diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36770.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36770.json index 9efe7e9be22..8eb893df733 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36770.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36770.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36770", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-15T07:15:07.917", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:27:57.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,69 @@ "value": "pkg_postinst en Gentoo ebuild para Slurm hasta 22.05.3 llama innecesariamente a chown para asignar la propiedad de root a los archivos en el sistema de archivos root activo. Esto podr\u00eda ser aprovechado por el usuario de slurm para convertirse en propietario de los archivos de propiedad root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gentoo:ebuild_for_slurm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "22.05.3", + "matchCriteriaId": "040141F1-CE3B-4E03-8286-A90A768AE613" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.gentoo.org/631552", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json index 0f5ad0358b4..dbafce1ba81 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36772.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36772", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-22T15:15:07.883", - "lastModified": "2024-01-22T15:15:07.883", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-15xx/CVE-2022-1563.json b/CVE-2022/CVE-2022-15xx/CVE-2022-1563.json index c8685e72539..291cf88c64d 100644 --- a/CVE-2022/CVE-2022-15xx/CVE-2022-1563.json +++ b/CVE-2022/CVE-2022-15xx/CVE-2022-1563.json @@ -2,23 +2,87 @@ "id": "CVE-2022-1563", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.480", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:13:11.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL." + }, + { + "lang": "es", + "value": "El complemento WPGraphQL WooCommerce WordPress anterior a 0.12.4 no impide que atacantes no autenticados enumeren los c\u00f3digos de cup\u00f3n y los valores de una tienda a trav\u00e9s de GraphQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpengine:wpgraphql:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.12.3", + "matchCriteriaId": "4F798CF6-18C1-4982-9B67-428E15BE677D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/wp-graphql/wp-graphql-woocommerce/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Product" + ] }, { "url": "https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-16xx/CVE-2022-1609.json b/CVE-2022/CVE-2022-16xx/CVE-2022-1609.json index 2cefe4868ee..719338a20f9 100644 --- a/CVE-2022/CVE-2022-16xx/CVE-2022-1609.json +++ b/CVE-2022/CVE-2022-16xx/CVE-2022-1609.json @@ -2,19 +2,80 @@ "id": "CVE-2022-1609", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.530", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:59:05.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site." + }, + { + "lang": "es", + "value": "El complemento de WordPress School Management anterior a 9.9.7 contiene una puerta trasera ofuscada inyectada en su c\u00f3digo de verificaci\u00f3n de licencia que registra un controlador de API REST, lo que permite a un atacante no autenticado ejecutar c\u00f3digo PHP arbitrario en el sitio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weblizar:school_management:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "9.9.7", + "matchCriteriaId": "F40014A3-9056-4A4F-A69E-FFA4FFB8D519" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-457xx/CVE-2022-45790.json b/CVE-2022/CVE-2022-457xx/CVE-2022-45790.json index e5b2e3d85f3..6d67e910d11 100644 --- a/CVE-2022/CVE-2022-457xx/CVE-2022-45790.json +++ b/CVE-2022/CVE-2022-457xx/CVE-2022-45790.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45790", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-22T18:15:19.497", - "lastModified": "2024-01-22T18:15:19.497", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-457xx/CVE-2022-45792.json b/CVE-2022/CVE-2022-457xx/CVE-2022-45792.json index d5de16d3279..2087fc9a1b2 100644 --- a/CVE-2022/CVE-2022-457xx/CVE-2022-45792.json +++ b/CVE-2022/CVE-2022-457xx/CVE-2022-45792.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45792", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-22T18:15:19.760", - "lastModified": "2024-01-22T18:15:19.760", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0224.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0224.json index 01b86d98061..aea8e8b3ed1 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0224.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0224.json @@ -2,23 +2,88 @@ "id": "CVE-2023-0224", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.440", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:53:57.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks" + }, + { + "lang": "es", + "value": "El complemento de WordPress GiveWP anterior a 2.24.1 no escapa correctamente a la entrada del usuario antes de llegar a las consultas SQL, lo que podr\u00eda permitir a atacantes no autenticados realizar ataques de inyecci\u00f3n SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.24.1", + "matchCriteriaId": "2F6FDD3A-0940-49BC-85E1-873BB889C391" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://givewp.com/core-2-24-0-vulnerability-patched/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0376.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0376.json index 7f4fbd7d40b..f2e7957ee81 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0376.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0376.json @@ -2,19 +2,80 @@ "id": "CVE-2023-0376", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.487", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:51:19.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Qubely WordPress anterior a 1.8.5 no valida ni escapa algunas de sus opciones de bloqueo antes de devolverlas a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de cross site scripting almacenado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeum:qubely:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.5", + "matchCriteriaId": "4506F22E-0603-4CCD-9D55-0DACA4E11A50" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/b1aa6f32-c1d5-4fc6-9a4e-d4c5fae78389/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0389.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0389.json index c84b22de870..aa425450e88 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0389.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0389.json @@ -2,19 +2,80 @@ "id": "CVE-2023-0389", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.533", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:51:39.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento de WordPress Calculated Fields Form anterior a 1.1.151 no sanitiza ni escapa a algunas de sus configuraciones de formulario, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.151", + "matchCriteriaId": "3D878CC7-CC35-4E37-89A4-9FE302620A41" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/090a3922-febc-4294-82d2-d8339d461893/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0479.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0479.json index 5af4fa2dcd1..22d9a6c0c3c 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0479.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0479.json @@ -2,19 +2,80 @@ "id": "CVE-2023-0479", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.580", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:50:38.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding." + }, + { + "lang": "es", + "value": "El complemento Print Invoice & Delivery Notes para WooCommerce WordPress anterior a 4.7.2 es vulnerable al XSS reflejado al hacer eco de un valor GET en una nota administrativa dentro de la p\u00e1gina de pedidos de WooCommerce. Esto significa que esta vulnerabilidad puede ser aprovechada por usuarios con la capacidad edit_others_shop_orders. WooCommerce debe estar instalado y activo. Esta vulnerabilidad es causada por un urldecode() despu\u00e9s de la limpieza con esc_url_raw(), lo que permite la doble codificaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:print_invoice_\\&_delivery_notes_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.7.2", + "matchCriteriaId": "57D900AB-BC91-4C85-91AD-F0A836DC5960" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/50963747-ae8e-42b4-bb42-cc848be7b92e/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0769.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0769.json index d9cba7a4e7f..3ee3ca01d70 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0769.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0769.json @@ -2,19 +2,80 @@ "id": "CVE-2023-0769", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.623", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:29:24.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins." + }, + { + "lang": "es", + "value": "El complemento hiWeb Migration Simple WordPress hasta la versi\u00f3n 2.0.0.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera una cross site scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como los administradores." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hiweb:migration_simple:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.0.1", + "matchCriteriaId": "9FE953E1-3EE8-43BE-BCCA-8236EEEC8A89" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/1d4a2f0e-a371-4e27-98de-528e070f41b0/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0824.