admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-10T19:00:28.741066+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-10 19:00:32 +00:00
parent e918e77553
commit 5e604ecb6a
40 changed files with 1088 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2016/CVE-2016-101xx/CVE-2016-10165.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10165",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-02-03T19:59:00.177",
"lastModified": "2023-12-20T16:43:35.940",
"lastModified": "2024-01-10T18:26:05.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.8",
"matchCriteriaId": "FA7EC7D5-DF9C-4AD2-BA4F-05895AE73E25"
"versionEndExcluding": "2.11",
"matchCriteriaId": "925CF76E-7319-4178-B378-717C78627C3D"
}
]
}

6
CVE-2016/CVE-2016-109xx/CVE-2016-10962.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10962",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-16T13:15:10.653",
"lastModified": "2019-09-16T20:33:39.160",
"lastModified": "2024-01-10T17:19:33.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.19",
"matchCriteriaId": "5D421411-DA36-4F2F-995B-3A7EAFEDEF05"
"matchCriteriaId": "551AE7BC-23D2-44C5-A274-AADCDA6990AE"
}
]
}

6
CVE-2016/CVE-2016-109xx/CVE-2016-10963.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10963",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-16T13:15:10.713",
"lastModified": "2019-09-16T17:46:43.110",
"lastModified": "2024-01-10T17:19:33.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.19",
"matchCriteriaId": "5D421411-DA36-4F2F-995B-3A7EAFEDEF05"
"matchCriteriaId": "551AE7BC-23D2-44C5-A274-AADCDA6990AE"
}
]
}

6
CVE-2019/CVE-2019-158xx/CVE-2019-15830.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-15830",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-30T14:15:10.850",
"lastModified": "2019-09-03T16:44:05.993",
"lastModified": "2024-01-10T17:19:33.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.10.29",
"matchCriteriaId": "C7C5C869-FF32-4B43-A9CC-2A957894D701"
"matchCriteriaId": "331603CB-8AF8-4295-B8AF-31898E00862B"
}
]
}

6
CVE-2021/CVE-2021-368xx/CVE-2021-36832.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36832",
"sourceIdentifier": "audit@patchstack.com",
"published": "2021-10-19T15:15:07.637",
"lastModified": "2021-10-22T19:39:27.277",
"lastModified": "2024-01-10T17:19:33.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.2",
"matchCriteriaId": "BC966C59-FD25-4C93-B4D7-3103A2ECDB19"
"matchCriteriaId": "817F9496-3CA8-4F85-A459-23BCEE3A7F05"
}
]
}

48
CVE-2021/CVE-2021-403xx/CVE-2021-40367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-40367",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-01-04T12:15:22.830",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:03:28.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2021/CVE-2021-420xx/CVE-2021-42028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42028",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-01-04T12:15:23.250",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:02:58.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2021/CVE-2021-454xx/CVE-2021-45465.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-45465",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-01-04T12:15:23.470",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:02:35.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2022/CVE-2022-207xx/CVE-2022-20727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20727",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.613",
"lastModified": "2023-11-07T03:42:45.410",
"vulnStatus": "Modified",
"lastModified": "2024-01-10T18:51:52.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "d1c1063e-7a18-46af-9102-31f8928bc633",
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
@ -115,22 +115,20 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:cgr1000_compute_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD4C0D6-AB7B-48B5-B1BD-8EBAEAC51524"
"versionEndExcluding": "1.15.0.1",
"matchCriteriaId": "A8557E8C-5F01-4610-B906-17B4F92197C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9AF42D-A861-4585-8FA6-28BD3623681E"
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "79411876-DA0F-4EC7-8883-A67287B9BFA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"
"versionEndExcluding": "6.5.9",
"matchCriteriaId": "9DCCD576-D734-4722-96CF-28B66DB591AA"
},
{
"vulnerable": true,
@ -477,11 +475,6 @@
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E473CF-FE4B-4DBE-9EBE-337AE415FA4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",

