admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-22T21:00:25.160876+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-22 21:00:28 +00:00
parent e0804eb00b
commit 73f6a79b40
90 changed files with 4621 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
CVE-2020/CVE-2020-367xx/CVE-2020-36770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-15T07:15:07.917",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:27:57.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "pkg_postinst en Gentoo ebuild para Slurm hasta 22.05.3 llama innecesariamente a chown para asignar la propiedad de root a los archivos en el sistema de archivos root activo. Esto podr\u00eda ser aprovechado por el usuario de slurm para convertirse en propietario de los archivos de propiedad root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gentoo:ebuild_for_slurm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.05.3",
"matchCriteriaId": "040141F1-CE3B-4E03-8286-A90A768AE613"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.gentoo.org/631552",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

4
CVE-2020/CVE-2020-367xx/CVE-2020-36772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36772",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T15:15:07.883",
"lastModified": "2024-01-22T15:15:07.883",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

74
CVE-2022/CVE-2022-15xx/CVE-2022-1563.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2022-1563",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.480",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:13:11.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL."
},
{
"lang": "es",
"value": "El complemento WPGraphQL WooCommerce WordPress anterior a 0.12.4 no impide que atacantes no autenticados enumeren los c\u00f3digos de cup\u00f3n y los valores de una tienda a trav\u00e9s de GraphQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpengine:wpgraphql:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.12.3",
"matchCriteriaId": "4F798CF6-18C1-4982-9B67-428E15BE677D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wp-graphql/wp-graphql-woocommerce/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Product"
]
},
{
"url": "https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-16xx/CVE-2022-1609.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-1609",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.530",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:59:05.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site."
},
{
"lang": "es",
"value": "El complemento de WordPress School Management anterior a 9.9.7 contiene una puerta trasera ofuscada inyectada en su c\u00f3digo de verificaci\u00f3n de licencia que registra un controlador de API REST, lo que permite a un atacante no autenticado ejecutar c\u00f3digo PHP arbitrario en el sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weblizar:school_management:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "9.9.7",
"matchCriteriaId": "F40014A3-9056-4A4F-A69E-FFA4FFB8D519"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-457xx/CVE-2022-45790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45790",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-22T18:15:19.497",
"lastModified": "2024-01-22T18:15:19.497",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-457xx/CVE-2022-45792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45792",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-22T18:15:19.760",
"lastModified": "2024-01-22T18:15:19.760",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-02xx/CVE-2023-0224.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-0224",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.440",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:53:57.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks"
},
{
"lang": "es",
"value": "El complemento de WordPress GiveWP anterior a 2.24.1 no escapa correctamente a la entrada del usuario antes de llegar a las consultas SQL, lo que podr\u00eda permitir a atacantes no autenticados realizar ataques de inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.24.1",
"matchCriteriaId": "2F6FDD3A-0940-49BC-85E1-873BB889C391"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://givewp.com/core-2-24-0-vulnerability-patched/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-03xx/CVE-2023-0376.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-0376",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.487",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:51:19.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento Qubely WordPress anterior a 1.8.5 no valida ni escapa algunas de sus opciones de bloqueo antes de devolverlas a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de cross site scripting almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:qubely:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.5",
"matchCriteriaId": "4506F22E-0603-4CCD-9D55-0DACA4E11A50"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b1aa6f32-c1d5-4fc6-9a4e-d4c5fae78389/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-03xx/CVE-2023-0389.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-0389",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.533",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:51:39.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento de WordPress Calculated Fields Form anterior a 1.1.151 no sanitiza ni escapa a algunas de sus configuraciones de formulario, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.151",
"matchCriteriaId": "3D878CC7-CC35-4E37-89A4-9FE302620A41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/090a3922-febc-4294-82d2-d8339d461893/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-04xx/CVE-2023-0479.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-0479",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.580",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:50:38.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding."
},
{
"lang": "es",
"value": "El complemento Print Invoice & Delivery Notes para WooCommerce WordPress anterior a 4.7.2 es vulnerable al XSS reflejado al hacer eco de un valor GET en una nota administrativa dentro de la p\u00e1gina de pedidos de WooCommerce. Esto significa que esta vulnerabilidad puede ser aprovechada por usuarios con la capacidad edit_others_shop_orders. WooCommerce debe estar instalado y activo. Esta vulnerabilidad es causada por un urldecode() despu\u00e9s de la limpieza con esc_url_raw(), lo que permite la doble codificaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:print_invoice_\\&_delivery_notes_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.2",
"matchCriteriaId": "57D900AB-BC91-4C85-91AD-F0A836DC5960"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/50963747-ae8e-42b4-bb42-cc848be7b92e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-07xx/CVE-2023-0769.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-0769",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.623",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:29:24.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins."
},
{
"lang": "es",
"value": "El complemento hiWeb Migration Simple WordPress hasta la versi\u00f3n 2.0.0.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera una cross site scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como los administradores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hiweb:migration_simple:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0.1",
"matchCriteriaId": "9FE953E1-3EE8-43BE-BCCA-8236EEEC8A89"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/1d4a2f0e-a371-4e27-98de-528e070f41b0/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-08xx/CVE-2023-0824.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-0824",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.670",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:37:19.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento de WordPress User registration & user profile hasta la versi\u00f3n 2.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3ny escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado agregue payloads XSS almacenadas a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "10FC21CA-67E9-48F5-A3FE-631CC022A9BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/48a3a542-9130-4524-9d19-ff9eccecb148/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-278xx/CVE-2023-27859.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-27859",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T20:15:46.550",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105503",
"source": "psirt@us.ibm.com"
}
]
}

