admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-29T17:00:25.457001+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-29 17:00:29 +00:00
parent 59457a7a43
commit 72fded51cf
76 changed files with 5323 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2013/CVE-2013-34xx/CVE-2013-3498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-3498",
"sourceIdentifier": "cve@mitre.org",
"published": "2013-05-08T23:55:01.107",
"lastModified": "2017-08-29T01:33:24.417",
"lastModified": "2024-01-29T15:15:08.613",
"vulnStatus": "Modified",
"descriptions": [
{
@ -76,6 +76,13 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/53359",
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "http://www.securitytracker.com/id/1028529",
"source": "cve@mitre.org",
@ -88,11 +95,8 @@
"source": "cve@mitre.org"
},
{
"url": "https://kb.juniper.net/KB27375",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
"url": "https://supportportal.juniper.net/JSA10568",
"source": "cve@mitre.org"
}
]
}

1344
CVE-2022/CVE-2022-457xx/CVE-2022-45790.json
View File

File diff suppressed because it is too large Load Diff

6
CVE-2023/CVE-2023-290xx/CVE-2023-29055.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29055",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-29T13:15:07.970",
"lastModified": "2024-01-29T14:25:21.047",
"lastModified": "2024-01-29T15:15:08.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/29/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r",
"source": "security@apache.org"

59
CVE-2023/CVE-2023-405xx/CVE-2023-40548.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40548",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-29T15:15:08.893",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40548",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782",
"source": "secalert@redhat.com"
}
]
}

74
CVE-2023/CVE-2023-464xx/CVE-2023-46447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-20T05:15:08.207",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:27:03.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "La aplicaci\u00f3n POPS! Rebel 5.0 para Android, en POPS! Rebel Bluetooth Glucose Monitoring System env\u00eda mediciones de glucosa sin cifrar a trav\u00e9s de BLE."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:popsdiabetes:rebel:5.0:*:*:*:*:android:*:*",
"matchCriteriaId": "A2B6AEA1-3AAF-49F7-B018-2DC3D952A85A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/rebel/blob/main/CWE-319.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://play.google.com/store/apps/details?id=com.pops.pops",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://popsdiabetes.com/about-us/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

49
CVE-2023/CVE-2023-496xx/CVE-2023-49657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49657",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-23T15:15:11.667",
"lastModified": "2024-01-29T09:15:43.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:05:57.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,10 +70,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.3",
"matchCriteriaId": "25A47BD4-DAC6-48F8-9B00-A1B7A4547B05"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-51xx/CVE-2023-5124.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5124",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.100",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/1ef86546-3467-432c-a863-1ca3e5c65bd4/",
"source": "contact@wpscan.com"
}
]
}

69
CVE-2023/CVE-2023-520xx/CVE-2023-52046.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-52046",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:08.730",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:56:54.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the \"Execute cron job as\" tab Input field."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo de entrada de la pesta\u00f1a \"Execute cron job as\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.105",
"matchCriteriaId": "EAEA4269-E938-4716-A461-6DA9E6F37243"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52326",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.427",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:55:50.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecuci\u00f3n remota de c\u00f3digo en los servidores afectados. Tenga en cuenta que esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-52327."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-023/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52327",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.467",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:56:23.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecuci\u00f3n remota de c\u00f3digo en los servidores afectados. Tenga en cuenta que esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-52328."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-022/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52328",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.507",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:56:15.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecuci\u00f3n remota de c\u00f3digo en los servidores afectados. Tenga en cuenta que esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-52329."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-021/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-523xx/CVE-2023-52329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52329",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.550",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:56:01.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecuci\u00f3n remota de c\u00f3digo en los servidores afectados. Tenga en cuenta que esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-52326."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-074/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

66
CVE-2023/CVE-2023-523xx/CVE-2023-52353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52353",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T23:15:44.220",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:53:20.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "Se descubri\u00f3 un problema en Mbed TLS hasta la versi\u00f3n 3.5.1. En mbedtls_ssl_session_reset, la versi\u00f3n TLS m\u00e1xima negociable no se maneja correctamente. Por ejemplo, si la \u00faltima conexi\u00f3n negoci\u00f3 TLS 1.2, entonces 1.2 se convierte en el nuevo m\u00e1ximo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.2",
"matchCriteriaId": "251B083F-CA00-4956-8244-5CF8A610094F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Mbed-TLS/mbedtls/issues/8654",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-523xx/CVE-2023-52354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52354",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.780",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:56:40.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "chasquid anterior a 1.13 permite el contrabando SMTP porque se aceptan l\u00edneas terminadas en LF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blitiri:chasquid:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13",
"matchCriteriaId": "AF8C711E-1159-4434-BA08-1369414720E8"
}
]
}
]
}
],
"references": [
{
"url": "https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-57xx/CVE-2023-5716.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5716",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-01-19T04:15:09.360",
"lastModified": "2024-01-19T15:56:26.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:33:19.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,10 +35,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.0.8",
"matchCriteriaId": "D597B276-518F-4D89-9676-67F77282E5E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-59xx/CVE-2023-5943.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5943",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.153",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/18fbe9d5-4829-450b-988c-8ba4becd032a/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-59xx/CVE-2023-5956.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-5956",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.203",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b3d1fbae-88c9-45d1-92c6-0a529b21e3b2/",
"source": "contact@wpscan.com"
}
]
}

