admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-06T19:00:33.081430+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-06 19:00:36 +00:00
parent d0bb9a5291
commit 744a570d86
54 changed files with 2132 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-148xx/CVE-2019-14865.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-14865",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-11-29T10:15:12.830",
"lastModified": "2023-02-12T23:36:07.163",
"lastModified": "2024-02-06T18:15:58.207",
"vulnStatus": "Modified",
"descriptions": [
{
@ -142,6 +142,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0335",
"source": "secalert@redhat.com",

4
CVE-2023/CVE-2023-351xx/CVE-2023-35188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35188",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-06T16:15:51.140",
"lastModified": "2024-02-06T16:15:51.140",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-364xx/CVE-2023-36498.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36498",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.527",
"lastModified": "2024-02-06T18:15:58.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853",
"source": "talos-cna@cisco.com"
}
]
}

63
CVE-2023/CVE-2023-405xx/CVE-2023-40545.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-40545",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-02-06T18:15:58.470",
"lastModified": "2024-02-06T18:15:58.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication\u00a0bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/hro1701116403236",
"source": "responsible-disclosure@pingidentity.com"
},
{
"url": "https://support.pingidentity.com/s/article/SECADV040-PingFederate-OAuth-Client-Authentication-Bypass",
"source": "responsible-disclosure@pingidentity.com"
},
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate/previous-releases.html",
"source": "responsible-disclosure@pingidentity.com"
}
]
}

91
CVE-2023/CVE-2023-405xx/CVE-2023-40548.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40548",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-29T15:15:08.893",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:37:23.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operaci\u00f3n de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza adem\u00e1s para operaciones de asignaci\u00f3n de memoria, lo que provoca un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria. Esta falla causa da\u00f1os en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +84,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "15.8",
"matchCriteriaId": "A4D01344-F2B6-4206-9E1D-AAAAB1977EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BF11AEF9-B742-46DC-94D2-6160B93767BD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40548",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-426xx/CVE-2023-42664.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42664",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.770",
"lastModified": "2024-02-06T18:15:58.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-434xx/CVE-2023-43482.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43482",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.973",
"lastModified": "2024-02-06T18:15:58.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850",
"source": "talos-cna@cisco.com"
}
]
}

4
CVE-2023/CVE-2023-461xx/CVE-2023-46183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46183",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-06T16:15:51.370",
"lastModified": "2024-02-06T16:15:51.370",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-466xx/CVE-2023-46683.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46683",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.180",
"lastModified": "2024-02-06T18:15:58.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-471xx/CVE-2023-47167.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47167",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.380",
"lastModified": "2024-02-06T18:15:58.923",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-472xx/CVE-2023-47209.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47209",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.593",
"lastModified": "2024-02-06T18:15:59.000",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-476xx/CVE-2023-47617.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47617",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.797",
"lastModified": "2024-02-06T18:15:59.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-476xx/CVE-2023-47618.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47618",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:10.013",
"lastModified": "2024-02-06T18:15:59.160",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859",
"source": "talos-cna@cisco.com"
}
]
}

