From 75c0a751d15d7074a6a310018d2f3f21e3a20daf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 22 Jan 2024 23:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-22T23:00:24.494589+00:00 --- CVE-2011/CVE-2011-100xx/CVE-2011-10005.json | 60 +++++++++++++++-- CVE-2022/CVE-2022-04xx/CVE-2022-0402.json | 74 +++++++++++++++++++-- CVE-2023/CVE-2023-241xx/CVE-2023-24135.json | 32 +++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39417.json | 6 +- CVE-2023/CVE-2023-434xx/CVE-2023-43449.json | 65 ++++++++++++++++-- CVE-2023/CVE-2023-471xx/CVE-2023-47141.json | 59 ++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5868.json | 6 +- CVE-2023/CVE-2023-58xx/CVE-2023-5869.json | 6 +- CVE-2023/CVE-2023-58xx/CVE-2023-5870.json | 6 +- CVE-2023/CVE-2023-64xx/CVE-2023-6457.json | 57 +++++++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23675.json | 55 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23676.json | 55 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23677.json | 55 +++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23678.json | 55 +++++++++++++++ README.md | 69 ++++++------------- 15 files changed, 589 insertions(+), 71 deletions(-) create mode 100644 CVE-2023/CVE-2023-241xx/CVE-2023-24135.json create mode 100644 CVE-2023/CVE-2023-471xx/CVE-2023-47141.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23675.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23676.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23677.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23678.json diff --git a/CVE-2011/CVE-2011-100xx/CVE-2011-10005.json b/CVE-2011/CVE-2011-100xx/CVE-2011-10005.json index 9164b301de5..a5e0d9e25fd 100644 --- a/CVE-2011/CVE-2011-100xx/CVE-2011-10005.json +++ b/CVE-2011/CVE-2011-100xx/CVE-2011-10005.json @@ -2,8 +2,8 @@ "id": "CVE-2011-10005", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-16T08:15:07.933", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T21:14:22.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easyftp_server_project:easyftp_server:1.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "43600CC1-CB66-42F5-8446-84FF00B7CC5E" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.250716", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250716", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/17354", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-04xx/CVE-2022-0402.json b/CVE-2022/CVE-2022-04xx/CVE-2022-0402.json index bb5c322d4cb..56fd2a68270 100644 --- a/CVE-2022/CVE-2022-04xx/CVE-2022-0402.json +++ b/CVE-2022/CVE-2022-04xx/CVE-2022-0402.json @@ -2,23 +2,87 @@ "id": "CVE-2022-0402", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.317", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T21:01:52.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user." + }, + { + "lang": "es", + "value": "El complemento de WordPress Super Forms - Drag & Drop Form Builder anterior a 6.0.4 no escapa del par\u00e1metro bob_czy_panstwa_sprawa_zostala_rozwiazana antes de devolverlo a un atributo a trav\u00e9s de la acci\u00f3n AJAX super_language_switcher, lo que genera cross site scripting reflejado. La acci\u00f3n tambi\u00e9n carece de CSRF, lo que hace que el ataque sea m\u00e1s f\u00e1cil de realizar contra cualquier usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:super-forms:super_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.0.4", + "matchCriteriaId": "885B15EF-FCB2-4662-A6B7-7182CB54AB68" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/RensTillmann/super-forms/commit/c19d65abbe43d9b6359c1bf3498dc697d0c19d02", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Patch" + ] }, { "url": "https://wpscan.com/vulnerability/2e2e2478-2488-4c91-8af8-69b07783854f/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-241xx/CVE-2023-24135.json b/CVE-2023/CVE-2023-241xx/CVE-2023-24135.json new file mode 100644 index 00000000000..bbcf6bcb2ee --- /dev/null +++ b/CVE-2023/CVE-2023-241xx/CVE-2023-24135.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-24135", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-22T21:15:08.793", + "lastModified": "2024-01-22T21:15:08.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://eagle.com", + "source": "cve@mitre.org" + }, + { + "url": "http://jensen.com", + "source": "cve@mitre.org" + }, + { + "url": "https://oxnan.com/img/Pasted%20image%2020230112110814.png", + "source": "cve@mitre.org" + }, + { + "url": "https://oxnan.com/posts/WriteFacMac-Command-Injection", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json index 32821da43b3..7d372407c12 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39417.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39417", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-11T13:15:09.870", - "lastModified": "2024-01-19T03:15:07.847", + "lastModified": "2024-01-22T21:15:08.997", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -244,6 +244,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0304", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-39417", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43449.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43449.json index 89b1f6ae112..93f25107f20 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43449.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43449.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43449", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T02:15:28.420", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T21:15:48.