59
CVE-2023/CVE-2023-294xx/CVE-2023-29444.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-29444",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-10T17:15:08.493",
"lastModified": "2024-01-10T17:15:08.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03",
"source": "ot-cert@dragos.com"
},
{
"url": "https://www.ptc.com/en/support/article/cs399528",
"source": "ot-cert@dragos.com"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37932.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37932",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:45.570",
"lastModified": "2024-01-10T18:15:45.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-219",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37934.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37934",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:45.823",
"lastModified": "2024-01-10T18:15:45.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-226",
"source": "psirt@fortinet.com"
}
]
}

8
CVE-2023/CVE-2023-406xx/CVE-2023-40610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40610",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-27T11:15:07.293",
"lastModified": "2023-12-01T02:31:09.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T17:15:08.717",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -97,6 +97,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot",
"source": "security@apache.org",

55
CVE-2023/CVE-2023-442xx/CVE-2023-44250.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44250",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:46.030",
"lastModified": "2024-01-10T18:15:46.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-315",
"source": "psirt@fortinet.com"
}
]
}

18
CVE-2023/CVE-2023-461xx/CVE-2023-46136.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46136",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-25T18:17:36.753",
"lastModified": "2023-11-01T16:50:46.043",
"lastModified": "2024-01-10T18:58:41.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -94,8 +94,13 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.1",
"matchCriteriaId": "5E265D2D-FFA1-45CB-BF14-37C7906A45BC"
"versionEndExcluding": "2.3.8",
"matchCriteriaId": "F6578217-312C-44C5-851E-7F6FC6C0F8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palletsprojects:werkzeug:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECAF2F0-90D0-4564-93A5-0EAE8B317123"
}
]
}
@ -116,6 +121,13 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0008/",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-467xx/CVE-2023-46712.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46712",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:46.223",
"lastModified": "2024-01-10T18:15:46.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-395",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2023/CVE-2023-467xx/CVE-2023-46739.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46739",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:10.303",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:06:39.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading."
},
{
"lang": "es",
"value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se encontr\u00f3 una vulnerabilidad en el componente maestro de CubeFS en versiones anteriores a la 3.3.1 que podr\u00eda permitir a un atacante no confiable robar contrase\u00f1as de usuario mediante la realizaci\u00f3n de un ataque de sincronizaci\u00f3n. El caso ra\u00edz de la vulnerabilidad fue que CubeFS utiliz\u00f3 una comparaci\u00f3n de contrase\u00f1as sin formato. La parte vulnerable de CubeFS era el UserService del componente maestro. Se crea una instancia de UserService al iniciar el servidor del componente maestro. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. Para los usuarios afectados, no hay otra forma de mitigar el problema adem\u00e1s de actualizar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.1",
"matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/6a0d5fa45a77ff20c752fa9e44738bf5d86c84bd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-8579-7p32-f398",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-467xx/CVE-2023-46740.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46740",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:10.590",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:45:07.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the \u201caccessKey\u201d. To create the \"accesKey\", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade."
},
{
"lang": "es",
"value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Antes de la versi\u00f3n 3.3.1, CubeFS usaba un generador de cadenas aleatorias inseguras para generar claves confidenciales espec\u00edficas del usuario utilizadas para autenticar a los usuarios en una implementaci\u00f3n de CubeFS. Esto podr\u00eda permitir a un atacante predecir y/o adivinar la cadena generada y hacerse pasar por un usuario, obteniendo as\u00ed mayores privilegios. Cuando CubeFS crea nuevos usuarios, crea una informaci\u00f3n confidencial para el usuario llamada \"clave de acceso\". Para crear la \"clave de acceso\", CubeFS utiliza un generador de cadenas inseguro que hace que sea f\u00e1cil de adivinar y, por lo tanto, suplantar al usuario creado. Un atacante podr\u00eda aprovechar el predecible generador de cadenas aleatorias y adivinar la clave de acceso de un usuario y hacerse pasar por el usuario para obtener mayores privilegios. El problema se solucion\u00f3 en v3.3.1. No hay otra mitigaci\u00f3n que actualizar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.1",
"matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/8555c6402794cabdf2cc025c8bea1576122c07ba",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-4248-p65p-hcrm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-467xx/CVE-2023-46742.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46742",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:11.010",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:53:48.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS."
},
{
"lang": "es",
"value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se descubri\u00f3 que CubeFS anterior a la versi\u00f3n 3.3.1 filtraba claves secretas de usuarios y claves de acceso en los registros de m\u00faltiples componentes. Cuando CubeCS crea nuevos usuarios, filtra la clave secreta de los usuarios. Esto podr\u00eda permitir que un usuario con menos privilegios y acceso a los registros recupere informaci\u00f3n confidencial y se haga pasar por otros usuarios con mayores privilegios que \u00e9l. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. No hay otra mitigaci\u00f3n que actualizar CubeFS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.1",
"matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-471xx/CVE-2023-47171.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47171",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.063",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:46.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1869",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-478xx/CVE-2023-47861.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47861",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.260",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:46.497",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1884",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-478xx/CVE-2023-47862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47862",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.443",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:46.570",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1886",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-487xx/CVE-2023-48728.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48728",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.627",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:46.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1883",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-487xx/CVE-2023-48730.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48730",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:47.833",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:46.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1882",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-487xx/CVE-2023-48783.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48783",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:46.807",
"lastModified": "2024-01-10T18:15:46.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-408",
"source": "psirt@fortinet.com"
}
]
}