62
CVE-2023/CVE-2023-501xx/CVE-2023-50165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50165",
"sourceIdentifier": "security@pega.com",
"published": "2024-01-31T18:15:46.320",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:41:39.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents."
},
{
"lang": "es",
"value": "Las versiones de Pega Platform 8.2.1 a Infinity 23.1.0 se ven afectadas por un problema de PDF generado que podr\u00eda exponer el contenido del archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "security@pega.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security@pega.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.1",
"versionEndIncluding": "23.1.0",
"matchCriteriaId": "9AEA6DF6-D772-416F-AB6C-879B6596529C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-g23-vulnerability-remediation-note",
"source": "security@pega.com"
"source": "security@pega.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-501xx/CVE-2023-50166.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50166",
"sourceIdentifier": "security@pega.com",
"published": "2024-01-31T18:15:46.513",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:42:52.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter."
},
{
"lang": "es",
"value": "Pega Platform de 8.5.4 a 8.8.3 se ve afectada por un problema XSS con un usuario no autenticado y el par\u00e1metro redirect."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@pega.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@pega.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.4",
"versionEndIncluding": "8.8.3",
"matchCriteriaId": "444C349E-92AB-4143-9526-F8F6DEAED9D8"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-h23-vulnerability-remediation-note",
"source": "security@pega.com"
"source": "security@pega.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-503xx/CVE-2023-50395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50395",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-06T16:15:51.573",
"lastModified": "2024-02-06T16:15:51.573",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-515xx/CVE-2023-51532.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51532",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:08.710",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:24:30.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building permiten XSS almacenado. Este problema afecta a Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: desde n/a hasta el 3.1.19."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.19",
"matchCriteriaId": "CC14B70E-FCCC-4703-A879-D19B3FE137AF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-515xx/CVE-2023-51534.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51534",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T11:15:09.527",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:04:08.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brave Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content permite XSS almacenado. Este problema afecta a Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: desde n/a hasta 0.6.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getbrave:brave:*:*:*:*:wordpress:*:*:*",
"versionEndIncluding": "0.6.2",
"matchCriteriaId": "ED70BA1A-A2BF-449A-85BB-22E7DD68202A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-popup-plugin-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-518xx/CVE-2023-51839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51839",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.047",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:02:34.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "DeviceFarmer stf v3.6.6 sufre de uso de un algoritmo criptogr\u00e1fico defectuoso o riesgoso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devicefarmer:smartphone_test_farm:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2F07D0-CA08-40E2-B7FE-3353CD83B6D1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DeviceFarmer/stf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/DeviceFarmer/stf/issues/736",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51839.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-519xx/CVE-2023-51982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:59.013",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:30:13.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "CrateDB 5.5.1 contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente de la interfaz de usuario de administraci\u00f3n. Despu\u00e9s de configurar la autenticaci\u00f3n de contrase\u00f1a y_ Local_ En el caso de una direcci\u00f3n, la autenticaci\u00f3n de identidad se puede omitir configurando el encabezado de solicitud de IP de X-Real en un valor espec\u00edfico y accediendo a la interfaz de usuario del administrador directamente utilizando la identidad de usuario predeterminada. (https://github. es/crate/crate/issues/15231)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cratedb:cratedb:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA795AD-7B75-41DA-B82D-3A032DBAE7BF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/crate/crate/issues/15231",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52193.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52193",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:10.423",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T17:22:44.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Live Composer Team Page Builder: Live Composer permite XSS almacenado. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livecomposerplugin:live-composer-page-builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.23",
"matchCriteriaId": "A6FA7337-71AF-4267-B042-F9206CDC49C7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-23-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52194.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52194",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:10.880",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T17:38:15.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Takayuki Miyauchi oEmbed Gist permite XSS almacenado. Este problema afecta a oEmbed Gist: desde n/a hasta 4.9.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:takayukimiyauchi:oembed_gist:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.9.1",
"matchCriteriaId": "44DCF5EE-3719-443F-9111-773782C050B4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oembed-gist/wordpress-oembed-gist-plugin-4-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52195.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52195",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:11.207",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T17:29:48.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Posts to Page Kerry James permite XSS almacenado. Este problema afecta a Kerry James: desde n/a hasta 1.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kerryjames:posts_to_page:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "7020F848-9DA0-4216-BC3C-287E8D450A9E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/posts-to-page/wordpress-posts-to-page-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-62xx/CVE-2023-6238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6238",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-21T21:15:09.273",
"lastModified": "2024-02-06T12:15:55.410",
"vulnStatus": "Modified",
"lastModified": "2024-02-06T18:53:02.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{

69
CVE-2023/CVE-2023-63xx/CVE-2023-6374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6374",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.520",
"lastModified": "2024-01-31T09:15:44.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:50:48.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@ -50,18 +70,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mitsubishielectric:melsec_ws0-geth00200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31C1CF5D-1E46-4E97-85D2-C92C40D1EADF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mitsubishielectric:melsec_ws0-geth00200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2309DB7C-07CA-4821-A7A2-F461652E62C8"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU99497477",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