72
CVE-2023/CVE-2023-288xx/CVE-2023-28897.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28897",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-01-12T16:15:51.210",
"lastModified": "2024-01-12T17:06:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:53:52.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.\n\nVulnerability discovered on \u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n"
},
{
"lang": "es",
"value": "El valor secreto utilizado para acceder a los servicios UDS cr\u00edticos del infotainment MIB3 est\u00e1 codificado en el firmware. Vulnerabilidad descubierta en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -46,10 +80,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*",
"matchCriteriaId": "63385CB3-F944-48CF-A3F5-25091F86F2A9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-28897",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-288xx/CVE-2023-28898.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28898",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-01-12T16:15:51.747",
"lastModified": "2024-01-12T17:06:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:52:50.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.\n\nVulnerability discovered on \u0160koda Superb III (3V3) - 2.0 TDI manufactured in 2022.\n"
},
{
"lang": "es",
"value": "La implementaci\u00f3n de Real-Time Streaming Protocol en el infotainment MIB3 maneja incorrectamente las solicitudes al URI /logs, cuando el par\u00e1metro id es igual a cero. Este problema permite que un atacante conectado a la red Wi-Fi del veh\u00edculo provoque una denegaci\u00f3n de servicio del sistema de infotainment, cuando se cumplen ciertas condiciones previas. Vulnerabilidad descubierta en \u0160koda Superb III (3V3) - 2.0 TDI fabricado en 2022."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -46,10 +80,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*",
"matchCriteriaId": "63385CB3-F944-48CF-A3F5-25091F86F2A9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD"
}
]
}
]
}
],
"references": [
{
"url": "https://nonexistent.com",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Broken Link"
]
}
]
}

74
CVE-2023/CVE-2023-288xx/CVE-2023-28899.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28899",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-01-12T17:15:09.000",
"lastModified": "2024-01-12T18:05:43.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:52:12.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.\u00a0"
},
{
"lang": "es",
"value": "Al enviar una solicitud de reinicio UDS espec\u00edfica a trav\u00e9s del puerto OBDII de los veh\u00edculos Skoda, es posible provocar el apagado del motor del veh\u00edculo y la denegaci\u00f3n de servicio de otros componentes del veh\u00edculo incluso cuando el veh\u00edculo se mueve a alta velocidad. Ninguna funci\u00f3n cr\u00edtica de seguridad se ve afectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -34,10 +58,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:skoda-auto:superb_3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A672066E-F623-4330-800B-C88631224BCC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4459588C-A162-465D-BCC1-4719B657DBDD"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-28899",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-31xx/CVE-2023-3178.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-3178",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:11.243",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:43:34.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento POST SMTP Mailer de WordPress anterior a 2.5.7 no tiene comprobaciones CSRF adecuadas en algunas acciones AJAX, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados con la capacidad de Manage_postman_smtp eliminen registros arbitrarios mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.7",
"matchCriteriaId": "AACA58B5-42D5-4C1F-8B91-80569638003E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-32xx/CVE-2023-3211.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-3211",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:11.290",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:46:53.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection."
},
{
"lang": "es",
"value": "El complemento WordPress Database Administrator de WordPress hasta la versi\u00f3n 1.0.3 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL a trav\u00e9s de una acci\u00f3n AJAX disponible para usuarios no autenticados, lo que lleva a una inyecci\u00f3n de SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dmparekh:wordpress_database_administrator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "CFF49253-B421-47BA-989A-D9CBE1B88DDD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/873824f0-e8b1-45bd-8579-bc3c649a54e5/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-334xx/CVE-2023-33472.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-33472",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.060",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:21:10.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Scada-LTS v2.7.5.2 build 4551883606 y anteriores, que permite a atacantes remotos con autenticaci\u00f3n de bajo nivel escalar privilegios, ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n Event Handlers."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.7.5.2",
"matchCriteriaId": "6BC46BD6-BCA0-45AE-BCF2-B7967186449C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://hev0x.github.io/posts/scadalts-cve-2023-33472/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-33xx/CVE-2023-3372.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-3372",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:11.350",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:46:01.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento de WordPress Lana Shortcodes anterior a 1.2.0 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode, lo que permite a los usuarios con el rol de colaborador y superiores realizar ataques de cross site scripting almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lana:lana_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "38863CC9-BAFE-4512-B52B-7260FD3BA1C7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/3396b734-9a10-4070-802d-f9d01cc6eb74/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-36xx/CVE-2023-3647.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-3647",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:11.420",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:48:26.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento de WordPress IURNY by INDIGITALL anterior a 3.2.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:indigitall:iurny:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.3",
"matchCriteriaId": "9B06C982-D9D5-439A-929B-6E2B0539E340"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/6df05333-b1f1-4324-a1ba-dd36fbf1778c/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-380xx/CVE-2023-38039.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38039",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-15T04:15:10.127",
"lastModified": "2023-12-12T21:15:08.123",
"lastModified": "2024-01-22T19:15:08.230",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -122,6 +122,18 @@
"url": "https://security.netapp.com/advisory/ntap-20231013-0005/",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214058",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214063",
"source": "support@hackerone.com"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023064",
"source": "support@hackerone.com"