6
CVE-2023/CVE-2023-495xx/CVE-2023-49589.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49589",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.063",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.040",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1896",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-495xx/CVE-2023-49599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49599",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.257",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1900",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-497xx/CVE-2023-49715.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49715",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.440",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1885",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-497xx/CVE-2023-49738.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49738",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.620",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1881",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-498xx/CVE-2023-49810.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49810",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.803",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1898",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-498xx/CVE-2023-49862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49862",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.997",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-498xx/CVE-2023-49863.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49863",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:49.180",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.483",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-498xx/CVE-2023-49864.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49864",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:49.367",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-501xx/CVE-2023-50172.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50172",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:49.583",
"lastModified": "2024-01-10T16:59:48.970",
"lastModified": "2024-01-10T18:15:47.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1897",
"source": "talos-cna@cisco.com"
}
]
}

79
CVE-2023/CVE-2023-69xx/CVE-2023-6944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6944",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-04T10:15:11.517",
"lastModified": "2024-01-04T14:58:23.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T17:04:57.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,14 +80,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:red_hat_developer_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21.0",
"matchCriteriaId": "03D5A3A5-63FC-42D4-BF87-4B2B466EDB3F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21.0",
"matchCriteriaId": "9DD9C33C-E29A-4DFF-9C5A-CA2A87D0B6C1"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6944",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255204",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-02xx/CVE-2024-0217.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0217",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-03T17:15:12.110",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T18:10:24.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de use after free en PackageKitd. En algunas condiciones, el orden de los mecanismos de limpieza de una transacci\u00f3n podr\u00eda verse afectado. Como resultado, podr\u00eda producirse cierto acceso a la memoria en regiones de memoria que se liberaron previamente. Una vez liberada, una regi\u00f3n de memoria se puede reutilizar para otras asignaciones y cualquier dato previamente almacenado en esta regi\u00f3n de memoria se considera perdido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:packagekit_project:packagekit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7",
"matchCriteriaId": "2E42E6D2-CD64-440D-8A80-CA4103E1C4D7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0217",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