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0824.json index ec7fd047c38..a781d316d6c 100644 --- a/CVE-2023/CVE-2023-08xx/CVE-2023-0824.json +++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0824.json @@ -2,19 +2,80 @@ "id": "CVE-2023-0824", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:10.670", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:37:19.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento de WordPress User registration & user profile hasta la versi\u00f3n 2.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3ny escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado agregue payloads XSS almacenadas a trav\u00e9s de un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "10FC21CA-67E9-48F5-A3FE-631CC022A9BB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/48a3a542-9130-4524-9d19-ff9eccecb148/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json new file mode 100644 index 00000000000..582299c291a --- /dev/null +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-27859", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T20:15:46.550", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105503", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28897.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28897.json index 6a7603b313c..c732815d3a9 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28897.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28897.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28897", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-12T16:15:51.210", - "lastModified": "2024-01-12T17:06:09.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:53:52.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.\n\nVulnerability discovered on \u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n" + }, + { + "lang": "es", + "value": "El valor secreto utilizado para acceder a los servicios UDS cr\u00edticos del infotainment MIB3 est\u00e1 codificado en el firmware. Vulnerabilidad descubierta en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -46,10 +80,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*", + "matchCriteriaId": "63385CB3-F944-48CF-A3F5-25091F86F2A9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-28897", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28898.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28898.json index 67358a7c11e..7b82f79ec52 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28898.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28898.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28898", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-12T16:15:51.747", - "lastModified": "2024-01-12T17:06:09.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:52:50.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.\n\nVulnerability discovered on \u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n" + }, + { + "lang": "es", + "value": "La implementaci\u00f3n de Real-Time Streaming Protocol en el infotainment MIB3 maneja incorrectamente las solicitudes al URI /logs, cuando el par\u00e1metro id es igual a cero. Este problema permite que un atacante conectado a la red Wi-Fi del veh\u00edculo provoque una denegaci\u00f3n de servicio del sistema de infotainment, cuando se cumplen ciertas condiciones previas. Vulnerabilidad descubierta en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -46,10 +80,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*", + "matchCriteriaId": "63385CB3-F944-48CF-A3F5-25091F86F2A9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://nonexistent.com", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28899.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28899.json index 07d6acda571..0639cfe4ecf 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28899.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28899.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28899", "sourceIdentifier": "cve@asrg.io", "published": "2024-01-12T17:15:09.000", - "lastModified": "2024-01-12T18:05:43.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:52:12.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.\u00a0" + }, + { + "lang": "es", + "value": "Al enviar una solicitud de reinicio UDS espec\u00edfica a trav\u00e9s del puerto OBDII de los veh\u00edculos Skoda, es posible provocar el apagado del motor del veh\u00edculo y la denegaci\u00f3n de servicio de otros componentes del veh\u00edculo incluso cuando el veh\u00edculo se mueve a alta velocidad. Ninguna funci\u00f3n cr\u00edtica de seguridad se ve afectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cve@asrg.io", "type": "Secondary", @@ -34,10 +58,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A672066E-F623-4330-800B-C88631224BCC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://asrg.io/security-advisories/cve-2023-28899", - "source": "cve@asrg.io" + "source": "cve@asrg.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3178.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3178.json index 3f06c686fb7..c4242b15ca9 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3178.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3178.json @@ -2,19 +2,81 @@ "id": "CVE-2023-3178", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:11.243", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:43:34.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento POST SMTP Mailer de WordPress anterior a 2.5.7 no tiene comprobaciones CSRF adecuadas en algunas acciones AJAX, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados con la capacidad de Manage_postman_smtp eliminen registros arbitrarios mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.7", + "matchCriteriaId": "AACA58B5-42D5-4C1F-8B91-80569638003E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3211.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3211.json index 41c87a597b5..cd2c6284de7 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3211.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3211.json @@ -2,19 +2,81 @@ "id": "CVE-2023-3211", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:11.290", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:46:53.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection." + }, + { + "lang": "es", + "value": "El complemento WordPress Database Administrator de WordPress hasta la versi\u00f3n 1.0.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL a trav\u00e9s de una acci\u00f3n AJAX disponible para usuarios no autenticados, lo que lleva a una inyecci\u00f3n de SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dmparekh:wordpress_database_administrator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "CFF49253-B421-47BA-989A-D9CBE1B88DDD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/873824f0-e8b1-45bd-8579-bc3c649a54e5/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33472.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33472.json index 530a2a27012..2f0f0bf61da 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33472.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33472.json @@ -2,19 +2,80 @@ "id": "CVE-2023-33472", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-13T02:15:07.060", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:21:10.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Scada-LTS v2.7.5.2 build 4551883606 y anteriores, que permite a atacantes remotos con autenticaci\u00f3n de bajo nivel escalar privilegios, ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n Event Handlers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.7.5.2", + "matchCriteriaId": "6BC46BD6-BCA0-45AE-BCF2-B7967186449C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hev0x.github.io/posts/scadalts-cve-2023-33472/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3372.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3372.json index b5586ada0eb..81935f94b0b 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3372.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3372.json @@ -2,19 +2,81 @@ "id": "CVE-2023-3372", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:11.350", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:46:01.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento de WordPress Lana Shortcodes anterior a 1.2.0 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode, lo que permite a los usuarios con el rol de colaborador y superiores realizar ataques de cross site scripting almacenado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lana:lana_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "38863CC9-BAFE-4512-B52B-7260FD3BA1C7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/3396b734-9a10-4070-802d-f9d01cc6eb74/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3647.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3647.json index 9797fe63624..bd7f12d3d01 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3647.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3647.json @@ -2,19 +2,80 @@ "id": "CVE-2023-3647", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:11.420", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:48:26.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento de WordPress IURNY by INDIGITALL anterior a 3.2.