6
CVE-2023/CVE-2023-59xx/CVE-2023-5981.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5981",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-28T12:15:07.040",
"lastModified": "2024-01-29T07:15:08.760",
"lastModified": "2024-01-29T16:15:08.063",
"vulnStatus": "Modified",
"descriptions": [
{
@ -158,6 +158,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0451",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5981",
"source": "secalert@redhat.com",

24
CVE-2023/CVE-2023-61xx/CVE-2023-6165.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6165",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.250",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/youki992/youki992.github.io/blob/master/others/apply2.md",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/aba62286-9a82-4d5b-9b47-1fddde5da487/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-62xx/CVE-2023-6278.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6278",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.300",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/dfe5001f-31b9-4de2-a240-f7f5a992ac49/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-62xx/CVE-2023-6279.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6279",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.343",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-63xx/CVE-2023-6389.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6389",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.410",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6389.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-63xx/CVE-2023-6390.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6390",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.467",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/2023-6390.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-63xx/CVE-2023-6391.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6391",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.520",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6391.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/4098b18d-6ff3-462c-af05-48adb6599cf3/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-65xx/CVE-2023-6503.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6503",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.587",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6503.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/0d95de23-e8f6-4342-b19c-57cd22b2fee2/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-65xx/CVE-2023-6530.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6530",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.637",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-6530-tj-shortcodes-stored-xss-poc/",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/",
"source": "contact@wpscan.com"
}
]
}

103
CVE-2023/CVE-2023-65xx/CVE-2023-6531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6531",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-21T10:15:07.967",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:24:29.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6531",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253034",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

20
CVE-2023/CVE-2023-66xx/CVE-2023-6633.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6633",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.687",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-69xx/CVE-2023-6946.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-6946",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.740",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6946",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/54a00416-c7e3-44f3-8dd2-ed9e748055e6/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-70xx/CVE-2023-7074.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-7074",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.793",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-7074.txt",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/7906c349-97b0-4d82-aef0-97a1175ae88e/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-70xx/CVE-2023-7089.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7089",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.840",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/3b8ba734-7764-4ab6-a7e2-8de55bd46bed/",
"source": "contact@wpscan.com"
}
]
}

24
CVE-2023/CVE-2023-71xx/CVE-2023-7199.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-7199",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.897",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/",
"source": "contact@wpscan.com"
},
{
"url": "https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-72xx/CVE-2023-7200.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7200",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.943",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/586cf0a5-515c-43ea-8c03-f2f47ed13c2c/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-72xx/CVE-2023-7204.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7204",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.997",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/65a8cf83-d6cc-4d4c-a482-288a83a69879/",
"source": "contact@wpscan.com"
}
]
}

87
CVE-2024/CVE-2024-03xx/CVE-2024-0396.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0396",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-17T16:15:46.623",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:22:40.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n"
},
{
"lang": "es",
"value": "En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubri\u00f3 un problema de validaci\u00f3n de entrada. Un usuario autenticado puede manipular un par\u00e1metro en una transacci\u00f3n HTTPS. La transacci\u00f3n modificada podr\u00eda provocar errores computacionales dentro de MOVEit Transfer y potencialmente resultar en una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.0.10",
"matchCriteriaId": "B392A9C3-723E-48B9-83F9-C020A3FA4A88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.11",
"matchCriteriaId": "E4327F71-29F5-42BE-BB63-55912ACD82F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.1",
"versionEndExcluding": "2023.0.8",
"matchCriteriaId": "8D751E70-646C-4CB4-92A5-A53EB0505025"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.1.0",
"versionEndExcluding": "2023.1.3",
"matchCriteriaId": "E05648FB-598C-4884-BDFC-6C16C7152016"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

60
CVE-2024/CVE-2024-05xx/CVE-2024-0521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0521",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-01-20T21:15:43.463",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:26:35.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -50,10 +82,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paddlepaddle:paddle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACE1C29-00EE-4941-9209-5BCB2F6D49DA"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-05xx/CVE-2024-0567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T14:15:48.527",
"lastModified": "2024-01-29T07:15:09.337",
"lastModified": "2024-01-29T16:15:08.180",
"vulnStatus": "Modified",
"descriptions": [
{
@ -107,6 +107,10 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0567",
"source": "secalert@redhat.com",

72
CVE-2024/CVE-2024-06xx/CVE-2024-0665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0665",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-24T08:15:37.920",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:11:47.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,60 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.2.3",
"matchCriteriaId": "49F1B3A0-5E5E-49EB-AF4B-55BAEC31A4D3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