26
CVE-2023/CVE-2023-66xx/CVE-2023-6672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6672",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-02T13:15:08.890",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:03:45.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0080",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-66xx/CVE-2023-6673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6673",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-02T13:15:09.100",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:03:31.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0080",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

26
CVE-2023/CVE-2023-66xx/CVE-2023-6675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6675",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-02T13:15:09.300",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T17:03:12.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0080",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-09xx/CVE-2024-0911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0911",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-02-06T15:15:08.827",
"lastModified": "2024-02-06T15:15:08.827",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2024/CVE-2024-10xx/CVE-2024-1048.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1048",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-06T18:15:59.250",
"lastModified": "2024-02-06T18:15:59.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1048",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827",
"source": "secalert@redhat.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/02/06/3",
"source": "secalert@redhat.com"
}
]
}

65
CVE-2024/CVE-2024-11xx/CVE-2024-1111.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1111",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T19:15:08.187",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T18:11:45.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester QR Code Login System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo add-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento qr-code conduce a cross site scripting. El ataque puede lanzarse de forma remota. VDB-252470 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +105,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:qr_code_login_system:1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8396C7C3-5EDE-46DF-99D3-937533F7C8F1"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252470",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252470",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-12xx/CVE-2024-1251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1251",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T16:15:51.793",
"lastModified": "2024-02-06T16:15:51.793",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-12xx/CVE-2024-1252.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1252",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T17:15:10.280",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/b51s77/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252991",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252991",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1253.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1253",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T17:15:10.507",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/b51s77/cve/blob/main/upload.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252992",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252992",
"source": "cna@vuldb.com"
}
]
}

44
CVE-2024/CVE-2024-213xx/CVE-2024-21388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21388",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-30T18:15:48.140",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:21:15.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"matchCriteriaId": "00804700-C068-4562-9F64-4D348E1B76F5"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-214xx/CVE-2024-21488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21488",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-30T05:15:09.277",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:56:43.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,26 +80,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forkhq:network:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "0.7.0",
"matchCriteriaId": "D7E1F6C0-7EF1-4EE0-9BEE-BD4B94EA0B33"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-218xx/CVE-2024-21840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21840",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2024-01-30T03:15:07.867",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:32:20.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*",
"versionStartIncluding": "04.0.0",
"versionEndExcluding": "04.10.0",
"matchCriteriaId": "618B27D3-9BD5-4A12-8B73-F5DF27AD92B2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-223xx/CVE-2024-22306.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22306",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T17:15:35.560",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:20:46.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Hometory Mang Board WP permite XSS almacenado. Este problema afecta a Mang Board WP: desde n/a hasta 1.7.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mangboard:mang_board:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.7",
"matchCriteriaId": "02F38FD7-C61F-4366-8227-06C4ADC650A1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-223xx/CVE-2024-22331.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22331",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-06T17:15:10.740",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7114131",
"source": "psirt@us.ibm.com"
}
]
}

65
CVE-2024/CVE-2024-225xx/CVE-2024-22569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22569",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T02:15:54.467",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:07:39.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de cross site scripting (XSS) almacenado en POSCMS v4.6.2 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en /index.php?c=install&m=index&step=2&is_install_db=0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:poscms:poscms:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A62614D0-0876-4DEA-BADB-2ADDA028B7FA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/12",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-233xx/CVE-2024-23342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23342",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T00:15:26.397",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:36:47.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -58,22 +78,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tlsfuzzer:ecdsa:*:*:*:*:*:python:*:*",
"versionEndIncluding": "1.8.0",
"matchCriteriaId": "32CDB19B-B6CA-4F1D-B5DC-9140D7EB7B3E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://minerva.crocs.fi.muni.cz/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
},
{
"url": "https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
}
]
}