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:indigitall:iurny:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.3", + "matchCriteriaId": "9B06C982-D9D5-439A-929B-6E2B0539E340" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/6df05333-b1f1-4324-a1ba-dd36fbf1778c/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38039.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38039.json index 12a3069b348..e163742e4ea 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38039.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38039.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38039", "sourceIdentifier": "support@hackerone.com", "published": "2023-09-15T04:15:10.127", - "lastModified": "2023-12-12T21:15:08.123", + "lastModified": "2024-01-22T19:15:08.230", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -122,6 +122,18 @@ "url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "source": "support@hackerone.com" }, + { + "url": "https://support.apple.com/kb/HT214057", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214058", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214063", + "source": "support@hackerone.com" + }, { "url": "https://www.insyde.com/security-pledge/SA-2023064", "source": "support@hackerone.com" diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json index 786ac792393..6821cb26621 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38545", "sourceIdentifier": "support@hackerone.com", "published": "2023-10-18T04:15:11.077", - "lastModified": "2024-01-21T02:23:03.223", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-22T19:15:08.340", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -138,6 +138,18 @@ "Third Party Advisory" ] }, + { + "url": "https://support.apple.com/kb/HT214057", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214058", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214063", + "source": "support@hackerone.com" + }, { "url": "https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json index bc88d9f8a3b..26adc79551d 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38546", "sourceIdentifier": "support@hackerone.com", "published": "2023-10-18T04:15:11.137", - "lastModified": "2023-10-28T03:15:08.267", + "lastModified": "2024-01-22T19:15:08.437", "vulnStatus": "Modified", "descriptions": [ { @@ -81,6 +81,18 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/", "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214057", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214058", + "source": "support@hackerone.com" + }, + { + "url": "https://support.apple.com/kb/HT214063", + "source": "support@hackerone.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39691.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39691.json index bc3dec0b782..31e8dad9923 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39691.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39691.json @@ -2,19 +2,79 @@ "id": "CVE-2023-39691", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T22:15:37.520", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:52:59.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request." + }, + { + "lang": "es", + "value": "Un problema descubierto en kodbox hasta la versi\u00f3n 1.43 permite a los atacantes agregar arbitrariamente cuentas de administrador mediante una solicitud GET manipulada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kodcloud:kodbox:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.43", + "matchCriteriaId": "E9885CBB-DB95-45EE-ABFF-CDB1CDB43391" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.mo60.cn/index.php/archives/kodbox_Logical.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41619.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41619.json index cc1fee2bd5e..1504849a26a 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41619.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41619.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41619", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.233", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:54:00.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s del componente /admin/article.php?action=write." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*", + "matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41619", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/emlog/emlog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json index 592426282e0..c35228c839c 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44395.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44395", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-22T15:15:08.037", - "lastModified": "2024-01-22T15:15:08.037", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45193.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45193.json new file mode 100644 index 00000000000..a33015b9c08 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45193.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45193", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T19:15:08.520", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105501", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46226.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46226.json index a2166c52039..da4c60a3abd 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46226.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46226.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46226", "sourceIdentifier": "security@apache.org", "published": "2024-01-15T11:15:07.963", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:56:58.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 1.0.0 hasta 1.2.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.3.0, que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "209BEA6C-C5D8-482C-AB70-02A215CC0F99" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/15/1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46749.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46749.json index cdeda44fda0..828e20e7c85 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46749.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46749.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46749", "sourceIdentifier": "security@apache.org", "published": "2024-01-15T10:15:26.380", - "lastModified": "2024-01-20T10:15:07.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:22:01.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Apache Shiro anterior a 1.130 o 2.0.0-alpha-4 puede ser susceptible a un ataque de path traversal que da como resultado una omisi\u00f3n de autenticaci\u00f3n cuando se usa junto con path rewriting. Mitigaci\u00f3n: actualice a Apache Shiro 1.13.0+ o 2.0.0-alpha- 4+, o aseg\u00farese de que `blockSemicolon` est\u00e9 habilitado (este es el valor predeterminado)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,10 +50,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.13.0", + "matchCriteriaId": "4506F25B-7525-4608-9541-2FA9A31C72BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "27D6F919-851F-470D-A8E7-0F56C1EA16FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "A759179A-E4A9-4A6A-9CCB-5BB9CC73F7E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "637D39D2-0D98-4137-8D48-C6D8834E07B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json index 42384d68af1..d0453045ca5 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46846", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-03T08:15:07.953", - "lastModified": "2024-01-09T02:15:44.380", + "lastModified": "2024-01-22T20:15:46.730", "vulnStatus": "Modified", "descriptions": [ { @@ -289,6 +289,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20231130-0002/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47152.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47152.json new file mode 100644 index 00000000000..a6a750eef1a --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47152.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-47152", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T20:15:46.890", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105605", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47158.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47158.json new file mode 100644 index 00000000000..b9111647d99 --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47158.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47158", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T20:15:47.077", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105496", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47460.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47460.json index 57c773a5192..fccc57a8ed1 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47460.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47460.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47460", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.327", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:37:30.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en Knovos Discovery v.22.67.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:knovos:discovery:22.67.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81B34BDE-17F1-4945-9C22-7038C9EF61F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/aleksey-vi/CVE-2023-47460", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.knovos.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47746.