From 5c2aba0a0792aeb0d90c1985000e0452512f0b07 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 17 Jan 2024 17:00:30 +0000 Subject: [PATCH] Auto-Update: 2024-01-17T17:00:25.501586+00:00 --- CVE-2017/CVE-2017-140xx/CVE-2017-14021.json | 38 +++---- CVE-2017/CVE-2017-140xx/CVE-2017-14027.json | 38 +++---- CVE-2020/CVE-2020-125xx/CVE-2020-12501.json | 34 +++---- CVE-2022/CVE-2022-215xx/CVE-2022-21540.json | 28 +++++- CVE-2022/CVE-2022-215xx/CVE-2022-21541.json | 24 ++++- CVE-2022/CVE-2022-215xx/CVE-2022-21549.json | 8 +- CVE-2022/CVE-2022-216xx/CVE-2022-21618.json | 8 +- CVE-2022/CVE-2022-216xx/CVE-2022-21619.json | 8 +- CVE-2022/CVE-2022-216xx/CVE-2022-21624.json | 8 +- CVE-2022/CVE-2022-216xx/CVE-2022-21626.json | 8 +- CVE-2022/CVE-2022-216xx/CVE-2022-21628.json | 8 +- CVE-2022/CVE-2022-341xx/CVE-2022-34169.json | 6 +- CVE-2022/CVE-2022-364xx/CVE-2022-36418.json | 55 +++++++++++ CVE-2022/CVE-2022-381xx/CVE-2022-38141.json | 55 +++++++++++ CVE-2022/CVE-2022-393xx/CVE-2022-39399.json | 8 +- CVE-2022/CVE-2022-402xx/CVE-2022-40203.json | 55 +++++++++++ CVE-2022/CVE-2022-429xx/CVE-2022-42920.json | 8 +- CVE-2023/CVE-2023-218xx/CVE-2023-21830.json | 8 +- CVE-2023/CVE-2023-218xx/CVE-2023-21835.json | 8 +- CVE-2023/CVE-2023-218xx/CVE-2023-21843.json | 8 +- CVE-2023/CVE-2023-343xx/CVE-2023-34379.json | 55 +++++++++++ CVE-2023/CVE-2023-380xx/CVE-2023-38021.json | 92 +++++++++++++++-- CVE-2023/CVE-2023-380xx/CVE-2023-38022.json | 73 +++++++++++++- CVE-2023/CVE-2023-451xx/CVE-2023-45139.json | 63 +++++++++++- CVE-2023/CVE-2023-452xx/CVE-2023-45229.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45230.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45231.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45232.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45233.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45234.json | 10 +- CVE-2023/CVE-2023-452xx/CVE-2023-45235.json | 10 +- CVE-2023/CVE-2023-471xx/CVE-2023-47171.json | 66 ++++++++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47861.json | 66 ++++++++++++- CVE-2023/CVE-2023-478xx/CVE-2023-47862.json | 60 ++++++++++- CVE-2023/CVE-2023-487xx/CVE-2023-48728.json | 66 ++++++++++++- CVE-2023/CVE-2023-487xx/CVE-2023-48730.json | 60 ++++++++++- CVE-2023/CVE-2023-495xx/CVE-2023-49589.json | 61 +++++++++++- CVE-2023/CVE-2023-495xx/CVE-2023-49599.json | 27 ++++- CVE-2023/CVE-2023-497xx/CVE-2023-49715.json | 61 +++++++++++- CVE-2023/CVE-2023-497xx/CVE-2023-49738.json | 61 +++++++++++- CVE-2023/CVE-2023-498xx/CVE-2023-49810.json | 47 ++++++++- CVE-2023/CVE-2023-50xx/CVE-2023-5006.json | 20 ++++ CVE-2023/CVE-2023-50xx/CVE-2023-5041.json | 20 ++++ CVE-2023/CVE-2023-53xx/CVE-2023-5347.json | 6 +- CVE-2023/CVE-2023-53xx/CVE-2023-5376.json | 8 +- CVE-2024/CVE-2024-03xx/CVE-2024-0396.json | 59 +++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0639.json | 63 ++++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0641.json | 63 ++++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0646.json | 51 ++++++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21907.json | 104 +++++++++++++++++--- README.md | 73 +++++++------- 51 files changed, 1628 insertions(+), 188 deletions(-) create mode 100644 CVE-2022/CVE-2022-364xx/CVE-2022-36418.json create mode 100644 CVE-2022/CVE-2022-381xx/CVE-2022-38141.json create mode 100644 CVE-2022/CVE-2022-402xx/CVE-2022-40203.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34379.json create mode 100644 CVE-2023/CVE-2023-50xx/CVE-2023-5006.json create mode 100644 CVE-2023/CVE-2023-50xx/CVE-2023-5041.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0396.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0639.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0641.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0646.json diff --git a/CVE-2017/CVE-2017-140xx/CVE-2017-14021.json b/CVE-2017/CVE-2017-140xx/CVE-2017-14021.json index aff560c8c14..4fcfab78b1a 100644 --- a/CVE-2017/CVE-2017-140xx/CVE-2017-14021.json +++ b/CVE-2017/CVE-2017-140xx/CVE-2017-14021.json @@ -2,7 +2,7 @@ "id": "CVE-2017-14021", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2017-11-01T02:29:00.210", - "lastModified": "2019-10-09T23:23:44.827", + "lastModified": "2024-01-17T15:05:39.563", "vulnStatus": "Modified", "descriptions": [ { @@ -106,8 +106,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5018g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "130FD179-0AFD-45CE-9ECB-A3ED71D1B37C" + "criteria": "cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3CB2958-84F6-4461-9AD3-F40FCD457C93" } ] } @@ -133,8 +133,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D" + "criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55" } ] } @@ -160,8 +160,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5428g-2g-2fx:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6BC86999-5BD5-4F52-828E-2FEB071CC7F5" + "criteria": "cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6497F848-1268-48E2-8DC3-840F9D44049E" } ] } @@ -187,8 +187,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5628g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "3BCCBA67-BE4A-47B1-882B-D485880DA2CE" + "criteria": "cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD60DF22-585E-49DF-9D90-119A5C5DD8CA" } ] } @@ -214,8 +214,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5628g-r:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8809A638-39A1-4B1B-B382-CB15D7754894" + "criteria": "cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B88DB5A5-4F43-4AE1-B3F6-8E1810276423" } ] } @@ -241,8 +241,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5728g-24p:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CFF75AF1-4A4C-423E-B429-3B11514D3A8D" + "criteria": "cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81174238-9B97-46F3-9FAD-AE594480CB29" } ] } @@ -268,8 +268,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5828g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A0DCE941-4525-41F1-A169-0BCE56AC41C2" + "criteria": "cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C4DA7B-4E69-4831-B380-A65BE8EE8B10" } ] } @@ -295,8 +295,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet6710g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A30D7494-FB28-422F-9D79-E4FFB18FF8A6" + "criteria": "cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA" } ] } @@ -322,8 +322,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet6710g-hvdc:-:*:*:*:*:*:*:*", - "matchCriteriaId": "55E51A56-2185-4A61-BD39-D1B74A688C6E" + "criteria": "cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD53579F-A44B-48C6-98EF-4C3D597C9E17" } ] } diff --git a/CVE-2017/CVE-2017-140xx/CVE-2017-14027.json b/CVE-2017/CVE-2017-140xx/CVE-2017-14027.json index 8b6afa163e5..60a230cb326 100644 --- a/CVE-2017/CVE-2017-140xx/CVE-2017-14027.json +++ b/CVE-2017/CVE-2017-140xx/CVE-2017-14027.json @@ -2,7 +2,7 @@ "id": "CVE-2017-14027", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2017-11-01T02:29:00.257", - "lastModified": "2019-10-09T23:23:45.640", + "lastModified": "2024-01-17T15:05:39.563", "vulnStatus": "Modified", "descriptions": [ { @@ -106,8 +106,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5018g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "130FD179-0AFD-45CE-9ECB-A3ED71D1B37C" + "criteria": "cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3CB2958-84F6-4461-9AD3-F40FCD457C93" } ] } @@ -133,8 +133,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D" + "criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55" } ] } @@ -160,8 +160,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5428g-2g-2fx:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6BC86999-5BD5-4F52-828E-2FEB071CC7F5" + "criteria": "cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6497F848-1268-48E2-8DC3-840F9D44049E" } ] } @@ -187,8 +187,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5628g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "3BCCBA67-BE4A-47B1-882B-D485880DA2CE" + "criteria": "cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD60DF22-585E-49DF-9D90-119A5C5DD8CA" } ] } @@ -214,8 +214,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5628g-r:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8809A638-39A1-4B1B-B382-CB15D7754894" + "criteria": "cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B88DB5A5-4F43-4AE1-B3F6-8E1810276423" } ] } @@ -241,8 +241,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5728g-24p:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CFF75AF1-4A4C-423E-B429-3B11514D3A8D" + "criteria": "cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81174238-9B97-46F3-9FAD-AE594480CB29" } ] } @@ -268,8 +268,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5828g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A0DCE941-4525-41F1-A169-0BCE56AC41C2" + "criteria": "cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C4DA7B-4E69-4831-B380-A65BE8EE8B10" } ] } @@ -295,8 +295,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet6710g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A30D7494-FB28-422F-9D79-E4FFB18FF8A6" + "criteria": "cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA" } ] } @@ -322,8 +322,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet6710g-hvdc:-:*:*:*:*:*:*:*", - "matchCriteriaId": "55E51A56-2185-4A61-BD39-D1B74A688C6E" + "criteria": "cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD53579F-A44B-48C6-98EF-4C3D597C9E17" } ] } diff --git a/CVE-2020/CVE-2020-125xx/CVE-2020-12501.json b/CVE-2020/CVE-2020-125xx/CVE-2020-12501.json index 88adf728d27..ef955224fc5 100644 --- a/CVE-2020/CVE-2020-125xx/CVE-2020-12501.json +++ b/CVE-2020/CVE-2020-125xx/CVE-2020-12501.json @@ -2,7 +2,7 @@ "id": "CVE-2020-12501", "sourceIdentifier": "info@cert.vde.com", "published": "2020-10-15T19:15:11.550", - "lastModified": "2022-10-19T18:01:40.103", + "lastModified": "2024-01-17T15:05:39.563", "vulnStatus": "Analyzed", "descriptions": [ { @@ -477,8 +477,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5428g-20sfp:-:*:*:*:*:*:*:*", - "matchCriteriaId": "BEDDCF09-9B4D-4E15-9FEB-33F800FAD84A" + "criteria": "cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "41A504D7-8B61-4D78-9D66-9687D6110F47" } ] } @@ -504,8 +504,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5810g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "53EC5050-301B-4285-9305-6F8483FE522E" + "criteria": "cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C6C2282-D4E5-40FC-9C1A-749C1B1C623A" } ] } @@ -531,8 +531,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet4510:-:*:*:*:*:*:*:*", - "matchCriteriaId": "87B4EF92-35FE-4428-926D-C4F11EEF7D3D" + "criteria": "cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C864A6A1-5E58-4EFE-85FC-DEDFBBC36473" } ] } @@ -558,8 +558,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5010:-:*:*:*:*:*:*:*", - "matchCriteriaId": "E011BC88-CAC2-4253-A86E-78EC83864F65" + "criteria": "cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0896AC09-3022-4A14-93DB-D6BE6795C615" } ] } @@ -585,8 +585,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5310:-:*:*:*:*:*:*:*", - "matchCriteriaId": "F4B09548-67B6-435A-AC93-70E7A511FFC2" + "criteria": "cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86BE9095-B0A6-4268-AC78-453C462FB80B" } ] } @@ -612,8 +612,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet6095:-:*:*:*:*:*:*:*", - "matchCriteriaId": "BE80D21B-BA86-4677-A1FA-FF7AB0F8AA94" + "criteria": "cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E5E6FE6C-873E-4C58-B590-3888BCE38F1D" } ] } @@ -639,8 +639,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet4706:-:*:*:*:*:*:*:*", - "matchCriteriaId": "2EE777BE-703A-4F8A-A28E-E516F945A8EE" + "criteria": "cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD089EE1-3D71-430C-9CA9-BE32470BEE27" } ] } @@ -720,8 +720,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet4706f:-:*:*:*:*:*:*:*", - "matchCriteriaId": "3B166F4D-42B6-4017-B972-16424527D68E" + "criteria": "cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "875F22D5-57B9-43EB-A92C-9FB0EA948164" } ] } diff --git a/CVE-2022/CVE-2022-215xx/CVE-2022-21540.json b/CVE-2022/CVE-2022-215xx/CVE-2022-21540.json index 01c38c17257..b63532c7775 100644 --- a/CVE-2022/CVE-2022-215xx/CVE-2022-21540.json +++ b/CVE-2022/CVE-2022-215xx/CVE-2022-21540.json @@ -2,7 +2,7 @@ "id": "CVE-2022-21540", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-07-19T22:15:11.730", - "lastModified": "2023-11-07T03:43:35.777", + "lastModified": "2024-01-17T15:15:08.470", "vulnStatus": "Modified", "descriptions": [ { @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "43595867-4340-4103-b7a2-9a5208d29a85", + "source": "secalert_us@oracle.