informaci\u00f3n no autorizada. Esto se relaciona con strlen y sgx_is_within_user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortanix:confidential_computing_manager:*:*:*:*:*:intel_software_guard_extensions:*:*",
"versionEndExcluding": "3.29",
"matchCriteriaId": "1AAC8EBD-B2F2-4FD6-BE41-3EB5C15ABEDD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jovanbulck.github.io/files/ccs19-tale.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45139.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45139",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-10T16:15:46.767",
"lastModified": "2024-01-10T16:59:48.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:36:52.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0."
},
{
"lang": "es",
"value": "fontTools es una librer\u00eda para manipular fuentes, escrita en Python. El m\u00f3dulo subsetting tiene una vulnerabilidad de inyecci\u00f3n de entidades externas XML (XXE) que permite a un atacante resolver entidades arbitrarias cuando se analiza una fuente candidata (fuentes OT-SVG), que contiene una tabla SVG. Esto permite a los atacantes incluir archivos arbitrarios del sistema de archivos en el que se ejecuta fontTools o realizar solicitudes web desde el sistema host. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.43.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fonttools:fonttools:*:*:*:*:*:python:*:*",
"versionStartIncluding": "4.28.2",
"versionEndExcluding": "4.43.0",
"matchCriteriaId": "CA51147F-FB56-471F-AA46-967C55F0AE97"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/fonttools/fonttools/releases/tag/4.43.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-452xx/CVE-2023-45229.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45229",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:11.533",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites cuando procesa la opci\u00f3n IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45230.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45230",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:11.727",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.400",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer a trav\u00e9s de una opci\u00f3n de ID de servidor larga en el cliente DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45231.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45231",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:11.910",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
},
{
"lang": "es",
"value": "El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites al procesar el mensaje de redirecci\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45232.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45232",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.090",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.540",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n"
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar opciones desconocidas en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de disponibilidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45233.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45233",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.277",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.610",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n"
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar una opci\u00f3n PadN en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de disponibilidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45234.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45234",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.460",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer al procesar la opci\u00f3n de servidores DNS desde un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

10
CVE-2023/CVE-2023-452xx/CVE-2023-45235.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45235",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-01-16T16:15:12.643",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-17T15:15:10.737",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"
},
{
"lang": "es",
"value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer cuando maneja la opci\u00f3n de ID del servidor desde un mensaje de publicidad del proxy DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
"source": "infosec@edk2.groups.io"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"source": "infosec@edk2.groups.io"

66
CVE-2023/CVE-2023-471xx/CVE-2023-47171.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47171",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.063",
"lastModified": "2024-01-10T18:15:46.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:22:38.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de ruta de archivo fragmentado aVideoEncoder.json.php de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-478xx/CVE-2023-47861.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47861",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.260",
"lastModified": "2024-01-10T18:15:46.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:21:57.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-478xx/CVE-2023-47862.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47862",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.443",
"lastModified": "2024-01-10T18:15:46.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:21:15.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inclusi\u00f3n de archivos local en la funcionalidad getLanguageFromBrowser de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-487xx/CVE-2023-48728.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48728",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.627",
"lastModified": "2024-01-10T18:15:46.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:19:11.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad functiongetOpenGraph videoName de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 3c6bb3ff. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:3c6bb3ff:*:*:*:*:*:*:*",
"matchCriteriaId": "401D3AD3-62F7-4B6E-8DDD-BF3FC6CD5DC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-487xx/CVE-2023-48730.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48730",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.833",
"lastModified": "2024-01-10T18:15:46.723",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:17:52.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name de navbarMenuAndLogo.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-495xx/CVE-2023-49589.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49589",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.063",
"lastModified": "2024-01-10T18:15:47.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:16:26.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de entrop\u00eda insuficiente en la funcionalidad de generaci\u00f3n de recoveryPass de userRecoverPass.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la recuperaci\u00f3n arbitraria de la contrase\u00f1a de un usuario. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-495xx/CVE-2023-49599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49599",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.257",
"lastModified": "2024-01-12T19:15:11.260",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-17T15:14:39.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-497xx/CVE-2023-49715.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49715",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.440",
"lastModified": "2024-01-10T18:15:47.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:14:14.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se encadena con una vulnerabilidad LFI. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-497xx/CVE-2023-49738.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49738",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.620",
"lastModified": "2024-01-10T18:15:47.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:08:28.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad image404Raw.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-498xx/CVE-2023-49810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49810",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.803",
"lastModified": "2024-01-12T19:15:11.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-17T15:07:26.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-50xx/CVE-2023-5006.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5006",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-17T15:15:10.803",
"lastModified": "2024-01-17T15:15:10.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-50xx/CVE-2023-5041.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5041",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-17T15:15:10.850",
"lastModified": "2024-01-17T15:15:10.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/45194442-6eea-4e07-85a5-4a1e2fde3523",
"source": "contact@wpscan.com"
}
]
}