113
CVE-2024/CVE-2024-07xx/CVE-2024-0742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0742",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.230",
"lastModified": "2024-01-25T12:15:46.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:11:20.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,124 @@
"value": "Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de di\u00e1logo del navegador sin querer debido a una marca de tiempo incorrecta utilizada para evitar la entrada despu\u00e9s de cargar la p\u00e1gina. Esta vulnerabilidad afecta a Firefox < 122, Firefox ESR < 115.7 y Thunderbird < 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-07xx/CVE-2024-0769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0769",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T08:15:07.550",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:25:02.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,66 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:1.06:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3E0346C9-BBD3-490A-97AE-806E02DC04B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251666",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.251666",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

60
CVE-2024/CVE-2024-08xx/CVE-2024-0884.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0884",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T21:15:08.900",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:08.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Online Tours & Travels Management System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta a la funci\u00f3n exec del archivo Payment.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252035."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:online_tours_\\&travels_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52951A-0D67-4663-838C-66BB71DAA229"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.csdn.net/Q_M_0_9/article/details/135846415",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.252035",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252035",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-08xx/CVE-2024-0885.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0885",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T21:15:09.117",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:16.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SpyCamLizard 1.230 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente HTTP GET Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252036."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spycamlizard:spycamlizard:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "935DDA9E-8675-408C-AF96-F3A53AD2773A"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.252036",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252036",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1003.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1003",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T15:15:10.050",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252272",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252272",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1004.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1004",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T15:15:10.280",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252273",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252273",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1005.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1005",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T15:15:10.510",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/M9ERphWTXUPj",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252274",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252274",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1006.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1006",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T16:15:08.307",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/vWuVlU2eg79t",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252275",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252275",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1007.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1007",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T16:15:08.567",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252276."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252276",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252276",
"source": "cna@vuldb.com"
},
{
"url": "https://www.youtube.com/watch?v=1yesMwvWcL4",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1008.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1008",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T16:15:08.810",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252277",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252277",
"source": "cna@vuldb.com"
},
{
"url": "https://www.youtube.com/watch?v=z4gcLZCOcnc",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2024/CVE-2024-216xx/CVE-2024-21612.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21612",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:49.457",
"lastModified": "2024-01-18T18:59:32.627",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-29T16:15:09.040",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
"value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",

93
CVE-2024/CVE-2024-224xx/CVE-2024-22424.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22424",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T01:15:09.317",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:35:13.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim\u2019s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the \u201cLax\u201d SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the \u201cLax\u201d SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a \u201cpreflight request\u201d for POSTs with content type \u201capplication/json\u201d asking the destination API \u201care you allowed to accept requests from my domain?\u201d If the destination API does not answer \u201cyes,\u201d the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser\u2019s CORS check by setting the content type to something which is considered \u201cnot sensitive\u201d such as \u201ctext/plain.\u201d The browser wouldn\u2019t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. La API de Argo CD anterior a las versiones 2.10-rc2, 2.9.4, 2.8.8 y 2.7.15 es vulnerable a un ataque de cross-server request forgery (CSRF) cuando el atacante tiene la capacidad de escribir HTML en una p\u00e1gina del mismo dominio principal que Argo CD. Un ataque CSRF funciona enga\u00f1ando a un usuario autenticado de Argo CD para que cargue una p\u00e1gina web que contiene c\u00f3digo para llamar a los endpoints de la API de Argo CD en nombre de la v\u00edctima. Por ejemplo, un atacante podr\u00eda enviar a un usuario de Argo CD un enlace a una p\u00e1gina que parece inofensiva pero que en segundo plano llama a un endpoint de la API de Argo CD para crear una aplicaci\u00f3n que ejecute c\u00f3digo malicioso. Argo CD utiliza la pol\u00edtica de cookies \"Lax\" de SameSite para evitar ataques CSRF en los que el atacante controla un dominio externo. El sitio web externo malicioso puede intentar llamar a la API de Argo CD, pero el navegador web se negar\u00e1 a enviar el token de autenticaci\u00f3n de Argo CD con la solicitud. Muchas empresas alojan Argo CD en un subdominio interno. Si un atacante puede colocar c\u00f3digo malicioso, por ejemplo, en https://test.internal.example.com/, a\u00fan puede realizar un ataque CSRF. En este caso, la cookie SameSite \"Lax\" no impide que el navegador env\u00ede la cookie de autenticaci\u00f3n, porque el destino es un dominio principal de la API de Argo CD. Los navegadores generalmente bloquean este tipo de ataques aplicando pol\u00edticas CORS a solicitudes confidenciales con tipos de contenido confidenciales. Espec\u00edficamente, los navegadores enviar\u00e1n una \"solicitud de verificaci\u00f3n previa\" para POST con tipo de contenido \"application/json\" preguntando a la API de destino \"\u00bfpuede aceptar solicitudes de mi dominio?\" Si la API de destino no responde \"s\u00ed\", el navegador bloquear\u00e1 la solicitud. Antes de las versiones parcheadas, Argo CD no validaba que las solicitudes incluyeran el encabezado del tipo de contenido correcto. Por lo tanto, un atacante podr\u00eda eludir la verificaci\u00f3n CORS del navegador configurando el tipo de contenido en algo que se considere \"no sensible\", como \"texto/plano\". El navegador no enviar\u00eda la solicitud de verificaci\u00f3n previa y Argo CD aceptar\u00eda felizmente el contenido (que en realidad sigue siendo JSON) y realizar\u00eda la acci\u00f3n solicitada (como ejecutar c\u00f3digo malicioso). Se lanz\u00f3 un parche para esta vulnerabilidad en las siguientes versiones de Argo CD: 2.10-rc2, 2.9.4, 2.8.8 y 2.7.15. El parche contiene un cambio importante en la API. La API de Argo CD ya no aceptar\u00e1 solicitudes que no sean GET y que no especifiquen application/json como tipo de contenido. La lista de tipos de contenido aceptados es configurable y es posible (pero desaconsejado) desactivar completamente la verificaci\u00f3n del tipo de contenido. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.1.0",
"versionEndExcluding": "2.7.16",
"matchCriteriaId": "D7E1C1DF-F7F5-472D-A429-797D45E1492D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.8",
"matchCriteriaId": "CD960A01-17B6-4898-9DD2-6EF300AC2ECD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.4",
"matchCriteriaId": "7CAE51AB-775C-4A7F-B747-55E7412A921B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:argo-cd:2.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8006BF15-444F-4E23-9EF7-82AEC9C6CBED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/issues/2496",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/pull/16860",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-226xx/CVE-2024-22635.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-22635",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.333",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:23.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que WebCalendar v1.3.0 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejado a trav\u00e9s del componente /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E01876-DFE5-416A-AE98-5A06806921E8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