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -906,10 +906,34 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", + "source": "secalert_us@oracle.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", "source": "secalert_us@oracle.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0009/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-215xx/CVE-2022-21541.json b/CVE-2022/CVE-2022-215xx/CVE-2022-21541.json index 70ced2b8861..c5a2f4c2540 100644 --- a/CVE-2022/CVE-2022-215xx/CVE-2022-21541.json +++ b/CVE-2022/CVE-2022-215xx/CVE-2022-21541.json @@ -2,7 +2,7 @@ "id": "CVE-2022-21541", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-07-19T22:15:11.783", - "lastModified": "2023-11-07T03:43:35.930", + "lastModified": "2024-01-17T15:15:08.750", "vulnStatus": "Modified", "descriptions": [ { @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "43595867-4340-4103-b7a2-9a5208d29a85", + "source": "secalert_us@oracle.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -901,6 +901,14 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", + "source": "secalert_us@oracle.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", "source": "secalert_us@oracle.com" @@ -909,6 +917,18 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", "source": "secalert_us@oracle.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", + "source": "secalert_us@oracle.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0009/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-215xx/CVE-2022-21549.json b/CVE-2022/CVE-2022-215xx/CVE-2022-21549.json index 66a0503f208..5860c9770f4 100644 --- a/CVE-2022/CVE-2022-215xx/CVE-2022-21549.json +++ b/CVE-2022/CVE-2022-215xx/CVE-2022-21549.json @@ -2,7 +2,7 @@ "id": "CVE-2022-21549", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-07-19T22:15:12.147", - "lastModified": "2023-11-07T03:43:36.203", + "lastModified": "2024-01-17T15:15:08.940", "vulnStatus": "Modified", "descriptions": [ { @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "43595867-4340-4103-b7a2-9a5208d29a85", + "source": "secalert_us@oracle.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -196,6 +196,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/", "source": "secalert_us@oracle.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0009/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-216xx/CVE-2022-21618.json b/CVE-2022/CVE-2022-216xx/CVE-2022-21618.json index a83ba67b213..8575f53cc57 100644 --- a/CVE-2022/CVE-2022-216xx/CVE-2022-21618.json +++ b/CVE-2022/CVE-2022-216xx/CVE-2022-21618.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21618", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:12.757", - "lastModified": "2023-04-27T17:37:47.360", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.067", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -237,6 +237,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-216xx/CVE-2022-21619.json b/CVE-2022/CVE-2022-216xx/CVE-2022-21619.json index bf2d33cb64d..c43e0447c38 100644 --- a/CVE-2022/CVE-2022-216xx/CVE-2022-21619.json +++ b/CVE-2022/CVE-2022-216xx/CVE-2022-21619.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21619", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:12.810", - "lastModified": "2023-04-27T17:37:27.263", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.200", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -308,6 +308,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-216xx/CVE-2022-21624.json b/CVE-2022/CVE-2022-216xx/CVE-2022-21624.json index eb245555b68..1f6963ea98c 100644 --- a/CVE-2022/CVE-2022-216xx/CVE-2022-21624.json +++ b/CVE-2022/CVE-2022-216xx/CVE-2022-21624.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21624", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:13.657", - "lastModified": "2023-04-27T17:45:14.937", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.310", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -308,6 +308,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-216xx/CVE-2022-21626.json b/CVE-2022/CVE-2022-216xx/CVE-2022-21626.json index 0840ac5f48e..9b858defe81 100644 --- a/CVE-2022/CVE-2022-216xx/CVE-2022-21626.json +++ b/CVE-2022/CVE-2022-216xx/CVE-2022-21626.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21626", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:13.770", - "lastModified": "2023-04-27T17:37:07.933", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -262,6 +262,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-216xx/CVE-2022-21628.json b/CVE-2022/CVE-2022-216xx/CVE-2022-21628.json index b0edfcae87c..ee129412a82 100644 --- a/CVE-2022/CVE-2022-216xx/CVE-2022-21628.json +++ b/CVE-2022/CVE-2022-216xx/CVE-2022-21628.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21628", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:13.887", - "lastModified": "2023-04-27T17:46:04.293", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.533", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -308,6 +308,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json index b8c0b874702..80821aeb950 100644 --- a/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json +++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34169.json @@ -2,7 +2,7 @@ "id": "CVE-2022-34169", "sourceIdentifier": "security@apache.org", "published": "2022-07-19T18:15:11.740", - "lastModified": "2023-05-05T08:15:08.767", + "lastModified": "2024-01-17T15:15:09.640", "vulnStatus": "Modified", "descriptions": [ { @@ -1043,6 +1043,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", "source": "security@apache.