6
CVE-2023/CVE-2023-53xx/CVE-2023-5347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5347",
"sourceIdentifier": "office@cyberdanube.com",
"published": "2024-01-09T10:15:22.523",
"lastModified": "2024-01-16T16:24:32.317",
"lastModified": "2024-01-17T15:05:39.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -101,8 +101,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D"
"criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55"
}
]
}

8
CVE-2023/CVE-2023-53xx/CVE-2023-5376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5376",
"sourceIdentifier": "office@cyberdanube.com",
"published": "2024-01-09T10:15:22.823",
"lastModified": "2024-01-16T16:46:15.367",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T15:05:39.563",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -101,8 +101,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D"
"criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55"
}
]
}

59
CVE-2024/CVE-2024-03xx/CVE-2024-0396.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0396",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-17T16:15:46.623",
"lastModified": "2024-01-17T16:15:46.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
}
]
}

63
CVE-2024/CVE-2024-06xx/CVE-2024-0639.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-0639",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-17T16:15:46.810",
"lastModified": "2024-01-17T16:15:46.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel\u2019s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-833"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0639",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258754",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a",
"source": "secalert@redhat.com"
}
]
}

63
CVE-2024/CVE-2024-06xx/CVE-2024-0641.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-0641",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-17T16:15:47.003",
"lastModified": "2024-01-17T16:15:47.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel\u2019s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-833"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0641",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258757",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5",
"source": "secalert@redhat.com"
}
]
}

51
CVE-2024/CVE-2024-06xx/CVE-2024-0646.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-0646",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-17T16:15:47.190",
"lastModified": "2024-01-17T16:15:47.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0646",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908",
"source": "secalert@redhat.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267",
"source": "secalert@redhat.com"
}
]
}