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47746.json new file mode 100644 index 00000000000..aaad00666a1 --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47746.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47746", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T19:15:08.730", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105505", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47747.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47747.json new file mode 100644 index 00000000000..dbfcf690d13 --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47747.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47747", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T20:15:47.267", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105502", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json index 0261c429f6a..3c2ece5e6c4 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48104", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.370", - "lastModified": "2024-01-17T19:15:08.243", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:05:46.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Alinto SOGo 5.8.0 es vulnerable a la inyecci\u00f3n de HTML." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.9.1", + "matchCriteriaId": "76C1BB1F-C1CB-42D3-B7C8-DFBB4A680D19" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/E1tex/CVE-2023-48104", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json new file mode 100644 index 00000000000..64d93d6813f --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-48118", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-22T19:15:08.947", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.quest-analytics.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48166.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48166.json index e37691f0d8c..daa31589896 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48166.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48166.json @@ -2,23 +2,85 @@ "id": "CVE-2023-48166", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T23:15:08.727", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:21:48.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de directory traversal en el servidor SOAP integrado en Atos Unify OpenScape Voice V10 anterior a V10R3.26.1 permite a un atacante remoto ver el contenido de archivos arbitrarios en el sistema de archivos local. Un atacante no autenticado podr\u00eda obtener archivos confidenciales que permitan comprometer el sistema subyacente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unify:openscape_voice:10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "98171884-CD1A-48B4-934B-309C7D14DCFD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://labs.integrity.pt/advisories/cve-2023-48166/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json index ff98fcc5e42..0bd5248f4c8 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49801.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49801", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-12T21:15:09.943", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:49:34.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0." + }, + { + "lang": "es", + "value": "Lif Auth Server es un servidor para validar inicios de sesi\u00f3n, administrar informaci\u00f3n y recuperar cuentas para cuentas Lif. El problema se relaciona con las rutas `get_pfp` y `get_banner` en Auth Server. El problema es que no hay ninguna verificaci\u00f3n para garantizar que el archivo que recibe el Auth Server a trav\u00e9s de estas URL sea correcto. Esto podr\u00eda permitir que un atacante acceda a archivos a los que no deber\u00eda tener acceso. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +84,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lifplatforms:lif_auth_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.0", + "matchCriteriaId": "2BC6696D-4032-4C27-A31E-EB497683D262" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50290.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50290.json index a0e3aab38e6..0b044dd9db2 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50290.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50290.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50290", "sourceIdentifier": "security@apache.org", "published": "2024-01-15T10:15:26.527", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:04:50.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,44 @@ "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Apache Solr. La API de Solr Metrics publica todas las variables de entorno desprotegidas disponibles para cada instancia de Apache Solr. Los usuarios pueden especificar qu\u00e9 variables de entorno ocultar; sin embargo, la lista predeterminada est\u00e1 dise\u00f1ada para funcionar con propiedades secretas conocidas del sistema Java. Las variables de entorno no se pueden definir estrictamente en Solr, como pueden serlo las propiedades del sistema Java, y pueden configurarse para todo el host, a diferencia de las propiedades del sistema Java que se configuran por proceso Java. La API de Solr Metrics est\u00e1 protegida por el permiso de \"metrics-read\". Por lo tanto, las nubes Solr con configuraci\u00f3n de autorizaci\u00f3n solo ser\u00e1n vulnerables a trav\u00e9s de usuarios con el permiso de \"metrics-read\". Este problema afecta a Apache Solr: desde 9.0.0 antes de 9.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.3.0 o posterior, en la que las variables de entorno no se publican a trav\u00e9s de la API de m\u00e9tricas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -27,10 +60,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.3.0", + "matchCriteriaId": "E1EF37F2-A898-4CF3-A122-1EEA13E6DDA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50308.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50308.json new file mode 100644 index 00000000000..2f95134d72d --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50308.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50308", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T19:15:09.003", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105506", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51059.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51059.json index d2c9b509b42..bf4aff61a79 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51059.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51059.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51059", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T02:15:28.480", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:43:30.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,87 @@ "value": "Un problema en MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente de gesti\u00f3n de sesiones de la interfaz web administrativa." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mokosmart:mkgw1_gateway_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.1.1", + "matchCriteriaId": "22F6F0CE-664E-4A2B-AE89-8811CFFE8801" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mokosmart:mkgw1_gateway:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F5737CEE-E1E1-452B-82BE-B9318AD81354" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json index 04d677a1e10..85e3adf6f98 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51750", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T14:15:44.230", - "lastModified": "2024-01-18T19:15:09.587", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-22T19:09:58.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,92 @@ "value": "ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicaci\u00f3n Edge porque pueden ocurrir descargas de archivos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B2DF6031-830B-4CF6-8019-64A506B4C7CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json index c7614db2fa3..067e9d90de3 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51810", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.900", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T21:00:02.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,83 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en StackIdeas EasyDiscuss v.5.0.5 y corregida en v.5.0.10 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada al par\u00e1metro search en el m\u00f3dulo Users." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stackideas:easydiscuss:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "5.0.5", + "versionEndExcluding": "5.0.10", + "matchCriteriaId": "11BCF361-9D21-4A2D-902E-A7B20E3AB569" + } + ] + } + ] + } + ], "references": [ { "url": "http://easydiscuss.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://stackideas.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Pastea/CVE-2023-51810", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52068.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52068.json index 874e0f18567..a5153505534 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52068.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52068.json @@ -2,19 +2,78 @@ "id": "CVE-2023-52068", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T22:15:37.613", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:53:08.