103
CVE-2024/CVE-2024-216xx/CVE-2024-21622.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21622",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:12.330",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T18:34:46.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions."
},
{
"lang": "es",
"value": "Craft es un sistema de gesti\u00f3n de contenidos. Esta es una posible vulnerabilidad de escalada de privilegios de baja complejidad y impacto moderado en Craft a partir de 3.x anterior a 3.9.6 y 4.x anterior a 4.4.16 con ciertas configuraciones de permisos de usuario. Esto se ha solucionado en Craft 4.4.16 y Craft 3.9.6. Los usuarios deben asegurarse de estar ejecutando al menos esas versiones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,34 +80,83 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "36AC4498-6DDF-4F74-BD12-86BF5479F10A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.5.15",
"matchCriteriaId": "9B004CCA-A979-42AD-ADD4-1BEFDB964C78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/pull/13931",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/pull/13932",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-216xx/CVE-2024-21631.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21631",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:12.790",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T18:40:48.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n"
},
{
"lang": "es",
"value": "Vapor es un framework web HTTP para Swift. Antes de la versi\u00f3n 4.90.0, la funci\u00f3n `vapor_urlparser_parse` de Vapor utiliza \u00edndices `uint16_t` al analizar los componentes de un URI, lo que puede causar desbordamientos de enteros al analizar entradas que no son de confianza. Esta vulnerabilidad no afecta a Vapor directamente, pero podr\u00eda afectar a las aplicaciones que dependen del tipo de URI para validar la entrada del usuario. El tipo URI se utiliza en varios lugares de Vapor. Un desarrollador puede decidir utilizar URI para representar una URL en su aplicaci\u00f3n (especialmente si esa URL luego se pasa al Cliente HTTP) y confiar en sus propiedades y m\u00e9todos p\u00fablicos. Sin embargo, es posible que el URI no pueda analizar correctamente una URL v\u00e1lida (aunque anormalmente larga), debido a que los rangos de cadenas se convierten a enteros de 16 bits. Un atacante puede utilizar este comportamiento para enga\u00f1ar a la aplicaci\u00f3n para que acepte una URL a un destino que no es de confianza. Al rellenar el n\u00famero de puerto con ceros, un atacante puede provocar un desbordamiento de enteros cuando se analiza la autoridad de la URL y, como resultado, falsificar el host. La versi\u00f3n 4.90.0 contiene un parche para este problema. Como workaround, valide la entrada del usuario antes de analizarla como URI o, si es posible, utilice las utilidades `URL` y `URLComponents` de Foundation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,14 +88,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.90.0",
"matchCriteriaId": "D7A4A9F5-B5B1-480E-9922-AF35861D75AF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-216xx/CVE-2024-21633.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T17:15:13.103",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T18:50:41.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue."
},
{
"lang": "es",
"value": "Apktool es una herramienta para realizar ingenier\u00eda inversa en archivos APK de Android. En las versiones 2.9.1 y anteriores, Apktool infiere la ruta de salida de los archivos de recursos de acuerdo con sus nombres de recursos, que el atacante puede manipular para colocar los archivos en la ubicaci\u00f3n deseada en el sistema en el que se ejecuta Apktool. Los entornos afectados son aquellos en los que un atacante puede escribir/sobrescribir cualquier archivo en el que el usuario tenga acceso de escritura y en el que el nombre de usuario sea conocido o cwd est\u00e9 en la carpeta del usuario. El commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apktool:apktool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.2",
"matchCriteriaId": "895E73D0-A24D-4B95-9F32-697AABEF73E3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