16
CVE-2023/CVE-2023-385xx/CVE-2023-38545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38545",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.077",
"lastModified": "2024-01-21T02:23:03.223",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-22T19:15:08.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -138,6 +138,18 @@
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214058",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214063",
"source": "support@hackerone.com"
},
{
"url": "https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/",
"source": "support@hackerone.com",

14
CVE-2023/CVE-2023-385xx/CVE-2023-38546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38546",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.137",
"lastModified": "2023-10-28T03:15:08.267",
"lastModified": "2024-01-22T19:15:08.437",
"vulnStatus": "Modified",
"descriptions": [
{
@ -81,6 +81,18 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214058",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214063",
"source": "support@hackerone.com"
}
]
}

68
CVE-2023/CVE-2023-396xx/CVE-2023-39691.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-39691",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T22:15:37.520",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:52:59.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request."
},
{
"lang": "es",
"value": "Un problema descubierto en kodbox hasta la versi\u00f3n 1.43 permite a los atacantes agregar arbitrariamente cuentas de administrador mediante una solicitud GET manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodbox:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.43",
"matchCriteriaId": "E9885CBB-DB95-45EE-ABFF-CDB1CDB43391"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.mo60.cn/index.php/archives/kodbox_Logical.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-416xx/CVE-2023-41619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41619",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T01:15:34.233",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:54:00.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Se descubri\u00f3 que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s del componente /admin/article.php?action=write."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*",
"matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41619",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/emlog/emlog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
}
]
}

4
CVE-2023/CVE-2023-443xx/CVE-2023-44395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44395",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T15:15:08.037",
"lastModified": "2024-01-22T15:15:08.037",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-451xx/CVE-2023-45193.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45193",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T19:15:08.520",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105501",
"source": "psirt@us.ibm.com"
}
]
}

71
CVE-2023/CVE-2023-462xx/CVE-2023-46226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46226",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-15T11:15:07.963",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:56:58.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 1.0.0 hasta 1.2.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.3.0, que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "209BEA6C-C5D8-482C-AB70-02A215CC0F99"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

68
CVE-2023/CVE-2023-467xx/CVE-2023-46749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46749",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-15T10:15:26.380",
"lastModified": "2024-01-20T10:15:07.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:22:01.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Apache Shiro anterior a 1.130 o 2.0.0-alpha-4 puede ser susceptible a un ataque de path traversal que da como resultado una omisi\u00f3n de autenticaci\u00f3n cuando se usa junto con path rewriting. Mitigaci\u00f3n: actualice a Apache Shiro 1.13.0+ o 2.0.0-alpha- 4+, o aseg\u00farese de que `blockSemicolon` est\u00e9 habilitado (este es el valor predeterminado)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,10 +50,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13.0",
"matchCriteriaId": "4506F25B-7525-4608-9541-2FA9A31C72BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "27D6F919-851F-470D-A8E7-0F56C1EA16FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "A759179A-E4A9-4A6A-9CCB-5BB9CC73F7E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "637D39D2-0D98-4137-8D48-C6D8834E07B3"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-468xx/CVE-2023-46846.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46846",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:07.953",
"lastModified": "2024-01-09T02:15:44.380",
"lastModified": "2024-01-22T20:15:46.730",
"vulnStatus": "Modified",
"descriptions": [
{
@ -289,6 +289,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/",
"source": "secalert@redhat.com",

47
CVE-2023/CVE-2023-471xx/CVE-2023-47152.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-47152",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T20:15:46.890",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105605",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-471xx/CVE-2023-47158.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47158",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T20:15:47.077",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105496",
"source": "psirt@us.ibm.com"
}
]
}

69
CVE-2023/CVE-2023-474xx/CVE-2023-47460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47460",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T01:15:34.327",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:37:30.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Knovos Discovery v.22.67.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knovos:discovery:22.67.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81B34BDE-17F1-4945-9C22-7038C9EF61F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aleksey-vi/CVE-2023-47460",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.knovos.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

59
CVE-2023/CVE-2023-477xx/CVE-2023-47746.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47746",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T19:15:08.730",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105505",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-477xx/CVE-2023-47747.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-47747",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T20:15:47.267",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105502",
"source": "psirt@us.ibm.com"
}
]
}

69
CVE-2023/CVE-2023-481xx/CVE-2023-48104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48104",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T01:15:34.370",
"lastModified": "2024-01-17T19:15:08.243",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:05:46.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Alinto SOGo 5.8.0 es vulnerable a la inyecci\u00f3n de HTML."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.9.1",
"matchCriteriaId": "76C1BB1F-C1CB-42D3-B7C8-DFBB4A680D19"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/E1tex/CVE-2023-48104",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-481xx/CVE-2023-48118.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48118",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T19:15:08.947",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.quest-analytics.com/",
"source": "cve@mitre.org"
}
]
}