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que kodbox v1.43 conten\u00eda una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s de los registros de operaci\u00f3n e inicio de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kodcloud:kodbox:1.43:*:*:*:*:*:*:*", + "matchCriteriaId": "B8DE2FF6-E7C1-4FFF-987C-24DFE54AA378" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.mo60.cn/index.php/archives/Kodbox_Stored_Xss.html_Password_Kodbox_Stored_Xss1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json index 686e8136037..0c5ed679102 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5253", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-01-15T11:15:08.627", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:56:01.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.3.0", + "matchCriteriaId": "27F4311F-0751-4645-9BC7-05946A253330" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.3.0", + "matchCriteriaId": "D44D965F-3128-4F2C-A582-E84247A16CF5" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.nozominetworks.com/NN-2023:12-01", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6290.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6290.json new file mode 100644 index 00000000000..b101d9d8ee3 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6290.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6290", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.457", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6384.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6384.json new file mode 100644 index 00000000000..6cfeeb19376 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6384.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6384", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.507", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6447.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6447.json new file mode 100644 index 00000000000..e2f107befbe --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6447.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6447", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.553", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6456.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6456.json new file mode 100644 index 00000000000..9e26953626f --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6456.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6456", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.600", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/30f31412-8f94-4d5e-a080-3f6f669703cd/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json new file mode 100644 index 00000000000..b9207aef774 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6625", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.647", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/d483f7ce-cb3f-4fcb-b060-005cec0ea10f/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6626.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6626.json new file mode 100644 index 00000000000..fb92db791e5 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6626.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6626", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.697", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/327ae124-79eb-4e07-b029-e4f543cbd356/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json index 2b58fcc4bb7..8d1395fcf2a 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6683.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6683", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-12T19:15:11.480", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:50:27.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el servidor QEMU built-in VNC al procesar mensajes ClientCutText. Se puede acceder a la funci\u00f3n qemu_clipboard_request() antes de que se llamara a vnc_server_cut_text_caps() y tuviera la oportunidad de inicializar el par del portapapeles, lo que lleva a una desreferencia del puntero NULL. Esto podr\u00eda permitir que un cliente VNC autenticado malicioso bloquee QEMU y provoque una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +80,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6683", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254825", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json index f0f1786a2fa..492f6ee9bfe 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6915", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-15T10:15:26.627", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:59:18.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,18 +80,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.7", + "matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc7:*:*:*:*:*:*", + "matchCriteriaId": "81A7ABCB-0807-4AA2-8F4E-75E38D2E3FD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc8:*:*:*:*:*:*", + "matchCriteriaId": "B01471D6-2DB4-4AF2-8BE0-B5082B4B9253" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6915", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6991.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6991.json index 53bb9101601..7831ef8eaf4 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6991.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6991.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6991", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-15T16:15:12.743", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:31:34.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "El complemento JSM file_get_contents() Shortcode WordPress anterior a 2.7.1 no valida uno de los par\u00e1metros de su shortcode antes de realizar una solicitud, lo que podr\u00eda permitir a los usuarios con rol de colaborador y superior realizar ataques SSRF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:surniaulula:jsm_file_get_contents\\(\\)_shortcode:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.7.1", + "matchCriteriaId": "BFB267C2-6C58-4A59-AF58-A5D1104D905C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json new file mode 100644 index 00000000000..9e9c9e44706 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-7082", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.743", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7170.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7170.json new file mode 100644 index 00000000000..2933f28c7b0 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7170.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-7170", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.787", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/218fb3af-3a40-486f-8ea9-80211a986fb3/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7194.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7194.json new file mode 100644 index 00000000000..9caf40590dd --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7194.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-7194", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-22T20:15:47.833", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0204.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0204.json index 3723532228b..485f12385d7 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0204.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0204.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0204", "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "published": "2024-01-22T18:15:20.137", - "lastModified": "2024-01-22T18:15:20.137", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0430.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0430.json new file mode 100644 index 00000000000..5bd1a3fd6cb --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0430.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0430", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-01-22T19:15:09.210", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/davis/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.iobit.com/en/malware-fighter.php", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0490.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0490.json index 02fb1d4fc05..bf5e04ae306 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0490.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0490.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0490", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T14:15:46.067", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:24:45.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Huaxia ERP hasta 3.1. Ha sido calificada como problem\u00e1tica. Este problema afecta a alg\u00fan procesamiento desconocido del archivo /user/getAllList. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 3.2 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-250595." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,7 +85,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,20 +93,58 @@ "value": "CWE-200" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "8D44E462-6CF2-4D21-B053-C592EFB9D745" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250595", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250595", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0491.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0491.json index 645b48cc3e3..295b57c5946 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0491.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0491.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0491", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T15:15:08.503", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:26:12.