91
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-10T17:00:31.473797+00:00
2024-01-10T19:00:28.741066+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-10T16:59:53.407000+00:00
2024-01-10T18:58:41.083000+00:00
```
### Last Data Feed Release
@ -29,69 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235459
235465
```
### CVEs added in the last Commit
Recently added CVEs: `34`
Recently added CVEs: `6`
* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-10T16:15:48.620`)
* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-10T16:15:48.803`)
* [CVE-2023-49862](CVE-2023/CVE-2023-498xx/CVE-2023-49862.json) (`2024-01-10T16:15:48.997`)
* [CVE-2023-49863](CVE-2023/CVE-2023-498xx/CVE-2023-49863.json) (`2024-01-10T16:15:49.180`)
* [CVE-2023-49864](CVE-2023/CVE-2023-498xx/CVE-2023-49864.json) (`2024-01-10T16:15:49.367`)
* [CVE-2023-50172](CVE-2023/CVE-2023-501xx/CVE-2023-50172.json) (`2024-01-10T16:15:49.583`)
* [CVE-2023-51962](CVE-2023/CVE-2023-519xx/CVE-2023-51962.json) (`2024-01-10T16:15:49.763`)
* [CVE-2023-51967](CVE-2023/CVE-2023-519xx/CVE-2023-51967.json) (`2024-01-10T16:15:49.840`)
* [CVE-2023-51968](CVE-2023/CVE-2023-519xx/CVE-2023-51968.json) (`2024-01-10T16:15:49.887`)
* [CVE-2023-51969](CVE-2023/CVE-2023-519xx/CVE-2023-51969.json) (`2024-01-10T16:15:49.930`)
* [CVE-2023-51970](CVE-2023/CVE-2023-519xx/CVE-2023-51970.json) (`2024-01-10T16:15:49.977`)
* [CVE-2023-51952](CVE-2023/CVE-2023-519xx/CVE-2023-51952.json) (`2024-01-10T15:15:08.997`)
* [CVE-2023-51953](CVE-2023/CVE-2023-519xx/CVE-2023-51953.json) (`2024-01-10T15:15:09.043`)
* [CVE-2023-51954](CVE-2023/CVE-2023-519xx/CVE-2023-51954.json) (`2024-01-10T15:15:09.093`)
* [CVE-2023-51955](CVE-2023/CVE-2023-519xx/CVE-2023-51955.json) (`2024-01-10T15:15:09.150`)
* [CVE-2023-51956](CVE-2023/CVE-2023-519xx/CVE-2023-51956.json) (`2024-01-10T15:15:09.200`)
* [CVE-2023-51957](CVE-2023/CVE-2023-519xx/CVE-2023-51957.json) (`2024-01-10T15:15:09.247`)
* [CVE-2023-51958](CVE-2023/CVE-2023-519xx/CVE-2023-51958.json) (`2024-01-10T15:15:09.290`)
* [CVE-2023-51959](CVE-2023/CVE-2023-519xx/CVE-2023-51959.json) (`2024-01-10T15:15:09.347`)
* [CVE-2023-51960](CVE-2023/CVE-2023-519xx/CVE-2023-51960.json) (`2024-01-10T15:15:09.450`)
* [CVE-2023-51963](CVE-2023/CVE-2023-519xx/CVE-2023-51963.json) (`2024-01-10T15:15:09.557`)
* [CVE-2023-51964](CVE-2023/CVE-2023-519xx/CVE-2023-51964.json) (`2024-01-10T15:15:09.610`)
* [CVE-2023-51965](CVE-2023/CVE-2023-519xx/CVE-2023-51965.json) (`2024-01-10T15:15:09.663`)
* [CVE-2023-6158](CVE-2023/CVE-2023-61xx/CVE-2023-6158.json) (`2024-01-10T15:15:10.167`)