72
CVE-2023/CVE-2023-481xx/CVE-2023-48166.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-48166",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T23:15:08.727",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:21:48.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de directory traversal en el servidor SOAP integrado en Atos Unify OpenScape Voice V10 anterior a V10R3.26.1 permite a un atacante remoto ver el contenido de archivos arbitrarios en el sistema de archivos local. Un atacante no autenticado podr\u00eda obtener archivos confidenciales que permitan comprometer el sistema subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unify:openscape_voice:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "98171884-CD1A-48B4-934B-309C7D14DCFD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://labs.integrity.pt/advisories/cve-2023-48166/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-498xx/CVE-2023-49801.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49801",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:09.943",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:49:34.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0."
},
{
"lang": "es",
"value": "Lif Auth Server es un servidor para validar inicios de sesi\u00f3n, administrar informaci\u00f3n y recuperar cuentas para cuentas Lif. El problema se relaciona con las rutas `get_pfp` y `get_banner` en Auth Server. El problema es que no hay ninguna verificaci\u00f3n para garantizar que el archivo que recibe el Auth Server a trav\u00e9s de estas URL sea correcto. Esto podr\u00eda permitir que un atacante acceda a archivos a los que no deber\u00eda tener acceso. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lifplatforms:lif_auth_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.0",
"matchCriteriaId": "2BC6696D-4032-4C27-A31E-EB497683D262"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-502xx/CVE-2023-50290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50290",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-15T10:15:26.527",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:04:50.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,44 @@
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Apache Solr. La API de Solr Metrics publica todas las variables de entorno desprotegidas disponibles para cada instancia de Apache Solr. Los usuarios pueden especificar qu\u00e9 variables de entorno ocultar; sin embargo, la lista predeterminada est\u00e1 dise\u00f1ada para funcionar con propiedades secretas conocidas del sistema Java. Las variables de entorno no se pueden definir estrictamente en Solr, como pueden serlo las propiedades del sistema Java, y pueden configurarse para todo el host, a diferencia de las propiedades del sistema Java que se configuran por proceso Java. La API de Solr Metrics est\u00e1 protegida por el permiso de \"metrics-read\". Por lo tanto, las nubes Solr con configuraci\u00f3n de autorizaci\u00f3n solo ser\u00e1n vulnerables a trav\u00e9s de usuarios con el permiso de \"metrics-read\". Este problema afecta a Apache Solr: desde 9.0.0 antes de 9.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.3.0 o posterior, en la que las variables de entorno no se publican a trav\u00e9s de la API de m\u00e9tricas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -27,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.3.0",
"matchCriteriaId": "E1EF37F2-A898-4CF3-A122-1EEA13E6DDA4"
}
]
}
]
}
],
"references": [
{
"url": "https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-503xx/CVE-2023-50308.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50308",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T19:15:09.003",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105506",
"source": "psirt@us.ibm.com"
}
]
}

82
CVE-2023/CVE-2023-510xx/CVE-2023-51059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T02:15:28.480",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:43:30.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Un problema en MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente de gesti\u00f3n de sesiones de la interfaz web administrativa."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mokosmart:mkgw1_gateway_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.1",
"matchCriteriaId": "22F6F0CE-664E-4A2B-AE89-8811CFFE8801"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mokosmart:mkgw1_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5737CEE-E1E1-452B-82BE-B9318AD81354"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

85
CVE-2023/CVE-2023-517xx/CVE-2023-51750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51750",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T14:15:44.230",
"lastModified": "2024-01-18T19:15:09.587",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-22T19:09:58.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,92 @@
"value": "ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicaci\u00f3n Edge porque pueden ocurrir descargas de archivos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DF6031-830B-4CF6-8019-64A506B4C7CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-518xx/CVE-2023-51810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51810",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T01:15:34.900",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T21:00:02.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,83 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en StackIdeas EasyDiscuss v.5.0.5 y corregida en v.5.0.10 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada al par\u00e1metro search en el m\u00f3dulo Users."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stackideas:easydiscuss:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "5.0.5",
"versionEndExcluding": "5.0.10",
"matchCriteriaId": "11BCF361-9D21-4A2D-902E-A7B20E3AB569"
}
]
}
]
}
],
"references": [
{
"url": "http://easydiscuss.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://stackideas.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Pastea/CVE-2023-51810",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-520xx/CVE-2023-52068.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-52068",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T22:15:37.613",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:53:08.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que kodbox v1.43 conten\u00eda una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s de los registros de operaci\u00f3n e inicio de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodbox:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DE2FF6-E7C1-4FFF-987C-24DFE54AA378"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.mo60.cn/index.php/archives/Kodbox_Stored_Xss.html_Password_Kodbox_Stored_Xss1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5253",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-01-15T11:15:08.627",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:56:01.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.3.0",
"matchCriteriaId": "27F4311F-0751-4645-9BC7-05946A253330"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.3.0",
"matchCriteriaId": "D44D965F-3128-4F2C-A582-E84247A16CF5"
}
]
}
]
}
],
"references": [
{
"url": "https://security.nozominetworks.com/NN-2023:12-01",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-62xx/CVE-2023-6290.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6290",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.457",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-63xx/CVE-2023-6384.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6384",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.507",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-64xx/CVE-2023-6447.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6447",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.553",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-64xx/CVE-2023-6456.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6456",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.600",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/30f31412-8f94-4d5e-a080-3f6f669703cd/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-66xx/CVE-2023-6625.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6625",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.647",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d483f7ce-cb3f-4fcb-b060-005cec0ea10f/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-66xx/CVE-2023-6626.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-6626",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.697",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/327ae124-79eb-4e07-b029-e4f543cbd356/",
"source": "contact@wpscan.com"
}
]
}

86
CVE-2023/CVE-2023-66xx/CVE-2023-6683.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6683",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-12T19:15:11.480",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:50:27.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el servidor QEMU built-in VNC al procesar mensajes ClientCutText. Se puede acceder a la funci\u00f3n qemu_clipboard_request() antes de que se llamara a vnc_server_cut_text_caps() y tuviera la oportunidad de inicializar el par del portapapeles, lo que lleva a una desreferencia del puntero NULL. Esto podr\u00eda permitir que un cliente VNC autenticado malicioso bloquee QEMU y provoque una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6683",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254825",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