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Huaxia ERP hasta 3.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo src/main/java/com/jsh/erp/controller/UserController.java es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 3.2 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-250596." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "8D44E462-6CF2-4D21-B053-C592EFB9D745" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250596", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250596", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0505.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0505.json index c88220f3fd6..1145f8baf8c 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0505.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0505.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0505", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T22:15:44.930", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:51:37.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en ZhongFuCheng3y Austin 1.0 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n getFile del archivo com/java3y/austin/web/controller/MaterialController.java del componente Upload Material Menu. La manipulaci\u00f3n conduce a una carga sin restricciones. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250619." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1CF4B35B-AC48-4E91-9D46-001BFE70A187" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.250619", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250619", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0510.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0510.json index 53f25f83cfc..c8cd0995bb4 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0510.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0510.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0510", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-13T22:15:45.180", - "lastModified": "2024-01-15T15:15:09.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:23:27.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -65,7 +85,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -73,24 +93,68 @@ "value": "CWE-918" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haokekeji:yiqiniu:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "79DF4ADE-CEE1-4072-8EB4-4BD2F113A987" + } + ] + } + ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/176547/HaoKeKeJi-YiQiNiu-Server-Side-Request-Forgery.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://note.zhaoj.in/share/gBtNhBb39u9u", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250652", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250652", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0517.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0517.json index bfe603ed5a3..3400f91776e 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0517.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0517.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0517", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-16T22:15:37.660", - "lastModified": "2024-01-19T04:15:09.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:53:16.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,108 @@ "value": "La escritura fuera de los l\u00edmites en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.224", + "matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1515930", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0518.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0518.json index 416bfce0707..68f6ecfa5da 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0518.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0518.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0518", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-16T22:15:37.710", - "lastModified": "2024-01-19T04:15:09.893", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:53:24.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,108 @@ "value": "La confusi\u00f3n de tipos en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.224", + "matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1507412", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0519.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0519.json index 3f30b8cb96d..7f7aedbebd5 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0519.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0519.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0519", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-16T22:15:37.753", - "lastModified": "2024-01-19T04:15:09.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:53:33.937", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2024-01-17", "cisaActionDue": "2024-02-07", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -18,23 +18,88 @@ "value": "El acceso a memoria fuera de los l\u00edmites en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.224", + "matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1517354", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0535.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0535.json index 73f077c4d28..eff4b8685b9 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0535.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0535.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0535", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T03:15:09.083", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:32:08.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*", + "matchCriteriaId": "F6091063-6B03-4B7F-B425-B4C37B057A74" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC86310B-B452-4CEF-986C-2BB4CC535A0A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250705", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250705", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0543.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0543.json index c01fde5077c..e4fa0bdf25d 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0543.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0543.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0543", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T06:15:07.960", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:44:33.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "E0401C14-6C13-4D44-8142-CD24F91DFD91" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.250713", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250713", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json index 7933e4a4607..0bba11dd21b 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0545", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T06:15:08.363", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:59:06.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "FEF866F6-7337-4C7D-855D-485E41B865EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.250714", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250714", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0546.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0546.json index 37c726c716c..a5523738d45 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0546.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0546", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T06:15:08.623", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:00:06.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easyftp:easyftp:1.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2C733781-323E-48BD-8144-09830DA7230A" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.250715", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250715", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0547.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0547.json index d588a77ace2..93f67daf3de 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0547.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0547.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0547", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T07:15:08.390", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:27:43.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -64,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +105,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codecrafters:ability_ftp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.34", + "matchCriteriaId": "0C750BDD-F301-425A-80B7-1F9336C5B4C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.250717", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250717", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0548.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0548.json index 6dbcdeaf160..569be700d99 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0548.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0548.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0548", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-15T07:15:09.020", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:27:21.