67
CVE-2024/CVE-2024-226xx/CVE-2024-22636.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-22636",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.380",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:32.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que PluXml Blog v5.8.9 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en la funci\u00f3n Static Pages. Esta vulnerabilidad se explota inyectando un payload dise\u00f1ado en el campo Content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluxml:pluxml:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFDBCD0-B737-4DE5-ABB5-171D353354B6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

69
CVE-2024/CVE-2024-226xx/CVE-2024-22637.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-22637",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.427",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:38.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Form Tools v3.1.1 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejado a trav\u00e9s del componente /form_builder/preview.php?form_id=2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formtools:form_toools:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5EBA2C-5B01-4C27-B786-973A45D0A4A8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176403/Form-Tools-3.1.1-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-226xx/CVE-2024-22638.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-22638",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.470",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:43.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que liveSite v2019.1 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del componente /livesite/edit_designer_region.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livesite:livesite:2019.1:*:*:*:*:*:*:*",
"matchCriteriaId": "990F7142-F2E9-4424-B287-9A2F848FD3D0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176420/liveSite-2019.1-Remote-Code-Execution.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-226xx/CVE-2024-22639.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-22639",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.520",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:50.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que iGalerie v3.0.22 contiene una vulnerabilidad de cross site scripting (XSS) reflejado a trav\u00e9s del campo Titre (Title) en la interfaz de edici\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:igalerie:igalerie:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA45D0A-C211-490F-9B3C-A1784CA783EF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176411/iGalerie-3.0.22-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2024/CVE-2024-227xx/CVE-2024-22768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22768",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:08.690",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:50:06.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-227xx/CVE-2024-22769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22769",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:08.990",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:54:12.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-227xx/CVE-2024-22770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22770",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.333",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:53:41.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-227xx/CVE-2024-22771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22771",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.563",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:53:04.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-227xx/CVE-2024-22772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22772",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.800",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:52:25.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-229xx/CVE-2024-22922.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-22922",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T22:15:08.567",
"lastModified": "2024-01-25T22:18:09.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:58:07.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php"
},
{
"lang": "es",
"value": "Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de un script manipulado a la p\u00e1gina de inicio de sesi\u00f3n en POST/index.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:visitor_management_system_in_php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8557503D-BA25-4635-826A-D0BF6ECE1DD5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://projectworlds.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://visitor.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