97
CVE-2023/CVE-2023-69xx/CVE-2023-6915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6915",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T10:15:26.627",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:59:18.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc7:*:*:*:*:*:*",
"matchCriteriaId": "81A7ABCB-0807-4AA2-8F4E-75E38D2E3FD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc8:*:*:*:*:*:*",
"matchCriteriaId": "B01471D6-2DB4-4AF2-8BE0-B5082B4B9253"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6915",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254982",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-69xx/CVE-2023-6991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6991",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-15T16:15:12.743",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:31:34.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento JSM file_get_contents() Shortcode WordPress anterior a 2.7.1 no valida uno de los par\u00e1metros de su shortcode antes de realizar una solicitud, lo que podr\u00eda permitir a los usuarios con rol de colaborador y superior realizar ataques SSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:surniaulula:jsm_file_get_contents\\(\\)_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.1",
"matchCriteriaId": "BFB267C2-6C58-4A59-AF58-A5D1104D905C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-70xx/CVE-2023-7082.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7082",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.743",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-71xx/CVE-2023-7170.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7170",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.787",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/218fb3af-3a40-486f-8ea9-80211a986fb3/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-71xx/CVE-2023-7194.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-7194",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.833",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe",
"source": "contact@wpscan.com"
}
]
}

4
CVE-2024/CVE-2024-02xx/CVE-2024-0204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0204",
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"published": "2024-01-22T18:15:20.137",
"lastModified": "2024-01-22T18:15:20.137",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2024/CVE-2024-04xx/CVE-2024-0430.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0430",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-22T19:15:09.210",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/davis/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.iobit.com/en/malware-fighter.php",
"source": "help@fluidattacks.com"
}
]
}

74
CVE-2024/CVE-2024-04xx/CVE-2024-0490.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0490",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T14:15:46.067",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:24:45.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Huaxia ERP hasta 3.1. Ha sido calificada como problem\u00e1tica. Este problema afecta a alg\u00fan procesamiento desconocido del archivo /user/getAllList. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 3.2 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-250595."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,58 @@
"value": "CWE-200"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "8D44E462-6CF2-4D21-B053-C592EFB9D745"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250595",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250595",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-04xx/CVE-2024-0491.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0491",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T15:15:08.503",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:26:12.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Huaxia ERP hasta 3.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo src/main/java/com/jsh/erp/controller/UserController.java es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 3.2 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-250596."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "8D44E462-6CF2-4D21-B053-C592EFB9D745"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250596",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250596",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-05xx/CVE-2024-0505.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0505",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T22:15:44.930",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:51:37.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en ZhongFuCheng3y Austin 1.0 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n getFile del archivo com/java3y/austin/web/controller/MaterialController.java del componente Upload Material Menu. La manipulaci\u00f3n conduce a una carga sin restricciones. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250619."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF4B35B-AC48-4E91-9D46-001BFE70A187"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.250619",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250619",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-05xx/CVE-2024-0510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0510",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-13T22:15:45.180",
"lastModified": "2024-01-15T15:15:09.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:23:27.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -73,24 +93,68 @@
"value": "CWE-918"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haokekeji:yiqiniu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "79DF4ADE-CEE1-4072-8EB4-4BD2F113A987"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176547/HaoKeKeJi-YiQiNiu-Server-Side-Request-Forgery.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://note.zhaoj.in/share/gBtNhBb39u9u",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250652",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250652",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

99
CVE-2024/CVE-2024-05xx/CVE-2024-0517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0517",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-16T22:15:37.660",
"lastModified": "2024-01-19T04:15:09.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:53:16.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,108 @@
"value": "La escritura fuera de los l\u00edmites en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.224",
"matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1515930",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
}
]
}

99
CVE-2024/CVE-2024-05xx/CVE-2024-0518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0518",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-16T22:15:37.710",
"lastModified": "2024-01-19T04:15:09.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:53:24.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,108 @@
"value": "La confusi\u00f3n de tipos en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.224",
"matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1507412",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
}
]
}

79
CVE-2024/CVE-2024-05xx/CVE-2024-0519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0519",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-16T22:15:37.753",
"lastModified": "2024-01-19T04:15:09.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:53:33.937",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-17",
"cisaActionDue": "2024-02-07",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -18,23 +18,88 @@
"value": "El acceso a memoria fuera de los l\u00edmites en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "120.0.6099.224",
"matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1517354",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
}
]
}

69
CVE-2024/CVE-2024-05xx/CVE-2024-0535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0535",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T03:15:09.083",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:32:08.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F6091063-6B03-4B7F-B425-B4C37B057A74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC86310B-B452-4CEF-986C-2BB4CC535A0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250705",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250705",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-05xx/CVE-2024-0543.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0543",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T06:15:07.960",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:44:33.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "E0401C14-6C13-4D44-8142-CD24F91DFD91"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.250713",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250713",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-05xx/CVE-2024-0545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0545",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T06:15:08.363",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:59:06.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,14 +95,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF866F6-7337-4C7D-855D-485E41B865EB"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.250714",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250714",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-05xx/CVE-2024-0546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0546",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T06:15:08.623",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:00:06.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easyftp:easyftp:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C733781-323E-48BD-8144-09830DA7230A"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.250715",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250715",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-05xx/CVE-2024-0547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0547",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T07:15:08.390",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:27:43.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codecrafters:ability_ftp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.34",
"matchCriteriaId": "0C750BDD-F301-425A-80B7-1F9336C5B4C7"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.250717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2024/CVE-2024-05xx/CVE-2024-0548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0548",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T07:15:09.020",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:27:21.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freefloat_ftp_server_project:freefloat_ftp_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D5A914-A327-4625-99E2-A7BB0196A71D"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.250718",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250718",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