4
CVE-2024/CVE-2024-233xx/CVE-2024-23344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23344",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T16:15:52.120",
"lastModified": "2024-02-06T16:15:52.120",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2024/CVE-2024-236xx/CVE-2024-23647.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23647",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T17:15:10.913",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:22:58.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue."
},
{
"lang": "es",
"value": "Authentik es un proveedor de identidades de c\u00f3digo abierto. Hay un error en nuestra implementaci\u00f3n de PKCE que permite a un atacante eludir la protecci\u00f3n que ofrece PKCE. PKCE agrega el par\u00e1metro code_challenge a la solicitud de autorizaci\u00f3n y agrega el par\u00e1metro code_verifier a la solicitud de token. Antes de 2023.8.7 y 2023.10.7, es posible un escenario de degradaci\u00f3n: si el atacante elimina el par\u00e1metro code_challenge de la solicitud de autorizaci\u00f3n, authentik no realizar\u00e1 la verificaci\u00f3n PKCE. Debido a este error, un atacante puede eludir la protecci\u00f3n que ofrece PKCE, como los ataques CSRF y los ataques de inyecci\u00f3n de c\u00f3digo. Las versiones 2023.8.7 y 2023.10.7 solucionan el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.8.7",
"matchCriteriaId": "026E19BC-D2BB-4B89-916F-565B498F0C87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.10.0",
"versionEndExcluding": "2023.10.7",
"matchCriteriaId": "6E579B4B-ACB8-4917-915B-D0FB5FC17F64"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-238xx/CVE-2024-23829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23829",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T23:15:08.767",
"lastModified": "2024-02-05T02:15:47.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T18:38:53.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,69 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.2",
"matchCriteriaId": "A69737C5-7602-4816-A6FD-4483CDBE3C39"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/pull/8074",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
]
}
]
}