96
CVE-2024/CVE-2024-233xx/CVE-2024-23331.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23331",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T20:15:14.070",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:31:57.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers."
},
{
"lang": "es",
"value": "Vite es un framework de herramientas frontend para javascript. La opci\u00f3n del servidor de desarrollo de Vite `server.fs.deny` se puede omitir en sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas utilizando versiones de nombres de archivos aumentadas entre may\u00fasculas y min\u00fasculas. Cabe destacar que esto afecta a los servidores alojados en Windows. Esta omisi\u00f3n es similar a CVE-2023-34092, con un \u00e1rea de superficie reducida para hosts que tienen sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas. Dado que `picomatch` por defecto utiliza coincidencias globales que distinguen entre may\u00fasculas y min\u00fasculas, pero el servidor de archivos no discrimina; es posible omitir la lista negra. Al solicitar rutas de sistema de archivos sin formato usando may\u00fasculas aumentadas, el comparador derivado de `config.server.fs.deny` no logra bloquear el acceso a archivos confidenciales. Este problema se ha solucionado en vite@5.0.12, vite@4.5.2, vite@3.2.8 y vite@2.9.17. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben restringir el acceso a los servidores de desarrollo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,18 +78,80 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.9.17",
"matchCriteriaId": "CA6E1BE3-E530-4BB3-8086-856A30ECC2AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.2.8",
"matchCriteriaId": "C09B4AF4-B3E4-457D-A5DB-CAB25D164084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.5.2",
"matchCriteriaId": "78A4B866-994A-4B61-80AC-DDBCB478C66E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.12",
"matchCriteriaId": "5A0695F1-5643-4269-94C7-29F156D936F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://vitejs.dev/config/server-options.html#server-fs-deny",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

55
CVE-2024/CVE-2024-233xx/CVE-2024-23332.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23332",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T23:15:07.930",
"lastModified": "2024-01-20T02:58:09.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:28:47.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry."
},
{
"lang": "es",
"value": "Notary Project es un conjunto de especificaciones y herramientas destinadas a proporcionar un est\u00e1ndar intersectorial para proteger las cadenas de suministro de software mediante el uso de im\u00e1genes de contenedores aut\u00e9nticas y otros artefactos OCI. Un actor externo con control de un registro de contenedor comprometido puede proporcionar versiones obsoletas de artefactos OCI, como im\u00e1genes. Esto podr\u00eda llevar a los consumidores de artefactos con pol\u00edticas de confianza relajadas (como \"permisivas\" en lugar de \"estrictas\") a utilizar potencialmente artefactos con firmas que ya no son v\u00e1lidas, haci\u00e9ndolos susceptibles a cualquier vulnerabilidad que esos artefactos puedan contener. En Notary Project, un editor de artefactos puede controlar el per\u00edodo de validez del artefacto especificando la caducidad de la firma durante el proceso de firma. El uso de per\u00edodos de validez de firma m\u00e1s cortos junto con procesos para renunciar peri\u00f3dicamente a los artefactos permite a los productores de artefactos garantizar que sus consumidores solo recibir\u00e1n artefactos actualizados. En consecuencia, los consumidores de artefactos deber\u00edan utilizar una pol\u00edtica de confianza \"estricta\" o equivalente que imponga la caducidad de la firma. En conjunto, estos pasos permiten el uso de artefactos actualizados y protegen contra ataques de reversi\u00f3n en caso de que el registro se vea comprometido. Notary Project ofrece varias opciones de validaci\u00f3n de firmas, como \"permisivo\", \"auditor\u00eda\" y \"omitir\" para admitir varios escenarios. Estos escenarios incluyen 1) situaciones que exigen una implementaci\u00f3n urgente de cargas de trabajo, que requieren eludir firmas caducadas o revocadas; 2) auditor\u00eda de artefactos que carecen de firmas sin interrumpir la carga de trabajo; y 3) omitir la verificaci\u00f3n de im\u00e1genes espec\u00edficas que podr\u00edan haber sido validadas a trav\u00e9s de mecanismos alternativos. Adem\u00e1s, Notary Project admite la revocaci\u00f3n para garantizar la frescura de la firma. Los editores de artefactos pueden firmar con certificados de corta duraci\u00f3n y revocar certificados m\u00e1s antiguos cuando sea necesario. Esta revocaci\u00f3n sirve como se\u00f1al para informar a los consumidores de artefactos que el artefacto vigente correspondiente ya no est\u00e1 aprobado por el editor. Esto permite al editor de artefactos controlar la validez de la firma independientemente de su capacidad para administrar artefactos en un registro comprometido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notaryproject:notation:*:*:*:*:*:go:*:*",
"matchCriteriaId": "474ABB3D-4832-44B2-9A21-064DFE83F279"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-234xx/CVE-2024-23441.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23441",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-29T16:15:09.203",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/rollins/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.anti-virus.by/vba32",
"source": "help@fluidattacks.com"
}
]
}

71
CVE-2024/CVE-2024-237xx/CVE-2024-23725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23725",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T04:15:19.177",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:25:48.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Ghost anterior a 5.76.0 permite XSS a trav\u00e9s de un extracto de publicaci\u00f3n en excerpt.js. Se puede representar un payload XSS en res\u00famenes de publicaciones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.76.0",
"matchCriteriaId": "9AF7EED4-0B02-4CAC-A131-738E58F171F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TryGhost/Ghost/pull/17190",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
]
}
]
}