24
CVE-2024/CVE-2024-06xx/CVE-2024-0605.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0605",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-22T19:15:09.423",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-03/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-06xx/CVE-2024-0606.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0606",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-22T19:15:09.487",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-03/",
"source": "security@mozilla.org"
}
]
}

4
CVE-2024/CVE-2024-07xx/CVE-2024-0778.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0778",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T16:15:08.320",
"lastModified": "2024-01-22T16:15:08.320",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-07xx/CVE-2024-0781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0781",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T16:15:08.577",
"lastModified": "2024-01-22T16:15:08.577",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-07xx/CVE-2024-0782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0782",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T17:15:09.290",
"lastModified": "2024-01-22T17:15:09.290",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-07xx/CVE-2024-0783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0783",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T18:15:20.393",
"lastModified": "2024-01-22T18:15:20.393",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-07xx/CVE-2024-0784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0784",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T18:15:20.623",
"lastModified": "2024-01-22T18:15:20.623",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
CVE-2024/CVE-2024-216xx/CVE-2024-21639.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21639",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T22:15:45.750",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:23:11.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."
},
{
"lang": "es",
"value": "CEF (Chromium Embedded Framework) es un framework simple para integrar navegadores basados en Chromium en otras aplicaciones. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` no verifica el tama\u00f1o de la memoria compartida, lo que genera lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-01-05",
"matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-216xx/CVE-2024-21640.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21640",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-13T08:15:07.340",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:20:59.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.\n\n"
},
{
"lang": "es",
"value": "Chromium Embedded Framework (CEF) es un framework simple para incrustar navegadores basados en Chromium en otras aplicaciones. `CefVideoConsumerOSR::OnFrameCaptured` no verifica `pixel_format` correctamente, lo que lleva a lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-01-05",
"matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-216xx/CVE-2024-21654.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21654",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:11.287",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:45:11.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a."
},
{
"lang": "es",
"value": "Rubygems.org es el servicio de alojamiento de gemas de la comunidad Ruby. Los usuarios de Rubygems.org con MFA habilitado normalmente estar\u00edan protegidos contra la apropiaci\u00f3n de cuentas en el caso de la apropiaci\u00f3n de cuentas de correo electr\u00f3nico. Sin embargo, un workaround al formulario de contrase\u00f1a olvidada permite a un atacante omitir el requisito de MFA y apoderarse de la cuenta. Esta vulnerabilidad ha sido parcheada en el commit 0b3272a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubygems:rubygems.org:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-01-08",
"matchCriteriaId": "556FCBC0-E749-4BA7-AAF7-94AB12A30E1F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

215
CVE-2024/CVE-2024-220xx/CVE-2024-22028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22028",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-15T07:15:09.507",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T20:22:47.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,220 @@
"value": "Existe un problema de documentaci\u00f3n t\u00e9cnica insuficiente en todas las versiones de firmware de la c\u00e1mara t\u00e9rmica serie TMC. El usuario del producto afectado no conoce los datos guardados internamente. Al acceder f\u00edsicamente al producto afectado, un atacante puede recuperar los datos internos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc01_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98EEB41C-0F8C-4A26-A3BC-60653B4502C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc01:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4970BECE-6B13-42AA-A5CC-BA61156797C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc02_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68A50A1E-64DD-4C58-B9E5-35EE6CA14FDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc02:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF69C40-D7BE-4CD1-840C-4D38D4098088"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc03_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBC978F-3938-44BA-8434-DEB10DCE0C12"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc03:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D526D-D539-4C5B-97CF-4BF42865FF9C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc04_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32F7B278-C4EA-4745-9CD8-31E3C8B182AB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc04:-:*:*:*:*:*:*:*",
"matchCriteriaId": "338343F1-FCEF-457A-ABF7-4D0C1FE683D3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc05_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB209B1E-0EA7-4055-8A83-C9E15D852780"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc05:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E1DF8-8C35-4AC0-B59A-F5ADE5319304"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc06_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B0BD30-194A-4ED3-AAEF-75624FA9527C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc06:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582D63B0-129D-4C07-9336-F7E98748571E"
}
]
}
]
}
],
"references": [
{
"url": "https://3rrr-btob.jp/archives/news/23624",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://jvn.jp/en/jp/JVN96240417/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-221xx/CVE-2024-22124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22124",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:46.207",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:17:13.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "cna@sap.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "87AABA4D-7683-47B4-BAF7-22AA42E074D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A878F3-66B8-48B3-A5A7-7C79C0BB9E97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9A487D94-65DD-4A28-A723-84653167C5B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2D28A3C2-D601-405F-A17C-6A6EBE43DF31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA1A1F4-8C9C-42D2-9B77-4F4C6273EDDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "09865240-EF11-4326-AC78-A1EE106CE81E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E5EE3473-85C3-4878-A2CD-09942AA53A6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "E481B667-940B-49FA-B06B-FC219FE013E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63068441-48F0-4775-B93E-14601858489E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver:webdisp_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "B646E701-8E48-4A0D-80F3-F41A0B61A0C9"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3392626",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Not Applicable"
]
}
]
}