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "security@apache.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0009/", "source": "security@apache.org", diff --git a/CVE-2022/CVE-2022-364xx/CVE-2022-36418.json b/CVE-2022/CVE-2022-364xx/CVE-2022-36418.json new file mode 100644 index 00000000000..dd5b5caae12 --- /dev/null +++ b/CVE-2022/CVE-2022-364xx/CVE-2022-36418.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-36418", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-17T16:15:45.817", + "lastModified": "2024-01-17T16:15:45.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/hreflang-tags-by-dcgws/wordpress-hreflang-tags-lite-plugin-2-0-0-unauthenticated-plugin-data-reset-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-381xx/CVE-2022-38141.json b/CVE-2022/CVE-2022-381xx/CVE-2022-38141.json new file mode 100644 index 00000000000..9add9816f1f --- /dev/null +++ b/CVE-2022/CVE-2022-381xx/CVE-2022-38141.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-38141", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-17T16:15:46.033", + "lastModified": "2024-01-17T16:15:46.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-advanced-sales-report-email/wordpress-sales-report-email-for-woocommerce-plugin-2-8-auth-test-email-submission-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39399.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39399.json index 68a658417bd..01b92eb11bf 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39399.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39399.json @@ -2,8 +2,8 @@ "id": "CVE-2022-39399", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-10-18T21:15:14.730", - "lastModified": "2023-04-27T17:47:44.157", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:09.797", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -241,6 +241,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0012/", "source": "secalert_us@oracle.com", diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40203.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40203.json new file mode 100644 index 00000000000..dd526e35bcb --- /dev/null +++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40203.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-40203", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-17T16:15:46.230", + "lastModified": "2024-01-17T16:15:46.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-5-broken-access-control?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-429xx/CVE-2022-42920.json b/CVE-2022/CVE-2022-429xx/CVE-2022-42920.json index 0499157256e..fdd473165f0 100644 --- a/CVE-2022/CVE-2022-429xx/CVE-2022-42920.json +++ b/CVE-2022/CVE-2022-429xx/CVE-2022-42920.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42920", "sourceIdentifier": "security@apache.org", "published": "2022-11-07T13:15:10.270", - "lastModified": "2023-11-07T03:53:41.760", + "lastModified": "2024-01-17T15:15:09.927", "vulnStatus": "Modified", "descriptions": [ { @@ -40,7 +40,7 @@ }, "weaknesses": [ { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -121,6 +121,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/", "source": "security@apache.org" + }, + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "security@apache.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-218xx/CVE-2023-21830.json b/CVE-2023/CVE-2023-218xx/CVE-2023-21830.json index 527200c3173..710d2ad1d92 100644 --- a/CVE-2023/CVE-2023-218xx/CVE-2023-21830.json +++ b/CVE-2023/CVE-2023-218xx/CVE-2023-21830.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21830", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-01-18T00:15:12.873", - "lastModified": "2023-07-21T19:22:27.383", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:10.047", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -153,6 +153,10 @@ } ], "references": [ + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-218xx/CVE-2023-21835.json b/CVE-2023/CVE-2023-218xx/CVE-2023-21835.json index 71c5f8d963a..9a8b8e17b4a 100644 --- a/CVE-2023/CVE-2023-218xx/CVE-2023-21835.json +++ b/CVE-2023/CVE-2023-218xx/CVE-2023-21835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21835", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-01-18T00:15:13.147", - "lastModified": "2023-04-27T17:48:26.237", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:10.157", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -139,6 +139,10 @@ } ], "references": [ + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-218xx/CVE-2023-21843.json b/CVE-2023/CVE-2023-218xx/CVE-2023-21843.json index fa2b0feaf71..c92c93db770 100644 --- a/CVE-2023/CVE-2023-218xx/CVE-2023-21843.json +++ b/CVE-2023/CVE-2023-218xx/CVE-2023-21843.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21843", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-01-18T00:15:13.717", - "lastModified": "2023-04-27T17:49:30.817", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:15:10.240", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -184,6 +184,10 @@ } ], "references": [ + { + "url": "https://security.gentoo.org/glsa/202401-25", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34379.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34379.json new file mode 100644 index 00000000000..da7cd508107 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34379.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34379", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-17T16:15:46.427", + "lastModified": "2024-01-17T16:15:46.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cart2cart-magento-to-woocommerce-migration/wordpress-cart2cart-magento-to-woocommerce-migration-plugin-2-0-0-broken-access-control?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38021.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38021.json index 66e86f5e4d0..8b9f2e6e18b 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38021.