75
CVE-2024/CVE-2024-237xx/CVE-2024-23726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23726",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T04:15:19.353",
"lastModified": "2024-01-24T07:15:47.653",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:25:36.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Los dispositivos Ubee DDW365 XCNDDW365 y DDW366 XCNDXW3WB tienen PSK WPA2 predeterminados predecibles que podr\u00edan provocar un acceso remoto no autorizado. Un atacante remoto (cerca de una red Wi-Fi) puede derivar el valor WPA2-PSK predeterminado observando una trama de baliza. Un PSK se genera utilizando los primeros seis caracteres del SSID y los \u00faltimos seis del BSSID, disminuyendo el \u00faltimo d\u00edgito."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B5786B-8A5D-4789-9F10-2BD487FEFDFA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C356927C-FE51-428C-9473-42E1307695F7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-237xx/CVE-2024-23730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T17:15:44.373",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:22:56.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Los cargadores de complementos OpenAPI y ChatGPT en LlamaHub (tambi\u00e9n conocido como llama-hub) anteriores a 0.0.67 permiten a los atacantes ejecutar c\u00f3digo arbitrario porque safe_load no se usa para YAML."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:llamahub:llamahub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.67",
"matchCriteriaId": "6AAAC629-1512-4B10-B87A-7817B24731D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/run-llama/llama-hub/blob/v0.0.67/CHANGELOG.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/run-llama/llama-hub/pull/841/commits/9dc9c21a5c6d0226d1d2101c3121d4f085743d52",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/run-llama/llama-hub/releases/tag/v0.0.67",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

66
CVE-2024/CVE-2024-237xx/CVE-2024-23744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23744",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T23:15:44.833",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:00:24.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "Se descubri\u00f3 un problema en Mbed TLS 3.5.1. Hay una denegaci\u00f3n persistente del protocolo de enlace si un cliente env\u00eda un ClientHello TLS 1.3 sin extensiones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.2",
"matchCriteriaId": "251B083F-CA00-4956-8244-5CF8A610094F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Mbed-TLS/mbedtls/issues/8694",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

66
CVE-2024/CVE-2024-237xx/CVE-2024-23750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23750",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.507",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T16:51:14.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "MetaGPT hasta 0.6.4 permite que la funci\u00f3n QaEngineer ejecute c\u00f3digo arbitrario porque RunCode.run_script() pasa metacaracteres de shell al subproceso.Popen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.6.4",
"matchCriteriaId": "D05F5DEF-ACD0-4B99-AA6D-A6F59B31026D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/geekan/MetaGPT/issues/731",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-237xx/CVE-2024-23751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.557",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:06:44.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "LlamaIndex (tambi\u00e9n conocido como llama_index) hasta 0.9.34 permite la inyecci\u00f3n de SQL a trav\u00e9s de la funci\u00f3n Texto a SQL en NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine y PGVectorSQLQueryEngine. Por ejemplo, un atacante podr\u00eda eliminar los registros de los estudiantes de este a\u00f1o mediante \"Soltar la tabla de estudiantes\" dentro de la entrada en idioma ingl\u00e9s."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.34",
"matchCriteriaId": "A85457FA-3A68-45F3-9AB7-7E367D18EC67"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/run-llama/llama_index/issues/9957",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23822.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T16:15:09.437",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23826.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T16:15:09.640",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-238xx/CVE-2024-23827.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23827",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T16:15:09.867",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2024/CVE-2024-238xx/CVE-2024-23842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23842",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:10.007",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:51:53.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.03",
"versionEndIncluding": "4.02",
"matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598"
}
]
}
]
}
],
"references": [
{
"url": "http://www.hitron.co.kr/firmware/",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-243xx/CVE-2024-24399.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-24399",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.563",
"lastModified": "2024-01-25T21:52:01.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T15:57:59.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en LeptonCMS v7.0.0 permite a atacantes autenticados ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lepton-cms:leptoncms:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF51884-E7D5-4DC4-8EB0-A5B6939B84C5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/capture0x/leptoncms/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