62
CVE-2024/CVE-2024-222xx/CVE-2024-22209.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22209",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-13T08:15:07.557",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:20:27.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f."
},
{
"lang": "es",
"value": "Open edX Platform es una plataforma orientada a servicios para crear y ofrecer aprendizaje en l\u00ednea. Un usuario con un JWT y alcances m\u00e1s limitados podr\u00eda llamar a endpoints que excedan su acceso. Esta vulnerabilidad ha sido parcheada en el commit 019888f."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-01-12",
"matchCriteriaId": "1BD13825-8465-4BC9-86A9-392515F89403"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-228xx/CVE-2024-22895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22895",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T15:15:09.067",
"lastModified": "2024-01-22T15:15:09.067",
"vulnStatus": "Received",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

127
CVE-2024/CVE-2024-233xx/CVE-2024-23301.json
View File

@ -2,23 +2,140 @@
"id": "CVE-2024-23301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T23:15:10.030",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T19:21:26.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root."
},
{
"lang": "es",
"value": "Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo s\u00f3lo ser\u00edan legibles por root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:relax-and-recover:relax-and-recover:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.7",
"matchCriteriaId": "0394E5CF-7545-4E22-8174-5767F1744C92"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rear/rear/issues/3122",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/rear/rear/pull/3123",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-22T19:00:24.994052+00:00
2024-01-22T21:00:25.160876+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-22T18:58:13.877000+00:00
2024-01-22T21:00:02.100000+00:00
```
### Last Data Feed Release
@ -29,44 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236512
236532
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `20`
* [CVE-2022-45790](CVE-2022/CVE-2022-457xx/CVE-2022-45790.json) (`2024-01-22T18:15:19.497`)
* [CVE-2022-45791](CVE-2022/CVE-2022-457xx/CVE-2022-45791.json) (`2024-01-22T18:15:19.710`)
* [CVE-2022-45792](CVE-2022/CVE-2022-457xx/CVE-2022-45792.json) (`2024-01-22T18:15:19.760`)
* [CVE-2022-45795](CVE-2022/CVE-2022-457xx/CVE-2022-45795.json) (`2024-01-22T18:15:19.953`)
* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-22T17:15:09.290`)
* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-22T18:15:20.137`)
* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-22T18:15:20.393`)
* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-22T18:15:20.623`)
* [CVE-2023-45193](CVE-2023/CVE-2023-451xx/CVE-2023-45193.json) (`2024-01-22T19:15:08.520`)
* [CVE-2023-47746](CVE-2023/CVE-2023-477xx/CVE-2023-47746.json) (`2024-01-22T19:15:08.730`)
* [CVE-2023-48118](CVE-2023/CVE-2023-481xx/CVE-2023-48118.json) (`2024-01-22T19:15:08.947`)
* [CVE-2023-50308](CVE-2023/CVE-2023-503xx/CVE-2023-50308.json) (`2024-01-22T19:15:09.003`)
* [CVE-2023-27859](CVE-2023/CVE-2023-278xx/CVE-2023-27859.json) (`2024-01-22T20:15:46.550`)
* [CVE-2023-47152](CVE-2023/CVE-2023-471xx/CVE-2023-47152.json) (`2024-01-22T20:15:46.890`)
* [CVE-2023-47158](CVE-2023/CVE-2023-471xx/CVE-2023-47158.json) (`2024-01-22T20:15:47.077`)
* [CVE-2023-47747](CVE-2023/CVE-2023-477xx/CVE-2023-47747.json) (`2024-01-22T20:15:47.267`)
* [CVE-2023-6290](CVE-2023/CVE-2023-62xx/CVE-2023-6290.json) (`2024-01-22T20:15:47.457`)
* [CVE-2023-6384](CVE-2023/CVE-2023-63xx/CVE-2023-6384.json) (`2024-01-22T20:15:47.507`)
* [CVE-2023-6447](CVE-2023/CVE-2023-64xx/CVE-2023-6447.json) (`2024-01-22T20:15:47.553`)
* [CVE-2023-6456](CVE-2023/CVE-2023-64xx/CVE-2023-6456.json) (`2024-01-22T20:15:47.600`)
* [CVE-2023-6625](CVE-2023/CVE-2023-66xx/CVE-2023-6625.json) (`2024-01-22T20:15:47.647`)
* [CVE-2023-6626](CVE-2023/CVE-2023-66xx/CVE-2023-6626.json) (`2024-01-22T20:15:47.697`)
* [CVE-2023-7082](CVE-2023/CVE-2023-70xx/CVE-2023-7082.json) (`2024-01-22T20:15:47.743`)