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38021.json @@ -2,35 +2,111 @@ "id": "CVE-2023-38021", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-30T03:15:08.303", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:17:38.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en la plataforma Fortanix EnclaveOS Confidential Computing Manager (CCM) anterior a 3.32 para Intel SGX. La falta de l\u00f3gica de validaci\u00f3n de alineaci\u00f3n del puntero en las funciones de entrada permite que un atacante local acceda a informaci\u00f3n no autorizada. Esto se relaciona con la funci\u00f3n enclave_ecall y la capa de llamada al sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortanix:confidential_computing_manager:*:*:*:*:*:intel_software_guard_extensions:*:*", + "versionEndExcluding": "3.32", + "matchCriteriaId": "D5747D7E-7453-4B91-86E6-0937373746C3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38022.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38022.json index ffad030b182..5e3ae51e0a7 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38022.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38022.json @@ -2,23 +2,86 @@ "id": "CVE-2023-38022", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-30T03:15:08.360", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:09:09.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform anterior a 3.29 para Intel SGX. Una validaci\u00f3n de puntero insuficiente permite que un atacante local acceda a informaci\u00f3n no autorizada. Esto se relaciona con strlen y sgx_is_within_user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortanix:confidential_computing_manager:*:*:*:*:*:intel_software_guard_extensions:*:*", + "versionEndExcluding": "3.29", + "matchCriteriaId": "1AAC8EBD-B2F2-4FD6-BE41-3EB5C15ABEDD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jovanbulck.github.io/files/ccs19-tale.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45139.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45139.json index b23fcd9e22f..c4afc9f158a 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45139.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45139.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45139", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-10T16:15:46.767", - "lastModified": "2024-01-10T16:59:48.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:36:52.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0." + }, + { + "lang": "es", + "value": "fontTools es una librer\u00eda para manipular fuentes, escrita en Python. El m\u00f3dulo subsetting tiene una vulnerabilidad de inyecci\u00f3n de entidades externas XML (XXE) que permite a un atacante resolver entidades arbitrarias cuando se analiza una fuente candidata (fuentes OT-SVG), que contiene una tabla SVG. Esto permite a los atacantes incluir archivos arbitrarios del sistema de archivos en el que se ejecuta fontTools o realizar solicitudes web desde el sistema host. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.43.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fonttools:fonttools:*:*:*:*:*:python:*:*", + "versionStartIncluding": "4.28.2", + "versionEndExcluding": "4.43.0", + "matchCriteriaId": "CA51147F-FB56-471F-AA46-967C55F0AE97" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/fonttools/fonttools/releases/tag/4.43.0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45229.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45229.json index 729b28630c6..6ddebed39c5 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45229.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45229.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45229", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:11.533", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.330", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites cuando procesa la opci\u00f3n IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45230.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45230.json index e81a47b49f5..a7a3fdc65b0 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45230.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45230.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45230", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:11.727", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.400", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n" + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer a trav\u00e9s de una opci\u00f3n de ID de servidor larga en el cliente DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45231.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45231.json index 0c2d07d7b7a..0a5f391a861 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45231.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45231.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45231", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:11.910", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.470", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." + }, + { + "lang": "es", + "value": "El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites al procesar el mensaje de redirecci\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45232.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45232.json index 658e35f3fd3..6e2c1403d3f 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45232.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45232.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45232", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:12.090", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.540", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n" + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar opciones desconocidas en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de disponibilidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45233.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45233.json index ddacbf95c32..864205ee01f 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45233.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45233.