* [CVE-2023-41056](CVE-2023/CVE-2023-410xx/CVE-2023-41056.json) (`2024-01-10T16:15:46.557`)
* [CVE-2023-29444](CVE-2023/CVE-2023-294xx/CVE-2023-29444.json) (`2024-01-10T17:15:08.493`)
* [CVE-2023-37932](CVE-2023/CVE-2023-379xx/CVE-2023-37932.json) (`2024-01-10T18:15:45.570`)
* [CVE-2023-37934](CVE-2023/CVE-2023-379xx/CVE-2023-37934.json) (`2024-01-10T18:15:45.823`)
* [CVE-2023-44250](CVE-2023/CVE-2023-442xx/CVE-2023-44250.json) (`2024-01-10T18:15:46.030`)
* [CVE-2023-46712](CVE-2023/CVE-2023-467xx/CVE-2023-46712.json) (`2024-01-10T18:15:46.223`)
* [CVE-2023-48783](CVE-2023/CVE-2023-487xx/CVE-2023-48783.json) (`2024-01-10T18:15:46.807`)
### CVEs modified in the last Commit
Recently modified CVEs: `56`
Recently modified CVEs: `33`
* [CVE-2023-45043](CVE-2023/CVE-2023-450xx/CVE-2023-45043.json) (`2024-01-10T16:54:50.930`)
* [CVE-2023-45042](CVE-2023/CVE-2023-450xx/CVE-2023-45042.json) (`2024-01-10T16:57:07.187`)
* [CVE-2023-45041](CVE-2023/CVE-2023-450xx/CVE-2023-45041.json) (`2024-01-10T16:57:18.450`)
* [CVE-2023-45040](CVE-2023/CVE-2023-450xx/CVE-2023-45040.json) (`2024-01-10T16:57:27.477`)
* [CVE-2023-41289](CVE-2023/CVE-2023-412xx/CVE-2023-41289.json) (`2024-01-10T16:58:08.423`)
* [CVE-2023-41288](CVE-2023/CVE-2023-412xx/CVE-2023-41288.json) (`2024-01-10T16:58:29.147`)
* [CVE-2023-41287](CVE-2023/CVE-2023-412xx/CVE-2023-41287.json) (`2024-01-10T16:58:39.310`)
* [CVE-2023-52137](CVE-2023/CVE-2023-521xx/CVE-2023-52137.json) (`2024-01-10T16:59:18.837`)
* [CVE-2023-45039](CVE-2023/CVE-2023-450xx/CVE-2023-45039.json) (`2024-01-10T16:59:35.883`)
* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-10T16:59:52.620`)
* [CVE-2023-51961](CVE-2023/CVE-2023-519xx/CVE-2023-51961.json) (`2024-01-10T16:59:53.407`)
* [CVE-2023-51966](CVE-2023/CVE-2023-519xx/CVE-2023-51966.json) (`2024-01-10T16:59:53.407`)
* [CVE-2024-22075](CVE-2024/CVE-2024-220xx/CVE-2024-22075.json) (`2024-01-10T15:06:42.563`)
* [CVE-2024-22050](CVE-2024/CVE-2024-220xx/CVE-2024-22050.json) (`2024-01-10T15:10:36.697`)
* [CVE-2024-0241](CVE-2024/CVE-2024-02xx/CVE-2024-0241.json) (`2024-01-10T15:11:15.457`)
* [CVE-2024-22368](CVE-2024/CVE-2024-223xx/CVE-2024-22368.json) (`2024-01-10T15:15:10.453`)
* [CVE-2024-20807](CVE-2024/CVE-2024-208xx/CVE-2024-20807.json) (`2024-01-10T15:34:00.523`)
* [CVE-2024-20805](CVE-2024/CVE-2024-208xx/CVE-2024-20805.json) (`2024-01-10T15:36:42.927`)
* [CVE-2024-21636](CVE-2024/CVE-2024-216xx/CVE-2024-21636.json) (`2024-01-10T15:45:31.947`)
* [CVE-2024-20806](CVE-2024/CVE-2024-208xx/CVE-2024-20806.json) (`2024-01-10T16:09:31.110`)
* [CVE-2024-20804](CVE-2024/CVE-2024-208xx/CVE-2024-20804.json) (`2024-01-10T16:10:45.437`)