* [CVE-2023-7170](CVE-2023/CVE-2023-71xx/CVE-2023-7170.json) (`2024-01-22T20:15:47.787`)
* [CVE-2023-7194](CVE-2023/CVE-2023-71xx/CVE-2023-7194.json) (`2024-01-22T20:15:47.833`)
* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-22T19:15:09.210`)
* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-22T19:15:09.423`)
* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-22T19:15:09.487`)
### CVEs modified in the last Commit
Recently modified CVEs: `17`
Recently modified CVEs: `69`
* [CVE-2016-5002](CVE-2016/CVE-2016-50xx/CVE-2016-5002.json) (`2024-01-22T17:15:08.263`)
* [CVE-2016-5003](CVE-2016/CVE-2016-50xx/CVE-2016-5003.json) (`2024-01-22T17:15:08.393`)
* [CVE-2019-17570](CVE-2019/CVE-2019-175xx/CVE-2019-17570.json) (`2024-01-22T17:15:08.520`)
* [CVE-2022-34364](CVE-2022/CVE-2022-343xx/CVE-2022-34364.json) (`2024-01-22T17:15:08.683`)
* [CVE-2022-45793](CVE-2022/CVE-2022-457xx/CVE-2022-45793.json) (`2024-01-22T17:15:08.817`)
* [CVE-2022-45794](CVE-2022/CVE-2022-457xx/CVE-2022-45794.json) (`2024-01-22T17:15:08.910`)
* [CVE-2023-46316](CVE-2023/CVE-2023-463xx/CVE-2023-46316.json) (`2024-01-22T17:15:08.997`)
* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-22T17:15:09.080`)
* [CVE-2023-50917](CVE-2023/CVE-2023-509xx/CVE-2023-50917.json) (`2024-01-22T17:15:09.207`)
* [CVE-2023-49568](CVE-2023/CVE-2023-495xx/CVE-2023-49568.json) (`2024-01-22T17:57:41.193`)
* [CVE-2023-51698](CVE-2023/CVE-2023-516xx/CVE-2023-51698.json) (`2024-01-22T17:57:50.930`)
* [CVE-2023-34104](CVE-2023/CVE-2023-341xx/CVE-2023-34104.json) (`2024-01-22T18:15:20.003`)
* [CVE-2023-51751](CVE-2023/CVE-2023-517xx/CVE-2023-51751.json) (`2024-01-22T18:41:31.690`)
* [CVE-2023-49569](CVE-2023/CVE-2023-495xx/CVE-2023-49569.json) (`2024-01-22T18:57:03.500`)
* [CVE-2023-41056](CVE-2023/CVE-2023-410xx/CVE-2023-41056.json) (`2024-01-22T18:58:13.877`)
* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-22T17:15:09.523`)
* [CVE-2024-22206](CVE-2024/CVE-2024-222xx/CVE-2024-22206.json) (`2024-01-22T18:38:06.843`)
* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-01-22T19:10:26.333`)
* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-22T19:10:26.333`)
* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-22T19:10:26.333`)
* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-22T19:10:26.333`)
* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-22T19:10:26.333`)
* [CVE-2024-22124](CVE-2024/CVE-2024-221xx/CVE-2024-22124.json) (`2024-01-22T19:17:13.050`)
* [CVE-2024-22209](CVE-2024/CVE-2024-222xx/CVE-2024-22209.json) (`2024-01-22T19:20:27.757`)
* [CVE-2024-21640](CVE-2024/CVE-2024-216xx/CVE-2024-21640.json) (`2024-01-22T19:20:59.733`)
* [CVE-2024-23301](CVE-2024/CVE-2024-233xx/CVE-2024-23301.json) (`2024-01-22T19:21:26.297`)
* [CVE-2024-21639](CVE-2024/CVE-2024-216xx/CVE-2024-21639.json) (`2024-01-22T19:23:11.360`)
* [CVE-2024-0510](CVE-2024/CVE-2024-05xx/CVE-2024-0510.json) (`2024-01-22T19:23:27.007`)
* [CVE-2024-0490](CVE-2024/CVE-2024-04xx/CVE-2024-0490.json) (`2024-01-22T19:24:45.367`)
* [CVE-2024-0491](CVE-2024/CVE-2024-04xx/CVE-2024-0491.json) (`2024-01-22T19:26:12.493`)
* [CVE-2024-0535](CVE-2024/CVE-2024-05xx/CVE-2024-0535.json) (`2024-01-22T19:32:08.933`)
* [CVE-2024-21654](CVE-2024/CVE-2024-216xx/CVE-2024-21654.json) (`2024-01-22T19:45:11.213`)
* [CVE-2024-0505](CVE-2024/CVE-2024-05xx/CVE-2024-0505.json) (`2024-01-22T19:51:37.637`)
* [CVE-2024-0517](CVE-2024/CVE-2024-05xx/CVE-2024-0517.json) (`2024-01-22T19:53:16.533`)
* [CVE-2024-0518](CVE-2024/CVE-2024-05xx/CVE-2024-0518.json) (`2024-01-22T19:53:24.690`)
* [CVE-2024-0519](CVE-2024/CVE-2024-05xx/CVE-2024-0519.json) (`2024-01-22T19:53:33.937`)
* [CVE-2024-0545](CVE-2024/CVE-2024-05xx/CVE-2024-0545.json) (`2024-01-22T19:59:06.540`)
* [CVE-2024-0546](CVE-2024/CVE-2024-05xx/CVE-2024-0546.json) (`2024-01-22T20:00:06.307`)
* [CVE-2024-22028](CVE-2024/CVE-2024-220xx/CVE-2024-22028.json) (`2024-01-22T20:22:47.847`)
* [CVE-2024-0548](CVE-2024/CVE-2024-05xx/CVE-2024-0548.json) (`2024-01-22T20:27:21.670`)
* [CVE-2024-0547](CVE-2024/CVE-2024-05xx/CVE-2024-0547.json) (`2024-01-22T20:27:43.267`)
* [CVE-2024-0543](CVE-2024/CVE-2024-05xx/CVE-2024-0543.json) (`2024-01-22T20:44:33.327`)
## Download and Usage