96
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-29T15:00:24.860612+00:00
2024-01-29T17:00:25.457001+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-29T14:29:25.953000+00:00
2024-01-29T16:56:40.830000+00:00
```
### Last Data Feed Release
@ -29,55 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237012
237041
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `29`
* [CVE-2023-29055](CVE-2023/CVE-2023-290xx/CVE-2023-29055.json) (`2024-01-29T13:15:07.970`)
* [CVE-2024-0997](CVE-2024/CVE-2024-09xx/CVE-2024-0997.json) (`2024-01-29T13:15:08.127`)
* [CVE-2024-0998](CVE-2024/CVE-2024-09xx/CVE-2024-0998.json) (`2024-01-29T13:15:08.470`)
* [CVE-2024-0999](CVE-2024/CVE-2024-09xx/CVE-2024-0999.json) (`2024-01-29T13:15:08.753`)
* [CVE-2024-1000](CVE-2024/CVE-2024-10xx/CVE-2024-1000.json) (`2024-01-29T14:15:08.717`)
* [CVE-2024-1001](CVE-2024/CVE-2024-10xx/CVE-2024-1001.json) (`2024-01-29T14:15:08.970`)
* [CVE-2024-1002](CVE-2024/CVE-2024-10xx/CVE-2024-1002.json) (`2024-01-29T14:15:09.200`)
* [CVE-2024-1014](CVE-2024/CVE-2024-10xx/CVE-2024-1014.json) (`2024-01-29T14:15:09.437`)
* [CVE-2024-1015](CVE-2024/CVE-2024-10xx/CVE-2024-1015.json) (`2024-01-29T14:15:09.657`)
* [CVE-2024-22559](CVE-2024/CVE-2024-225xx/CVE-2024-22559.json) (`2024-01-29T14:15:09.940`)
* [CVE-2024-23747](CVE-2024/CVE-2024-237xx/CVE-2024-23747.json) (`2024-01-29T14:15:09.993`)
* [CVE-2023-6946](CVE-2023/CVE-2023-69xx/CVE-2023-6946.json) (`2024-01-29T15:15:09.740`)
* [CVE-2023-7074](CVE-2023/CVE-2023-70xx/CVE-2023-7074.json) (`2024-01-29T15:15:09.793`)
* [CVE-2023-7089](CVE-2023/CVE-2023-70xx/CVE-2023-7089.json) (`2024-01-29T15:15:09.840`)
* [CVE-2023-7199](CVE-2023/CVE-2023-71xx/CVE-2023-7199.json) (`2024-01-29T15:15:09.897`)
* [CVE-2023-7200](CVE-2023/CVE-2023-72xx/CVE-2023-7200.json) (`2024-01-29T15:15:09.943`)
* [CVE-2023-7204](CVE-2023/CVE-2023-72xx/CVE-2023-7204.json) (`2024-01-29T15:15:09.997`)
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-01-29T15:15:08.893`)
* [CVE-2023-5124](CVE-2023/CVE-2023-51xx/CVE-2023-5124.json) (`2024-01-29T15:15:09.100`)
* [CVE-2023-5943](CVE-2023/CVE-2023-59xx/CVE-2023-5943.json) (`2024-01-29T15:15:09.153`)
* [CVE-2023-5956](CVE-2023/CVE-2023-59xx/CVE-2023-5956.json) (`2024-01-29T15:15:09.203`)
* [CVE-2023-6165](CVE-2023/CVE-2023-61xx/CVE-2023-6165.json) (`2024-01-29T15:15:09.250`)
* [CVE-2023-6278](CVE-2023/CVE-2023-62xx/CVE-2023-6278.json) (`2024-01-29T15:15:09.300`)
* [CVE-2023-6279](CVE-2023/CVE-2023-62xx/CVE-2023-6279.json) (`2024-01-29T15:15:09.343`)
* [CVE-2023-6389](CVE-2023/CVE-2023-63xx/CVE-2023-6389.json) (`2024-01-29T15:15:09.410`)
* [CVE-2023-6390](CVE-2023/CVE-2023-63xx/CVE-2023-6390.json) (`2024-01-29T15:15:09.467`)
* [CVE-2024-1003](CVE-2024/CVE-2024-10xx/CVE-2024-1003.json) (`2024-01-29T15:15:10.050`)
* [CVE-2024-1004](CVE-2024/CVE-2024-10xx/CVE-2024-1004.json) (`2024-01-29T15:15:10.280`)
* [CVE-2024-1005](CVE-2024/CVE-2024-10xx/CVE-2024-1005.json) (`2024-01-29T15:15:10.510`)
* [CVE-2024-1006](CVE-2024/CVE-2024-10xx/CVE-2024-1006.json) (`2024-01-29T16:15:08.307`)
* [CVE-2024-1007](CVE-2024/CVE-2024-10xx/CVE-2024-1007.json) (`2024-01-29T16:15:08.567`)
* [CVE-2024-1008](CVE-2024/CVE-2024-10xx/CVE-2024-1008.json) (`2024-01-29T16:15:08.810`)
* [CVE-2024-23441](CVE-2024/CVE-2024-234xx/CVE-2024-23441.json) (`2024-01-29T16:15:09.203`)
* [CVE-2024-23822](CVE-2024/CVE-2024-238xx/CVE-2024-23822.json) (`2024-01-29T16:15:09.437`)
* [CVE-2024-23826](CVE-2024/CVE-2024-238xx/CVE-2024-23826.json) (`2024-01-29T16:15:09.640`)
* [CVE-2024-23827](CVE-2024/CVE-2024-238xx/CVE-2024-23827.json) (`2024-01-29T16:15:09.867`)
### CVEs modified in the last Commit
Recently modified CVEs: `63`
Recently modified CVEs: `46`