4
CVE-2024/CVE-2024-240xx/CVE-2024-24000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24000",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.317",
"lastModified": "2024-02-06T16:15:52.317",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-240xx/CVE-2024-24013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24013",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.363",
"lastModified": "2024-02-06T16:15:52.363",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-240xx/CVE-2024-24015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24015",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.410",
"lastModified": "2024-02-06T16:15:52.410",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-242xx/CVE-2024-24291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24291",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.460",
"lastModified": "2024-02-06T16:15:52.460",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:52:56.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24590",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.100",
"lastModified": "2024-02-06T15:15:09.100",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24591",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.367",
"lastModified": "2024-02-06T15:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24592.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24592",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.730",
"lastModified": "2024-02-06T15:15:09.730",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24593",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.977",
"lastModified": "2024-02-06T15:15:09.977",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24594.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24594",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:10.203",
"lastModified": "2024-02-06T15:15:10.203",
"vulnStatus": "Received",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-06T17:00:38.413558+00:00
2024-02-06T19:00:33.081430+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-06T16:58:26.023000+00:00
2024-02-06T18:56:43.787000+00:00
```
### Last Data Feed Release
@ -29,57 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237783
237796
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `13`
* [CVE-2023-5584](CVE-2023/CVE-2023-55xx/CVE-2023-5584.json) (`2024-02-06T15:15:08.247`)
* [CVE-2023-35188](CVE-2023/CVE-2023-351xx/CVE-2023-35188.json) (`2024-02-06T16:15:51.140`)
* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-06T16:15:51.370`)
* [CVE-2023-50395](CVE-2023/CVE-2023-503xx/CVE-2023-50395.json) (`2024-02-06T16:15:51.573`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T15:15:08.827`)
* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T15:15:09.100`)
* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T15:15:09.367`)
* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T15:15:09.730`)
* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T15:15:09.977`)
* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T15:15:10.203`)
* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T16:15:51.793`)
* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T16:15:52.120`)
* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T16:15:52.317`)
* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T16:15:52.363`)
* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T16:15:52.410`)
* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T16:15:52.460`)
* [CVE-2023-36498](CVE-2023/CVE-2023-364xx/CVE-2023-36498.json) (`2024-02-06T17:15:08.527`)
* [CVE-2023-40545](CVE-2023/CVE-2023-405xx/CVE-2023-40545.json) (`2024-02-06T18:15:58.470`)
* [CVE-2023-42664](CVE-2023/CVE-2023-426xx/CVE-2023-42664.json) (`2024-02-06T17:15:08.770`)
* [CVE-2023-43482](CVE-2023/CVE-2023-434xx/CVE-2023-43482.json) (`2024-02-06T17:15:08.973`)
* [CVE-2023-46683](CVE-2023/CVE-2023-466xx/CVE-2023-46683.json) (`2024-02-06T17:15:09.180`)
* [CVE-2023-47167](CVE-2023/CVE-2023-471xx/CVE-2023-47167.json) (`2024-02-06T17:15:09.380`)
* [CVE-2023-47209](CVE-2023/CVE-2023-472xx/CVE-2023-47209.json) (`2024-02-06T17:15:09.593`)
* [CVE-2023-47617](CVE-2023/CVE-2023-476xx/CVE-2023-47617.json) (`2024-02-06T17:15:09.797`)
* [CVE-2023-47618](CVE-2023/CVE-2023-476xx/CVE-2023-47618.json) (`2024-02-06T17:15:10.013`)
* [CVE-2024-1252](CVE-2024/CVE-2024-12xx/CVE-2024-1252.json) (`2024-02-06T17:15:10.280`)
* [CVE-2024-1253](CVE-2024/CVE-2024-12xx/CVE-2024-1253.json) (`2024-02-06T17:15:10.507`)
* [CVE-2024-22331](CVE-2024/CVE-2024-223xx/CVE-2024-22331.json) (`2024-02-06T17:15:10.740`)
* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T18:15:59.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `22`
Recently modified CVEs: `40`
* [CVE-2023-6679](CVE-2023/CVE-2023-66xx/CVE-2023-6679.json) (`2024-02-06T15:15:08.397`)
* [CVE-2023-6915](CVE-2023/CVE-2023-69xx/CVE-2023-6915.json) (`2024-02-06T15:15:08.610`)
* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-02-06T16:09:02.867`)
* [CVE-2023-49038](CVE-2023/CVE-2023-490xx/CVE-2023-49038.json) (`2024-02-06T16:35:06.483`)
* [CVE-2023-52191](CVE-2023/CVE-2023-521xx/CVE-2023-52191.json) (`2024-02-06T16:58:26.023`)
* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-02-06T15:03:44.550`)
* [CVE-2024-22286](CVE-2024/CVE-2024-222xx/CVE-2024-22286.json) (`2024-02-06T15:08:36.300`)
* [CVE-2024-22289](CVE-2024/CVE-2024-222xx/CVE-2024-22289.json) (`2024-02-06T15:15:04.717`)
* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-02-06T15:20:17.970`)
* [CVE-2024-22292](CVE-2024/CVE-2024-222xx/CVE-2024-22292.json) (`2024-02-06T15:23:23.247`)
* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-02-06T15:25:24.303`)
* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-02-06T15:37:01.700`)
* [CVE-2024-22297](CVE-2024/CVE-2024-222xx/CVE-2024-22297.json) (`2024-02-06T15:38:07.050`)
* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-02-06T15:42:52.927`)
* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-02-06T15:43:49.957`)
* [CVE-2024-22293](CVE-2024/CVE-2024-222xx/CVE-2024-22293.json) (`2024-02-06T15:44:56.407`)
* [CVE-2024-22295](CVE-2024/CVE-2024-222xx/CVE-2024-22295.json) (`2024-02-06T15:49:30.457`)
* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-02-06T15:51:01.533`)
* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-02-06T15:52:58.037`)
* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-02-06T16:08:42.910`)
* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-06T16:29:48.453`)
* [CVE-2024-22282](CVE-2024/CVE-2024-222xx/CVE-2024-22282.json) (`2024-02-06T16:55:19.983`)
* [CVE-2023-51982](CVE-2023/CVE-2023-519xx/CVE-2023-51982.json) (`2024-02-06T18:30:13.563`)
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-06T18:37:23.327`)
* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-02-06T18:50:48.063`)
* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2024-02-06T18:53:02.780`)
* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-02-06T18:07:39.733`)
* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-02-06T18:11:45.033`)
* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-02-06T18:20:46.017`)
* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-02-06T18:21:15.953`)
* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-02-06T18:22:58.250`)
* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-02-06T18:32:20.340`)
* [CVE-2024-23342](CVE-2024/CVE-2024-233xx/CVE-2024-23342.json) (`2024-02-06T18:36:47.733`)
* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-02-06T18:38:53.870`)
* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-02-06T18:56:43.787`)
## Download and Usage