* [CVE-2024-20803](CVE-2024/CVE-2024-208xx/CVE-2024-20803.json) (`2024-01-10T16:11:26.313`)
* [CVE-2024-20802](CVE-2024/CVE-2024-208xx/CVE-2024-20802.json) (`2024-01-10T16:14:57.787`)
* [CVE-2024-21634](CVE-2024/CVE-2024-216xx/CVE-2024-21634.json) (`2024-01-10T16:38:20.853`)
* [CVE-2024-0389](CVE-2024/CVE-2024-03xx/CVE-2024-0389.json) (`2024-01-10T16:59:53.407`)
* [CVE-2022-20727](CVE-2022/CVE-2022-207xx/CVE-2022-20727.json) (`2024-01-10T18:51:52.693`)
* [CVE-2023-6944](CVE-2023/CVE-2023-69xx/CVE-2023-6944.json) (`2024-01-10T17:04:57.170`)
* [CVE-2023-46739](CVE-2023/CVE-2023-467xx/CVE-2023-46739.json) (`2024-01-10T17:06:39.047`)
* [CVE-2023-40610](CVE-2023/CVE-2023-406xx/CVE-2023-40610.json) (`2024-01-10T17:15:08.717`)
* [CVE-2023-46740](CVE-2023/CVE-2023-467xx/CVE-2023-46740.json) (`2024-01-10T17:45:07.017`)
* [CVE-2023-46742](CVE-2023/CVE-2023-467xx/CVE-2023-46742.json) (`2024-01-10T17:53:48.967`)
* [CVE-2023-47171](CVE-2023/CVE-2023-471xx/CVE-2023-47171.json) (`2024-01-10T18:15:46.410`)
* [CVE-2023-47861](CVE-2023/CVE-2023-478xx/CVE-2023-47861.json) (`2024-01-10T18:15:46.497`)
* [CVE-2023-47862](CVE-2023/CVE-2023-478xx/CVE-2023-47862.json) (`2024-01-10T18:15:46.570`)
* [CVE-2023-48728](CVE-2023/CVE-2023-487xx/CVE-2023-48728.json) (`2024-01-10T18:15:46.647`)
* [CVE-2023-48730](CVE-2023/CVE-2023-487xx/CVE-2023-48730.json) (`2024-01-10T18:15:46.723`)
* [CVE-2023-49589](CVE-2023/CVE-2023-495xx/CVE-2023-49589.json) (`2024-01-10T18:15:47.040`)
* [CVE-2023-49599](CVE-2023/CVE-2023-495xx/CVE-2023-49599.json) (`2024-01-10T18:15:47.117`)
* [CVE-2023-49715](CVE-2023/CVE-2023-497xx/CVE-2023-49715.json) (`2024-01-10T18:15:47.200`)
* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-10T18:15:47.267`)
* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-10T18:15:47.337`)
* [CVE-2023-49862](CVE-2023/CVE-2023-498xx/CVE-2023-49862.json) (`2024-01-10T18:15:47.410`)
* [CVE-2023-49863](CVE-2023/CVE-2023-498xx/CVE-2023-49863.json) (`2024-01-10T18:15:47.483`)
* [CVE-2023-49864](CVE-2023/CVE-2023-498xx/CVE-2023-49864.json) (`2024-01-10T18:15:47.553`)
* [CVE-2023-50172](CVE-2023/CVE-2023-501xx/CVE-2023-50172.json) (`2024-01-10T18:15:47.627`)
* [CVE-2023-46136](CVE-2023/CVE-2023-461xx/CVE-2023-46136.json) (`2024-01-10T18:58:41.083`)
* [CVE-2024-0217](CVE-2024/CVE-2024-02xx/CVE-2024-0217.json) (`2024-01-10T18:10:24.033`)
* [CVE-2024-21622](CVE-2024/CVE-2024-216xx/CVE-2024-21622.json) (`2024-01-10T18:34:46.497`)
* [CVE-2024-21631](CVE-2024/CVE-2024-216xx/CVE-2024-21631.json) (`2024-01-10T18:40:48.587`)
* [CVE-2024-21633](CVE-2024/CVE-2024-216xx/CVE-2024-21633.json) (`2024-01-10T18:50:41.510`)
## Download and Usage