* [CVE-2024-0989](CVE-2024/CVE-2024-09xx/CVE-2024-0989.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0990](CVE-2024/CVE-2024-09xx/CVE-2024-0990.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0991](CVE-2024/CVE-2024-09xx/CVE-2024-0991.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0992](CVE-2024/CVE-2024-09xx/CVE-2024-0992.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0993](CVE-2024/CVE-2024-09xx/CVE-2024-0993.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0994](CVE-2024/CVE-2024-09xx/CVE-2024-0994.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0664](CVE-2024/CVE-2024-06xx/CVE-2024-0664.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0667](CVE-2024/CVE-2024-06xx/CVE-2024-0667.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0697](CVE-2024/CVE-2024-06xx/CVE-2024-0697.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0824](CVE-2024/CVE-2024-08xx/CVE-2024-0824.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0618](CVE-2024/CVE-2024-06xx/CVE-2024-0618.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0958](CVE-2024/CVE-2024-09xx/CVE-2024-0958.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22860](CVE-2024/CVE-2024-228xx/CVE-2024-22860.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22862](CVE-2024/CVE-2024-228xx/CVE-2024-22862.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22861](CVE-2024/CVE-2024-228xx/CVE-2024-22861.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0959](CVE-2024/CVE-2024-09xx/CVE-2024-0959.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-29T14:25:31.763`)
* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-29T14:25:59.197`)
* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-29T14:26:42.917`)
* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-29T14:27:18.327`)
* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-29T14:27:48.647`)
* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-29T14:28:14.090`)
* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-29T14:28:45.320`)
* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-29T14:29:03.063`)
* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-29T14:29:25.953`)
* [CVE-2024-0521](CVE-2024/CVE-2024-05xx/CVE-2024-0521.json) (`2024-01-29T15:26:35.300`)
* [CVE-2024-23332](CVE-2024/CVE-2024-233xx/CVE-2024-23332.json) (`2024-01-29T15:28:47.230`)
* [CVE-2024-23331](CVE-2024/CVE-2024-233xx/CVE-2024-23331.json) (`2024-01-29T15:31:57.737`)
* [CVE-2024-22424](CVE-2024/CVE-2024-224xx/CVE-2024-22424.json) (`2024-01-29T15:35:13.463`)
* [CVE-2024-22768](CVE-2024/CVE-2024-227xx/CVE-2024-22768.json) (`2024-01-29T15:50:06.730`)
* [CVE-2024-23842](CVE-2024/CVE-2024-238xx/CVE-2024-23842.json) (`2024-01-29T15:51:53.207`)
* [CVE-2024-22772](CVE-2024/CVE-2024-227xx/CVE-2024-22772.json) (`2024-01-29T15:52:25.997`)
* [CVE-2024-22771](CVE-2024/CVE-2024-227xx/CVE-2024-22771.json) (`2024-01-29T15:53:04.917`)
* [CVE-2024-22770](CVE-2024/CVE-2024-227xx/CVE-2024-22770.json) (`2024-01-29T15:53:41.323`)
* [CVE-2024-22769](CVE-2024/CVE-2024-227xx/CVE-2024-22769.json) (`2024-01-29T15:54:12.760`)
* [CVE-2024-0884](CVE-2024/CVE-2024-08xx/CVE-2024-0884.json) (`2024-01-29T15:57:08.023`)
* [CVE-2024-0885](CVE-2024/CVE-2024-08xx/CVE-2024-0885.json) (`2024-01-29T15:57:16.977`)
* [CVE-2024-22635](CVE-2024/CVE-2024-226xx/CVE-2024-22635.json) (`2024-01-29T15:57:23.770`)
* [CVE-2024-22636](CVE-2024/CVE-2024-226xx/CVE-2024-22636.json) (`2024-01-29T15:57:32.540`)
* [CVE-2024-22637](CVE-2024/CVE-2024-226xx/CVE-2024-22637.json) (`2024-01-29T15:57:38.163`)
* [CVE-2024-22638](CVE-2024/CVE-2024-226xx/CVE-2024-22638.json) (`2024-01-29T15:57:43.763`)
* [CVE-2024-22639](CVE-2024/CVE-2024-226xx/CVE-2024-22639.json) (`2024-01-29T15:57:50.477`)
* [CVE-2024-24399](CVE-2024/CVE-2024-243xx/CVE-2024-24399.json) (`2024-01-29T15:57:59.413`)
* [CVE-2024-22922](CVE-2024/CVE-2024-229xx/CVE-2024-22922.json) (`2024-01-29T15:58:07.447`)
* [CVE-2024-23744](CVE-2024/CVE-2024-237xx/CVE-2024-23744.json) (`2024-01-29T16:00:24.713`)
* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-01-29T16:11:20.047`)
* [CVE-2024-0665](CVE-2024/CVE-2024-06xx/CVE-2024-0665.json) (`2024-01-29T16:11:47.440`)
* [CVE-2024-0567](CVE-2024/CVE-2024-05xx/CVE-2024-0567.json) (`2024-01-29T16:15:08.180`)
* [CVE-2024-21612](CVE-2024/CVE-2024-216xx/CVE-2024-21612.json) (`2024-01-29T16:15:09.040`)
* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-29T16:51:14.573`)
## Download and Usage