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45233", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:12.277", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.610", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n" + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar una opci\u00f3n PadN en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de disponibilidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45234.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45234.json index a4f04d62f91..66bba06179b 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45234.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45234.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45234", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:12.460", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.670", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n" + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer al procesar la opci\u00f3n de servidores DNS desde un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45235.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45235.json index ac029366a8b..86333f4c1c6 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45235.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45235.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45235", "sourceIdentifier": "infosec@edk2.groups.io", "published": "2024-01-16T16:15:12.643", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-17T15:15:10.737", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n" + }, + { + "lang": "es", + "value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer cuando maneja la opci\u00f3n de ID del servidor desde un mensaje de publicidad del proxy DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", + "source": "infosec@edk2.groups.io" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "source": "infosec@edk2.groups.io" diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json index 3be204bb147..48270e8539d 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47171", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.063", - "lastModified": "2024-01-10T18:15:46.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:22:38.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de ruta de archivo fragmentado aVideoEncoder.json.php de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json index 5085cae7a6e..ae994300d6d 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47861", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.260", - "lastModified": "2024-01-10T18:15:46.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:21:57.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json index ac8e1b16b4b..7baff9e2228 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47862", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.443", - "lastModified": "2024-01-10T18:15:46.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:21:15.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inclusi\u00f3n de archivos local en la funcionalidad getLanguageFromBrowser de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json index 29674491012..80d709ec11b 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48728", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.627", - "lastModified": "2024-01-10T18:15:46.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:19:11.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad functiongetOpenGraph videoName de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 3c6bb3ff. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:3c6bb3ff:*:*:*:*:*:*:*", + "matchCriteriaId": "401D3AD3-62F7-4B6E-8DDD-BF3FC6CD5DC6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json index 542dd00892e..b43d76a8450 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48730", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.833", - "lastModified": "2024-01-10T18:15:46.723", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:17:52.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name de navbarMenuAndLogo.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json index 8be9cf63b44..bde393b26c9 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49589", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.063", - "lastModified": "2024-01-10T18:15:47.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:16:26.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de entrop\u00eda insuficiente en la funcionalidad de generaci\u00f3n de recoveryPass de userRecoverPass.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la recuperaci\u00f3n arbitraria de la contrase\u00f1a de un usuario. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json index 5572f270473..6e6ef97e5e3 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49599", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.257", - "lastModified": "2024-01-12T19:15:11.260", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-17T15:14:39.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json index b87ea1117ba..7c6e0cf2bd3 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49715", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.440", - "lastModified": "2024-01-10T18:15:47.200", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:14:14.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se encadena con una vulnerabilidad LFI. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json index de0a80680be..6053cf84303 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49738", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.620", - "lastModified": "2024-01-10T18:15:47.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:08:28.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad image404Raw.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json index 4f518b72edf..7248dab079c 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49810", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.803", - "lastModified": "2024-01-12T19:15:11.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-17T15:07:26.