104
CVE-2024/CVE-2024-219xx/CVE-2024-21907.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-21907",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.793",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T15:24:07.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n"
},
{
"lang": "es",
"value": "Newtonsoft.Json anterior a la versi\u00f3n 13.0.1 se ve afectado por una vulnerabilidad de manejo incorrecto de condiciones excepcionales. Los datos elaborados que se pasan al m\u00e9todo JsonConvert.DeserializeObject pueden desencadenar una excepci\u00f3n de StackOverflow que provoque una denegaci\u00f3n de servicio. Dependiendo del uso de la librer\u00eda, un atacante remoto y no autenticado puede provocar la condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,38 +60,83 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:newtonsoft:json.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.1",
"matchCriteriaId": "F7713CE4-2B29-46C2-8416-75B9F3C258F6"
}
]
}
]
}
],
"references": [
{
"url": "https://alephsecurity.com/2018/10/22/StackOverflowException/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit"
]
},
{
"url": "https://alephsecurity.com/vulns/aleph-2018004",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-17T15:00:24.567296+00:00
2024-01-17T17:00:25.501586+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-17T14:52:48.957000+00:00
2024-01-17T16:15:47.190000+00:00
```
### Last Data Feed Release
@ -29,47 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236208
236218
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `10`
* [CVE-2024-0642](CVE-2024/CVE-2024-06xx/CVE-2024-0642.json) (`2024-01-17T14:15:43.470`)
* [CVE-2024-0643](CVE-2024/CVE-2024-06xx/CVE-2024-0643.json) (`2024-01-17T14:15:43.920`)
* [CVE-2024-0645](CVE-2024/CVE-2024-06xx/CVE-2024-0645.json) (`2024-01-17T14:15:44.113`)
* [CVE-2022-36418](CVE-2022/CVE-2022-364xx/CVE-2022-36418.json) (`2024-01-17T16:15:45.817`)
* [CVE-2022-38141](CVE-2022/CVE-2022-381xx/CVE-2022-38141.json) (`2024-01-17T16:15:46.033`)
* [CVE-2022-40203](CVE-2022/CVE-2022-402xx/CVE-2022-40203.json) (`2024-01-17T16:15:46.230`)
* [CVE-2023-5006](CVE-2023/CVE-2023-50xx/CVE-2023-5006.json) (`2024-01-17T15:15:10.803`)
* [CVE-2023-5041](CVE-2023/CVE-2023-50xx/CVE-2023-5041.json) (`2024-01-17T15:15:10.850`)
* [CVE-2023-34379](CVE-2023/CVE-2023-343xx/CVE-2023-34379.json) (`2024-01-17T16:15:46.427`)
* [CVE-2024-0396](CVE-2024/CVE-2024-03xx/CVE-2024-0396.json) (`2024-01-17T16:15:46.623`)
* [CVE-2024-0639](CVE-2024/CVE-2024-06xx/CVE-2024-0639.json) (`2024-01-17T16:15:46.810`)
* [CVE-2024-0641](CVE-2024/CVE-2024-06xx/CVE-2024-0641.json) (`2024-01-17T16:15:47.003`)
* [CVE-2024-0646](CVE-2024/CVE-2024-06xx/CVE-2024-0646.json) (`2024-01-17T16:15:47.190`)
### CVEs modified in the last Commit
Recently modified CVEs: `37`
Recently modified CVEs: `40`
* [CVE-2023-51734](CVE-2023/CVE-2023-517xx/CVE-2023-51734.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51735](CVE-2023/CVE-2023-517xx/CVE-2023-51735.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51736](CVE-2023/CVE-2023-517xx/CVE-2023-51736.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51737](CVE-2023/CVE-2023-517xx/CVE-2023-51737.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51738](CVE-2023/CVE-2023-517xx/CVE-2023-51738.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51739](CVE-2023/CVE-2023-517xx/CVE-2023-51739.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51740](CVE-2023/CVE-2023-517xx/CVE-2023-51740.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51741](CVE-2023/CVE-2023-517xx/CVE-2023-51741.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51742](CVE-2023/CVE-2023-517xx/CVE-2023-51742.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51743](CVE-2023/CVE-2023-517xx/CVE-2023-51743.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-52285](CVE-2023/CVE-2023-522xx/CVE-2023-52285.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-49515](CVE-2023/CVE-2023-495xx/CVE-2023-49515.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51719](CVE-2023/CVE-2023-517xx/CVE-2023-51719.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51720](CVE-2023/CVE-2023-517xx/CVE-2023-51720.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51721](CVE-2023/CVE-2023-517xx/CVE-2023-51721.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51722](CVE-2023/CVE-2023-517xx/CVE-2023-51722.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51723](CVE-2023/CVE-2023-517xx/CVE-2023-51723.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51724](CVE-2023/CVE-2023-517xx/CVE-2023-51724.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51725](CVE-2023/CVE-2023-517xx/CVE-2023-51725.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-38023](CVE-2023/CVE-2023-380xx/CVE-2023-38023.json) (`2024-01-17T14:52:48.957`)
* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-5376](CVE-2023/CVE-2023-53xx/CVE-2023-5376.json) (`2024-01-17T15:05:39.563`)
* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-17T15:07:26.067`)
* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-17T15:08:28.850`)
* [CVE-2023-38022](CVE-2023/CVE-2023-380xx/CVE-2023-38022.json) (`2024-01-17T15:09:09.537`)
* [CVE-2023-49715](CVE-2023/CVE-2023-497xx/CVE-2023-49715.json) (`2024-01-17T15:14:14.103`)
* [CVE-2023-49599](CVE-2023/CVE-2023-495xx/CVE-2023-49599.json) (`2024-01-17T15:14:39.320`)
* [CVE-2023-21830](CVE-2023/CVE-2023-218xx/CVE-2023-21830.json) (`2024-01-17T15:15:10.047`)
* [CVE-2023-21835](CVE-2023/CVE-2023-218xx/CVE-2023-21835.json) (`2024-01-17T15:15:10.157`)
* [CVE-2023-21843](CVE-2023/CVE-2023-218xx/CVE-2023-21843.json) (`2024-01-17T15:15:10.240`)
* [CVE-2023-45229](CVE-2023/CVE-2023-452xx/CVE-2023-45229.json) (`2024-01-17T15:15:10.330`)
* [CVE-2023-45230](CVE-2023/CVE-2023-452xx/CVE-2023-45230.json) (`2024-01-17T15:15:10.400`)
* [CVE-2023-45231](CVE-2023/CVE-2023-452xx/CVE-2023-45231.json) (`2024-01-17T15:15:10.470`)
* [CVE-2023-45232](CVE-2023/CVE-2023-452xx/CVE-2023-45232.json) (`2024-01-17T15:15:10.540`)
* [CVE-2023-45233](CVE-2023/CVE-2023-452xx/CVE-2023-45233.json) (`2024-01-17T15:15:10.610`)
* [CVE-2023-45234](CVE-2023/CVE-2023-452xx/CVE-2023-45234.json) (`2024-01-17T15:15:10.670`)
* [CVE-2023-45235](CVE-2023/CVE-2023-452xx/CVE-2023-45235.json) (`2024-01-17T15:15:10.737`)
* [CVE-2023-49589](CVE-2023/CVE-2023-495xx/CVE-2023-49589.json) (`2024-01-17T15:16:26.823`)
* [CVE-2023-38021](CVE-2023/CVE-2023-380xx/CVE-2023-38021.json) (`2024-01-17T15:17:38.897`)
* [CVE-2023-48730](CVE-2023/CVE-2023-487xx/CVE-2023-48730.json) (`2024-01-17T15:17:52.480`)
* [CVE-2023-48728](CVE-2023/CVE-2023-487xx/CVE-2023-48728.json) (`2024-01-17T15:19:11.497`)
* [CVE-2023-47862](CVE-2023/CVE-2023-478xx/CVE-2023-47862.json) (`2024-01-17T15:21:15.080`)
* [CVE-2023-47861](CVE-2023/CVE-2023-478xx/CVE-2023-47861.json) (`2024-01-17T15:21:57.430`)
* [CVE-2023-47171](CVE-2023/CVE-2023-471xx/CVE-2023-47171.json) (`2024-01-17T15:22:38.970`)
* [CVE-2023-45139](CVE-2023/CVE-2023-451xx/CVE-2023-45139.json) (`2024-01-17T15:36:52.233`)
* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-17T15:24:07.360`)
## Download and Usage