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freefloat_ftp_server_project:freefloat_ftp_server:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E2D5A914-A327-4625-99E2-A7BB0196A71D" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.250718", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.250718", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json new file mode 100644 index 00000000000..60a8f2e92fc --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-0605", + "sourceIdentifier": "security@mozilla.org", + "published": "2024-01-22T19:15:09.423", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-03/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json new file mode 100644 index 00000000000..faa58d4b214 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-0606", + "sourceIdentifier": "security@mozilla.org", + "published": "2024-01-22T19:15:09.487", + "lastModified": "2024-01-22T20:28:17.417", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030", + "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-03/", + "source": "security@mozilla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json index 6d7c039fae4..c04986e9d26 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0778", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T16:15:08.320", - "lastModified": "2024-01-22T16:15:08.320", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json index 4c0d14d07bd..4ed33bb2722 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0781.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0781", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T16:15:08.577", - "lastModified": "2024-01-22T16:15:08.577", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0782.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0782.json index 84326a50bec..27d6535a1ef 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0782.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0782.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0782", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T17:15:09.290", - "lastModified": "2024-01-22T17:15:09.290", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0783.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0783.json index 9bede1fdc8e..83aea829492 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0783.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0783.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0783", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T18:15:20.393", - "lastModified": "2024-01-22T18:15:20.393", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0784.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0784.json index e65837eeec4..6711154ee5d 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0784.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0784.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0784", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T18:15:20.623", - "lastModified": "2024-01-22T18:15:20.623", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json index f18a1e9fb9c..ca9fc95d958 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21639.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21639", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-12T22:15:45.750", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:23:11.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e." + }, + { + "lang": "es", + "value": "CEF (Chromium Embedded Framework) es un framework simple para integrar navegadores basados en Chromium en otras aplicaciones. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` no verifica el tama\u00f1o de la memoria compartida, lo que genera lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024-01-05", + "matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21640.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21640.json index 64e233e10f8..6f414bc330a 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21640.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21640.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21640", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-13T08:15:07.340", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:20:59.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.\n\n" + }, + { + "lang": "es", + "value": "Chromium Embedded Framework (CEF) es un framework simple para incrustar navegadores basados en Chromium en otras aplicaciones. `CefVideoConsumerOSR::OnFrameCaptured` no verifica `pixel_format` correctamente, lo que lleva a lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024-01-05", + "matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json index 0dfedceebb7..d5dd20ea058 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21654.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21654", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-12T21:15:11.287", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:45:11.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a." + }, + { + "lang": "es", + "value": "Rubygems.org es el servicio de alojamiento de gemas de la comunidad Ruby. Los usuarios de Rubygems.org con MFA habilitado normalmente estar\u00edan protegidos contra la apropiaci\u00f3n de cuentas en el caso de la apropiaci\u00f3n de cuentas de correo electr\u00f3nico. Sin embargo, un workaround al formulario de contrase\u00f1a olvidada permite a un atacante omitir el requisito de MFA y apoderarse de la cuenta. Esta vulnerabilidad ha sido parcheada en el commit 0b3272a." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rubygems:rubygems.org:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024-01-08", + "matchCriteriaId": "556FCBC0-E749-4BA7-AAF7-94AB12A30E1F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22028.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22028.json index e91ab07e716..3a3581a07cf 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22028.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22028.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22028", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-15T07:15:09.507", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T20:22:47.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,220 @@ "value": "Existe un problema de documentaci\u00f3n t\u00e9cnica insuficiente en todas las versiones de firmware de la c\u00e1mara t\u00e9rmica serie TMC. El usuario del producto afectado no conoce los datos guardados internamente. Al acceder f\u00edsicamente al producto afectado, un atacante puede recuperar los datos internos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc01_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "98EEB41C-0F8C-4A26-A3BC-60653B4502C5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc01:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4970BECE-6B13-42AA-A5CC-BA61156797C5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc02_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "68A50A1E-64DD-4C58-B9E5-35EE6CA14FDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc02:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BCF69C40-D7BE-4CD1-840C-4D38D4098088" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc03_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DFBC978F-3938-44BA-8434-DEB10DCE0C12" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc03:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2C7D526D-D539-4C5B-97CF-4BF42865FF9C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc04_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "32F7B278-C4EA-4745-9CD8-31E3C8B182AB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc04:-:*:*:*:*:*:*:*", + "matchCriteriaId": "338343F1-FCEF-457A-ABF7-4D0C1FE683D3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc05_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BB209B1E-0EA7-4055-8A83-C9E15D852780" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc05:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8A6E1DF8-8C35-4AC0-B59A-F5ADE5319304" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:3rrr-btob:3r-tmc06_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "70B0BD30-194A-4ED3-AAEF-75624FA9527C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:3rrr-btob:3r-tmc06:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582D63B0-129D-4C07-9336-F7E98748571E" + } + ] + } + ] + } + ], "references": [ { "url": "https://3rrr-btob.jp/archives/news/23624", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://jvn.jp/en/jp/JVN96240417/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22124.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22124.json index cd69c317f5a..90081dcf22b 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22124.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22124.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22124", "sourceIdentifier": "cna@sap.com", "published": "2024-01-09T02:15:46.207", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:17:13.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,82 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*", + "matchCriteriaId": "87AABA4D-7683-47B4-BAF7-22AA42E074D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:kernel_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "D8A878F3-66B8-48B3-A5A7-7C79C0BB9E97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:kernel_7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "9A487D94-65DD-4A28-A723-84653167C5B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*", + "matchCriteriaId": "2D28A3C2-D601-405F-A17C-6A6EBE43DF31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22ext:*:*:*:*:*:*:*", + "matchCriteriaId": "CFA1A1F4-8C9C-42D2-9B77-4F4C6273EDDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22ext:*:*:*:*:*:*:*", + "matchCriteriaId": "09865240-EF11-4326-AC78-A1EE106CE81E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "E5EE3473-85C3-4878-A2CD-09942AA53A6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.22ext:*:*:*:*:*:*:*", + "matchCriteriaId": "E481B667-940B-49FA-B06B-FC219FE013E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "63068441-48F0-4775-B93E-14601858489E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "B646E701-8E48-4A0D-80F3-F41A0B61A0C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3392626", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22209.