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Un problema en HummerRisk HummerRisk v.1.10 a 1.4.1 permite que un atacante autenticado ejecute c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente de servicio/LicenseService." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hummerrisk:hummerrisk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.4.1", + "matchCriteriaId": "0086E3E1-F2CB-4CDA-9D18-D658B50E70E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/HummerRisk/HummerRisk/issues/446", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47141.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47141.json new file mode 100644 index 00000000000..a1c85786f1f --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47141.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-47141", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-22T21:15:09.367", + "lastModified": "2024-01-22T21:15:09.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105497", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json index 7041284d647..b0a5e10ed98 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5868.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5868", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.163", - "lastModified": "2024-01-19T16:15:10.410", + "lastModified": "2024-01-22T21:15:09.567", "vulnStatus": "Modified", "descriptions": [ { @@ -438,6 +438,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0304", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5868", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json index 4af78ac3a36..07c9356b4df 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5869", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.410", - "lastModified": "2024-01-19T16:15:10.620", + "lastModified": "2024-01-22T21:15:09.780", "vulnStatus": "Modified", "descriptions": [ { @@ -514,6 +514,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0304", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5869", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json index d4cbc60bdfb..3c8d5618944 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5870.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5870", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-10T18:15:07.643", - "lastModified": "2024-01-19T16:15:10.867", + "lastModified": "2024-01-22T21:15:10.027", "vulnStatus": "Modified", "descriptions": [ { @@ -438,6 +438,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0304", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5870", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6457.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6457.json index 8543912619d..4d633c9c221 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6457.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6457.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6457", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2024-01-16T01:15:34.950", - "lastModified": "2024-01-16T13:56:05.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-22T21:25:07.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.8.5-04", + "matchCriteriaId": "A8BD4604-C9B8-4FD5-B595-5C286F3A9589" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-104/index.html", - "source": "hirt@hitachi.co.jp" + "source": "hirt@hitachi.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23675.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23675.json new file mode 100644 index 00000000000..cebdd321f00 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23675.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23675", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-22T21:15:10.263", + "lastModified": "2024-01-22T21:15:10.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0105", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23676.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23676.json new file mode 100644 index 00000000000..24c61ae7d8c --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23676.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23676", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-22T21:15:10.530", + "lastModified": "2024-01-22T21:15:10.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0106", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23677.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23677.json new file mode 100644 index 00000000000..2e943b06c16 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23677.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23677", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-22T21:15:10.710", + "lastModified": "2024-01-22T21:15:10.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0107", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23678.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23678.json new file mode 100644 index 00000000000..77192df9442 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23678.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23678", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2024-01-22T21:15:10.920", + "lastModified": "2024-01-22T21:15:10.