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", + "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5006.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5006.json new file mode 100644 index 00000000000..7990a94aa33 --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5006.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5006", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-17T15:15:10.803", + "lastModified": "2024-01-17T15:15:10.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5041.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5041.json new file mode 100644 index 00000000000..00ec8019c76 --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5041.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5041", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-17T15:15:10.850", + "lastModified": "2024-01-17T15:15:10.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/45194442-6eea-4e07-85a5-4a1e2fde3523", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5347.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5347.json index 9ca4567c6e4..74f2f85100e 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5347.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5347.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5347", "sourceIdentifier": "office@cyberdanube.com", "published": "2024-01-09T10:15:22.523", - "lastModified": "2024-01-16T16:24:32.317", + "lastModified": "2024-01-17T15:05:39.563", "vulnStatus": "Analyzed", "descriptions": [ { @@ -101,8 +101,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D" + "criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55" } ] } diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5376.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5376.json index 191a02d87da..8497aab042e 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5376.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5376.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5376", "sourceIdentifier": "office@cyberdanube.com", "published": "2024-01-09T10:15:22.823", - "lastModified": "2024-01-16T16:46:15.367", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-17T15:05:39.563", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -101,8 +101,8 @@ "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:h:korenix:jetnet5310g:-:*:*:*:*:*:*:*", - "matchCriteriaId": "6E6CB8FA-A16F-4C38-BF77-C371E86E383D" + "criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55" } ] } diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0396.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0396.json new file mode 100644 index 00000000000..96360dba48f --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0396.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0396", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-17T16:15:46.623", + "lastModified": "2024-01-17T16:15:46.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", + "source": "security@progress.com" + }, + { + "url": "https://www.progress.com/moveit", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0639.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0639.json new file mode 100644 index 00000000000..e2800daea1a --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0639.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-0639", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-17T16:15:46.810", + "lastModified": "2024-01-17T16:15:46.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel\u2019s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-833" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0639", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258754", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0641.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0641.json new file mode 100644 index 00000000000..9ff9ddedca2 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0641.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-0641", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-17T16:15:47.003", + "lastModified": "2024-01-17T16:15:47.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel\u2019s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-833" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0641", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258757", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json new file mode 100644 index 00000000000..98aa679dc6a --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0646.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0646", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-17T16:15:47.190", + "lastModified": "2024-01-17T16:15:47.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0646", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908", + "source": "secalert@redhat.com" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json index b8cd8a4028b..e8996f84d1d 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json @@ -2,16 +2,53 @@ "id": "CVE-2024-21907", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-03T16:15:08.793", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T15:24:07.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n" + }, + { + "lang": "es", + "value": "Newtonsoft.Json anterior a la versi\u00f3n 13.0.1 se ve afectado por una vulnerabilidad de manejo incorrecto de condiciones excepcionales. Los datos elaborados que se pasan al m\u00e9todo JsonConvert.DeserializeObject pueden desencadenar una excepci\u00f3n de StackOverflow que provoque una denegaci\u00f3n de servicio. Dependiendo del uso de la librer\u00eda, un atacante remoto y no autenticado puede provocar la condici\u00f3n de denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,38 +60,83 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:newtonsoft:json.net:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.0.1", + "matchCriteriaId": "F7713CE4-2B29-46C2-8416-75B9F3C258F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://alephsecurity.com/2018/10/22/StackOverflowException/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit" + ] }, { "url": "https://alephsecurity.com/vulns/aleph-2018004", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 