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22209.json index a80e0b70731..0725d2006f4 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22209.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22209.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22209", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-13T08:15:07.557", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:20:27.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f." + }, + { + "lang": "es", + "value": "Open edX Platform es una plataforma orientada a servicios para crear y ofrecer aprendizaje en l\u00ednea. Un usuario con un JWT y alcances m\u00e1s limitados podr\u00eda llamar a endpoints que excedan su acceso. Esta vulnerabilidad ha sido parcheada en el commit 019888f." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024-01-12", + "matchCriteriaId": "1BD13825-8465-4BC9-86A9-392515F89403" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json index b4cc9e2ea4f..4a8c30ab362 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22895.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22895", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T15:15:09.067", - "lastModified": "2024-01-22T15:15:09.067", - "vulnStatus": "Received", + "lastModified": "2024-01-22T19:10:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23301.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23301.json index 90c833e9bbc..84314b4d488 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23301.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23301.json @@ -2,23 +2,140 @@ "id": "CVE-2024-23301", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-12T23:15:10.030", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T19:21:26.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root." + }, + { + "lang": "es", + "value": "Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo s\u00f3lo ser\u00edan legibles por root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:relax-and-recover:relax-and-recover:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.7", + "matchCriteriaId": "0394E5CF-7545-4E22-8174-5767F1744C92" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/rear/rear/issues/3122", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/rear/rear/pull/3123", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index bd28ed40111..23f117b5358 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-22T19:00:24.994052+00:00 +2024-01-22T21:00:25.160876+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-22T18:58:13.877000+00:00 +2024-01-22T21:00:02.100000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236512 +236532 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `20` -* [CVE-2022-45790](CVE-2022/CVE-2022-457xx/CVE-2022-45790.json) (`2024-01-22T18:15:19.497`) -* [CVE-2022-45791](CVE-2022/CVE-2022-457xx/CVE-2022-45791.json) (`2024-01-22T18:15:19.710`) -* [CVE-2022-45792](CVE-2022/CVE-2022-457xx/CVE-2022-45792.json) (`2024-01-22T18:15:19.760`) -* [CVE-2022-45795](CVE-2022/CVE-2022-457xx/CVE-2022-45795.json) (`2024-01-22T18:15:19.953`) -* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-22T17:15:09.290`) -* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-22T18:15:20.137`) -* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-22T18:15:20.393`) -* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-22T18:15:20.623`) +* [CVE-2023-45193](CVE-2023/CVE-2023-451xx/CVE-2023-45193.json) (`2024-01-22T19:15:08.520`) +* [CVE-2023-47746](CVE-2023/CVE-2023-477xx/CVE-2023-47746.json) (`2024-01-22T19:15:08.730`) +* [CVE-2023-48118](CVE-2023/CVE-2023-481xx/CVE-2023-48118.json) (`2024-01-22T19:15:08.947`) +* [CVE-2023-50308](CVE-2023/CVE-2023-503xx/CVE-2023-50308.json) (`2024-01-22T19:15:09.003`) +* [CVE-2023-27859](CVE-2023/CVE-2023-278xx/CVE-2023-27859.json) (`2024-01-22T20:15:46.550`) +* [CVE-2023-47152](CVE-2023/CVE-2023-471xx/CVE-2023-47152.json) (`2024-01-22T20:15:46.890`) +* [CVE-2023-47158](CVE-2023/CVE-2023-471xx/CVE-2023-47158.json) (`2024-01-22T20:15:47.077`) +* [CVE-2023-47747](CVE-2023/CVE-2023-477xx/CVE-2023-47747.json) (`2024-01-22T20:15:47.267`) +* [CVE-2023-6290](CVE-2023/CVE-2023-62xx/CVE-2023-6290.json) (`2024-01-22T20:15:47.457`) +* [CVE-2023-6384](CVE-2023/CVE-2023-63xx/CVE-2023-6384.json) (`2024-01-22T20:15:47.507`) +* [CVE-2023-6447](CVE-2023/CVE-2023-64xx/CVE-2023-6447.json) (`2024-01-22T20:15:47.553`) +* [CVE-2023-6456](CVE-2023/CVE-2023-64xx/CVE-2023-6456.json) (`2024-01-22T20:15:47.600`) +* [CVE-2023-6625](CVE-2023/CVE-2023-66xx/CVE-2023-6625.json) (`2024-01-22T20:15:47.647`) +* [CVE-2023-6626](CVE-2023/CVE-2023-66xx/CVE-2023-6626.json) (`2024-01-22T20:15:47.697`) +* [CVE-2023-7082](CVE-2023/CVE-2023-70xx/CVE-2023-7082.json) (`2024-01-22T20:15:47.743`) +* [CVE-2023-7170](CVE-2023/CVE-2023-71xx/CVE-2023-7170.json) (`2024-01-22T20:15:47.787`) +* [CVE-2023-7194](CVE-2023/CVE-2023-71xx/CVE-2023-7194.json) (`2024-01-22T20:15:47.833`) +* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-22T19:15:09.210`) +* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-22T19:15:09.423`) +* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-22T19:15:09.487`) ### CVEs modified in the last Commit -Recently modified CVEs: `17` +Recently modified CVEs: `69` -* [CVE-2016-5002](CVE-2016/CVE-2016-50xx/CVE-2016-5002.json) (`2024-01-22T17:15:08.263`) -* [CVE-2016-5003](CVE-2016/CVE-2016-50xx/CVE-2016-5003.json) (`2024-01-22T17:15:08.393`) -* [CVE-2019-17570](CVE-2019/CVE-2019-175xx/CVE-2019-17570.json) (`2024-01-22T17:15:08.520`) -* [CVE-2022-34364](CVE-2022/CVE-2022-343xx/CVE-2022-34364.json) (`2024-01-22T17:15:08.683`) -* [CVE-2022-45793](CVE-2022/CVE-2022-457xx/CVE-2022-45793.json) (`2024-01-22T17:15:08.817`) -* [CVE-2022-45794](CVE-2022/CVE-2022-457xx/CVE-2022-45794.json) (`2024-01-22T17:15:08.910`) -* [CVE-2023-46316](CVE-2023/CVE-2023-463xx/CVE-2023-46316.json) (`2024-01-22T17:15:08.997`) -* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-22T17:15:09.080`) -* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2024-01-22T17:15:09.207`) -* [CVE-2023-49568](CVE-2023/CVE-2023-495xx/CVE-2023-49568.json) (`2024-01-22T17:57:41.193`) -* [CVE-2023-51698](CVE-2023/CVE-2023-516xx/CVE-2023-51698.json) (`2024-01-22T17:57:50.930`) -* [CVE-2023-34104](CVE-2023/CVE-2023-341xx/CVE-2023-34104.json) (`2024-01-22T18:15:20.003`) -* [CVE-2023-51751](CVE-2023/CVE-2023-517xx/CVE-2023-51751.json) (`2024-01-22T18:41:31.690`) -* [CVE-2023-49569](CVE-2023/CVE-2023-495xx/CVE-2023-49569.json) (`2024-01-22T18:57:03.500`) -* [CVE-2023-41056](CVE-2023/CVE-2023-410xx/CVE-2023-41056.json) (`2024-01-22T18:58:13.877`) -* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-22T17:15:09.523`) -* [CVE-2024-22206](CVE-2024/CVE-2024-222xx/CVE-2024-22206.json) (`2024-01-22T18:38:06.843`) +* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-01-22T19:10:26.333`) +* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-22T19:10:26.333`) +* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-22T19:10:26.333`) +* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-22T19:10:26.333`) +* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-22T19:10:26.333`) +* [CVE-2024-22124](CVE-2024/CVE-2024-221xx/CVE-2024-22124.json) (`2024-01-22T19:17:13.050`) +* [CVE-2024-22209](CVE-2024/CVE-2024-222xx/CVE-2024-22209.json) (`2024-01-22T19:20:27.757`) +* [CVE-2024-21640](CVE-2024/CVE-2024-216xx/CVE-2024-21640.json) (`2024-01-22T19:20:59.733`) +* [CVE-2024-23301](CVE-2024/CVE-2024-233xx/CVE-2024-23301.json) (`2024-01-22T19:21:26.297`) +* [CVE-2024-21639](CVE-2024/CVE-2024-216xx/CVE-2024-21639.json) (`2024-01-22T19:23:11.360`) +* [CVE-2024-0510](CVE-2024/CVE-2024-05xx/CVE-2024-0510.json) (`2024-01-22T19:23:27.007`) +* [CVE-2024-0490](CVE-2024/CVE-2024-04xx/CVE-2024-0490.json) (`2024-01-22T19:24:45.367`) +* [CVE-2024-0491](CVE-2024/CVE-2024-04xx/CVE-2024-0491.json) (`2024-01-22T19:26:12.493`) +* [CVE-2024-0535](CVE-2024/CVE-2024-05xx/CVE-2024-0535.json) (`2024-01-22T19:32:08.933`) +* [CVE-2024-21654](CVE-2024/CVE-2024-216xx/CVE-2024-21654.json) (`2024-01-22T19:45:11.213`) +* [CVE-2024-0505](CVE-2024/CVE-2024-05xx/CVE-2024-0505.json) (`2024-01-22T19:51:37.637`) +* [CVE-2024-0517](CVE-2024/CVE-2024-05xx/CVE-2024-0517.json) (`2024-01-22T19:53:16.533`) +* [CVE-2024-0518](CVE-2024/CVE-2024-05xx/CVE-2024-0518.json) (`2024-01-22T19:53:24.690`) +* [CVE-2024-0519](CVE-2024/CVE-2024-05xx/CVE-2024-0519.json) (`2024-01-22T19:53:33.937`) +* [CVE-2024-0545](CVE-2024/CVE-2024-05xx/CVE-2024-0545.json) (`2024-01-22T19:59:06.540`) +* [CVE-2024-0546](CVE-2024/CVE-2024-05xx/CVE-2024-0546.json) (`2024-01-22T20:00:06.307`) +* [CVE-2024-22028](CVE-2024/CVE-2024-220xx/CVE-2024-22028.json) (`2024-01-22T20:22:47.847`) +* [CVE-2024-0548](CVE-2024/CVE-2024-05xx/CVE-2024-0548.json) (`2024-01-22T20:27:21.670`) +* [CVE-2024-0547](CVE-2024/CVE-2024-05xx/CVE-2024-0547.json) (`2024-01-22T20:27:43.267`) +* [CVE-2024-0543](CVE-2024/CVE-2024-05xx/CVE-2024-0543.json) (`2024-01-22T20:44:33.327`) ## Download and Usage