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0108", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 23f117b5358..90b99a99565 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-22T21:00:25.160876+00:00 +2024-01-22T23:00:24.494589+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-22T21:00:02.100000+00:00 +2024-01-22T21:25:07.550000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236532 +236538 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `6` -* [CVE-2023-45193](CVE-2023/CVE-2023-451xx/CVE-2023-45193.json) (`2024-01-22T19:15:08.520`) -* [CVE-2023-47746](CVE-2023/CVE-2023-477xx/CVE-2023-47746.json) (`2024-01-22T19:15:08.730`) -* [CVE-2023-48118](CVE-2023/CVE-2023-481xx/CVE-2023-48118.json) (`2024-01-22T19:15:08.947`) -* [CVE-2023-50308](CVE-2023/CVE-2023-503xx/CVE-2023-50308.json) (`2024-01-22T19:15:09.003`) -* [CVE-2023-27859](CVE-2023/CVE-2023-278xx/CVE-2023-27859.json) (`2024-01-22T20:15:46.550`) -* [CVE-2023-47152](CVE-2023/CVE-2023-471xx/CVE-2023-47152.json) (`2024-01-22T20:15:46.890`) -* [CVE-2023-47158](CVE-2023/CVE-2023-471xx/CVE-2023-47158.json) (`2024-01-22T20:15:47.077`) -* [CVE-2023-47747](CVE-2023/CVE-2023-477xx/CVE-2023-47747.json) (`2024-01-22T20:15:47.267`) -* [CVE-2023-6290](CVE-2023/CVE-2023-62xx/CVE-2023-6290.json) (`2024-01-22T20:15:47.457`) -* [CVE-2023-6384](CVE-2023/CVE-2023-63xx/CVE-2023-6384.json) (`2024-01-22T20:15:47.507`) -* [CVE-2023-6447](CVE-2023/CVE-2023-64xx/CVE-2023-6447.json) (`2024-01-22T20:15:47.553`) -* [CVE-2023-6456](CVE-2023/CVE-2023-64xx/CVE-2023-6456.json) (`2024-01-22T20:15:47.600`) -* [CVE-2023-6625](CVE-2023/CVE-2023-66xx/CVE-2023-6625.json) (`2024-01-22T20:15:47.647`) -* [CVE-2023-6626](CVE-2023/CVE-2023-66xx/CVE-2023-6626.json) (`2024-01-22T20:15:47.697`) -* [CVE-2023-7082](CVE-2023/CVE-2023-70xx/CVE-2023-7082.json) (`2024-01-22T20:15:47.743`) -* [CVE-2023-7170](CVE-2023/CVE-2023-71xx/CVE-2023-7170.json) (`2024-01-22T20:15:47.787`) -* [CVE-2023-7194](CVE-2023/CVE-2023-71xx/CVE-2023-7194.json) (`2024-01-22T20:15:47.833`) -* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-22T19:15:09.210`) -* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-22T19:15:09.423`) -* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-22T19:15:09.487`) +* [CVE-2023-24135](CVE-2023/CVE-2023-241xx/CVE-2023-24135.json) (`2024-01-22T21:15:08.793`) +* [CVE-2023-47141](CVE-2023/CVE-2023-471xx/CVE-2023-47141.json) (`2024-01-22T21:15:09.367`) +* [CVE-2024-23675](CVE-2024/CVE-2024-236xx/CVE-2024-23675.json) (`2024-01-22T21:15:10.263`) +* [CVE-2024-23676](CVE-2024/CVE-2024-236xx/CVE-2024-23676.json) (`2024-01-22T21:15:10.530`) +* [CVE-2024-23677](CVE-2024/CVE-2024-236xx/CVE-2024-23677.json) (`2024-01-22T21:15:10.710`) +* [CVE-2024-23678](CVE-2024/CVE-2024-236xx/CVE-2024-23678.json) (`2024-01-22T21:15:10.920`) ### CVEs modified in the last Commit -Recently modified CVEs: `69` +Recently modified CVEs: `8` -* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-01-22T19:10:26.333`) -* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-22T19:10:26.333`) -* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-22T19:10:26.333`) -* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-22T19:10:26.333`) -* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-22T19:10:26.333`) -* [CVE-2024-22124](CVE-2024/CVE-2024-221xx/CVE-2024-22124.json) (`2024-01-22T19:17:13.050`) -* [CVE-2024-22209](CVE-2024/CVE-2024-222xx/CVE-2024-22209.json) (`2024-01-22T19:20:27.757`) -* [CVE-2024-21640](CVE-2024/CVE-2024-216xx/CVE-2024-21640.json) (`2024-01-22T19:20:59.733`) -* [CVE-2024-23301](CVE-2024/CVE-2024-233xx/CVE-2024-23301.json) (`2024-01-22T19:21:26.297`) -* [CVE-2024-21639](CVE-2024/CVE-2024-216xx/CVE-2024-21639.json) (`2024-01-22T19:23:11.360`) -* [CVE-2024-0510](CVE-2024/CVE-2024-05xx/CVE-2024-0510.json) (`2024-01-22T19:23:27.007`) -* [CVE-2024-0490](CVE-2024/CVE-2024-04xx/CVE-2024-0490.json) (`2024-01-22T19:24:45.367`) -* [CVE-2024-0491](CVE-2024/CVE-2024-04xx/CVE-2024-0491.json) (`2024-01-22T19:26:12.493`) -* [CVE-2024-0535](CVE-2024/CVE-2024-05xx/CVE-2024-0535.json) (`2024-01-22T19:32:08.933`) -* [CVE-2024-21654](CVE-2024/CVE-2024-216xx/CVE-2024-21654.json) (`2024-01-22T19:45:11.213`) -* [CVE-2024-0505](CVE-2024/CVE-2024-05xx/CVE-2024-0505.json) (`2024-01-22T19:51:37.637`) -* [CVE-2024-0517](CVE-2024/CVE-2024-05xx/CVE-2024-0517.json) (`2024-01-22T19:53:16.533`) -* [CVE-2024-0518](CVE-2024/CVE-2024-05xx/CVE-2024-0518.json) (`2024-01-22T19:53:24.690`) -* [CVE-2024-0519](CVE-2024/CVE-2024-05xx/CVE-2024-0519.json) (`2024-01-22T19:53:33.937`) -* [CVE-2024-0545](CVE-2024/CVE-2024-05xx/CVE-2024-0545.json) (`2024-01-22T19:59:06.540`) -* [CVE-2024-0546](CVE-2024/CVE-2024-05xx/CVE-2024-0546.json) (`2024-01-22T20:00:06.307`) -* [CVE-2024-22028](CVE-2024/CVE-2024-220xx/CVE-2024-22028.json) (`2024-01-22T20:22:47.847`) -* [CVE-2024-0548](CVE-2024/CVE-2024-05xx/CVE-2024-0548.json) (`2024-01-22T20:27:21.670`) -* [CVE-2024-0547](CVE-2024/CVE-2024-05xx/CVE-2024-0547.json) (`2024-01-22T20:27:43.267`) -* [CVE-2024-0543](CVE-2024/CVE-2024-05xx/CVE-2024-0543.json) (`2024-01-22T20:44:33.327`) +* [CVE-2011-10005](CVE-2011/CVE-2011-100xx/CVE-2011-10005.json) (`2024-01-22T21:14:22.763`) +* [CVE-2022-0402](CVE-2022/CVE-2022-04xx/CVE-2022-0402.json) (`2024-01-22T21:01:52.430`) +* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2024-01-22T21:15:08.997`) +* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2024-01-22T21:15:09.567`) +* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2024-01-22T21:15:09.780`) +* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2024-01-22T21:15:10.027`) +* [CVE-2023-43449](CVE-2023/CVE-2023-434xx/CVE-2023-43449.json) (`2024-01-22T21:15:48.367`) +* [CVE-2023-6457](CVE-2023/CVE-2023-64xx/CVE-2023-6457.json) (`2024-01-22T21:25:07.550`) ## Download and Usage