0446b8d8159..701447a7de8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-17T15:00:24.567296+00:00 +2024-01-17T17:00:25.501586+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-17T14:52:48.957000+00:00 +2024-01-17T16:15:47.190000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236208 +236218 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `10` -* [CVE-2024-0642](CVE-2024/CVE-2024-06xx/CVE-2024-0642.json) (`2024-01-17T14:15:43.470`) -* [CVE-2024-0643](CVE-2024/CVE-2024-06xx/CVE-2024-0643.json) (`2024-01-17T14:15:43.920`) -* [CVE-2024-0645](CVE-2024/CVE-2024-06xx/CVE-2024-0645.json) (`2024-01-17T14:15:44.113`) +* [CVE-2022-36418](CVE-2022/CVE-2022-364xx/CVE-2022-36418.json) (`2024-01-17T16:15:45.817`) +* [CVE-2022-38141](CVE-2022/CVE-2022-381xx/CVE-2022-38141.json) (`2024-01-17T16:15:46.033`) +* [CVE-2022-40203](CVE-2022/CVE-2022-402xx/CVE-2022-40203.json) (`2024-01-17T16:15:46.230`) +* [CVE-2023-5006](CVE-2023/CVE-2023-50xx/CVE-2023-5006.json) (`2024-01-17T15:15:10.803`) +* [CVE-2023-5041](CVE-2023/CVE-2023-50xx/CVE-2023-5041.json) (`2024-01-17T15:15:10.850`) +* [CVE-2023-34379](CVE-2023/CVE-2023-343xx/CVE-2023-34379.json) (`2024-01-17T16:15:46.427`) +* [CVE-2024-0396](CVE-2024/CVE-2024-03xx/CVE-2024-0396.json) (`2024-01-17T16:15:46.623`) +* [CVE-2024-0639](CVE-2024/CVE-2024-06xx/CVE-2024-0639.json) (`2024-01-17T16:15:46.810`) +* [CVE-2024-0641](CVE-2024/CVE-2024-06xx/CVE-2024-0641.json) (`2024-01-17T16:15:47.003`) +* [CVE-2024-0646](CVE-2024/CVE-2024-06xx/CVE-2024-0646.json) (`2024-01-17T16:15:47.190`) ### CVEs modified in the last Commit -Recently modified CVEs: `37` +Recently modified CVEs: `40` -* [CVE-2023-51734](CVE-2023/CVE-2023-517xx/CVE-2023-51734.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51735](CVE-2023/CVE-2023-517xx/CVE-2023-51735.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51736](CVE-2023/CVE-2023-517xx/CVE-2023-51736.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51737](CVE-2023/CVE-2023-517xx/CVE-2023-51737.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51738](CVE-2023/CVE-2023-517xx/CVE-2023-51738.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51739](CVE-2023/CVE-2023-517xx/CVE-2023-51739.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51740](CVE-2023/CVE-2023-517xx/CVE-2023-51740.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51741](CVE-2023/CVE-2023-517xx/CVE-2023-51741.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51742](CVE-2023/CVE-2023-517xx/CVE-2023-51742.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-51743](CVE-2023/CVE-2023-517xx/CVE-2023-51743.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-52285](CVE-2023/CVE-2023-522xx/CVE-2023-52285.json) (`2024-01-17T14:01:37.163`) -* [CVE-2023-49515](CVE-2023/CVE-2023-495xx/CVE-2023-49515.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51719](CVE-2023/CVE-2023-517xx/CVE-2023-51719.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51720](CVE-2023/CVE-2023-517xx/CVE-2023-51720.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51721](CVE-2023/CVE-2023-517xx/CVE-2023-51721.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51722](CVE-2023/CVE-2023-517xx/CVE-2023-51722.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51723](CVE-2023/CVE-2023-517xx/CVE-2023-51723.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51724](CVE-2023/CVE-2023-517xx/CVE-2023-51724.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-51725](CVE-2023/CVE-2023-517xx/CVE-2023-51725.json) (`2024-01-17T14:01:41.410`) -* [CVE-2023-38023](CVE-2023/CVE-2023-380xx/CVE-2023-38023.json) (`2024-01-17T14:52:48.957`) -* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-5376](CVE-2023/CVE-2023-53xx/CVE-2023-5376.json) (`2024-01-17T15:05:39.563`) +* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-17T15:07:26.067`) +* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-17T15:08:28.850`) +* [CVE-2023-38022](CVE-2023/CVE-2023-380xx/CVE-2023-38022.json) (`2024-01-17T15:09:09.537`) +* [CVE-2023-49715](CVE-2023/CVE-2023-497xx/CVE-2023-49715.json) (`2024-01-17T15:14:14.103`) +* [CVE-2023-49599](CVE-2023/CVE-2023-495xx/CVE-2023-49599.json) (`2024-01-17T15:14:39.320`) +* [CVE-2023-21830](CVE-2023/CVE-2023-218xx/CVE-2023-21830.json) (`2024-01-17T15:15:10.047`) +* [CVE-2023-21835](CVE-2023/CVE-2023-218xx/CVE-2023-21835.json) (`2024-01-17T15:15:10.157`) +* [CVE-2023-21843](CVE-2023/CVE-2023-218xx/CVE-2023-21843.json) (`2024-01-17T15:15:10.240`) +* [CVE-2023-45229](CVE-2023/CVE-2023-452xx/CVE-2023-45229.json) (`2024-01-17T15:15:10.330`) +* [CVE-2023-45230](CVE-2023/CVE-2023-452xx/CVE-2023-45230.json) (`2024-01-17T15:15:10.400`) +* [CVE-2023-45231](CVE-2023/CVE-2023-452xx/CVE-2023-45231.json) (`2024-01-17T15:15:10.470`) +* [CVE-2023-45232](CVE-2023/CVE-2023-452xx/CVE-2023-45232.json) (`2024-01-17T15:15:10.540`) +* [CVE-2023-45233](CVE-2023/CVE-2023-452xx/CVE-2023-45233.json) (`2024-01-17T15:15:10.610`) +* [CVE-2023-45234](CVE-2023/CVE-2023-452xx/CVE-2023-45234.json) (`2024-01-17T15:15:10.670`) +* [CVE-2023-45235](CVE-2023/CVE-2023-452xx/CVE-2023-45235.json) (`2024-01-17T15:15:10.737`) +* [CVE-2023-49589](CVE-2023/CVE-2023-495xx/CVE-2023-49589.json) (`2024-01-17T15:16:26.823`) +* [CVE-2023-38021](CVE-2023/CVE-2023-380xx/CVE-2023-38021.json) (`2024-01-17T15:17:38.897`) +* [CVE-2023-48730](CVE-2023/CVE-2023-487xx/CVE-2023-48730.json) (`2024-01-17T15:17:52.480`) +* [CVE-2023-48728](CVE-2023/CVE-2023-487xx/CVE-2023-48728.json) (`2024-01-17T15:19:11.497`) +* [CVE-2023-47862](CVE-2023/CVE-2023-478xx/CVE-2023-47862.json) (`2024-01-17T15:21:15.080`) +* [CVE-2023-47861](CVE-2023/CVE-2023-478xx/CVE-2023-47861.json) (`2024-01-17T15:21:57.430`) +* [CVE-2023-47171](CVE-2023/CVE-2023-471xx/CVE-2023-47171.json) (`2024-01-17T15:22:38.970`) +* [CVE-2023-45139](CVE-2023/CVE-2023-451xx/CVE-2023-45139.json) (`2024-01-17T15:36:52.233`) +* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-17T15:24:07.360`) ## Download and Usage