admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-31T00:55:25.206071+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-31 00:55:28 +00:00
parent 1c57b520c3
commit 7a95891acf
16 changed files with 1154 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2017/CVE-2017-201xx/CVE-2017-20189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.563",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:01:53.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,99 @@
"value": "En Clojure anterior a 1.9.0, las clases se pueden usar para construir un objeto serializado que ejecuta c\u00f3digo arbitrario tras la deserializaci\u00f3n. Esto es relevante si un servidor deserializa objetos que no son de confianza."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clojure:clojure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "BF6C5ABE-97CB-400C-880A-453F5CA13383"
}
]
}
]
}
],
"references": [
{
"url": "https://clojure.atlassian.net/browse/CLJ-2204",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/frohoff/ysoserial/pull/68/files",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://hackmd.io/%40fe1w0/HyefvRQKp",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGCLOJURE-5740378",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

10
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-30T18:15:46.910",
"lastModified": "2024-01-31T00:15:45.270",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,6 +100,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3",
"source": "securities@openeuler.org"
@ -112,6 +116,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c",
"source": "securities@openeuler.org"

10
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-01-30T18:15:46.997",
"lastModified": "2024-01-31T00:15:45.387",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3",
"source": "securities@openeuler.org"
@ -126,6 +130,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/5",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/9",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8",
"source": "securities@openeuler.org",

325
CVE-2022/CVE-2022-407xx/CVE-2022-40700.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-40700",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-19T15:15:08.020",
"lastModified": "2024-01-19T15:56:19.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:03:18.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \u2013 Gesti\u00f3n de membres\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \u2013 Complemento de membres\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \u2013 Proveedores, pedidos de suministro y gesti\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\u00e1ginas de WordPress \u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,66 +70,333 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "43821B34-AEAD-4521-B37C-07314D2848A5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.7",
"matchCriteriaId": "775615D7-1183-44BD-8E13-B18CC3F037B7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.0",
"matchCriteriaId": "78AA1D24-7A86-41D5-A9E4-3CF586D91F52"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.1",
"matchCriteriaId": "672D8FBE-F144-4BAF-B780-8234BB2D83D7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.0.1",
"matchCriteriaId": "1A46D97F-01EA-43A4-AD82-1552112A2B82"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.2.8",
"matchCriteriaId": "555CCA86-7B43-4F8D-9A71-3A92D34A8F43"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "054FCFA2-C643-441A-8D13-233980433E88"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.3",
"matchCriteriaId": "C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "5ADA61B8-B05E-4608-B331-80769EADB458"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.2",
"matchCriteriaId": "15F0C47E-D2B5-47A8-BD7E-592439EF2745"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.4",
"matchCriteriaId": "D12B6939-0446-4C32-AA43-CE3D0052B9ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "EA71FDDC-0142-450E-9F0B-4609171BBE09"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.6",
"matchCriteriaId": "B893F859-596C-45AD-BE84-BE9FE35B2626"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.8",
"matchCriteriaId": "E4720CB3-42E0-46B2-A74F-E118C427C44A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-33xx/CVE-2023-3341.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3341",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:11.770",
"lastModified": "2023-11-03T21:15:15.793",
"lastModified": "2024-01-31T00:15:45.500",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -254,6 +254,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html",
"source": "security-officer@isc.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/",
"source": "security-officer@isc.org"

4
CVE-2023/CVE-2023-457xx/CVE-2023-45779.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45779",
"sourceIdentifier": "security@android.com",
"published": "2023-12-04T23:15:26.673",
"lastModified": "2024-01-30T18:15:47.110",
"lastModified": "2024-01-31T00:15:45.653",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below:\n https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html \n https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962 \n"
"value": "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the links below:\nhttps://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html\nhttps://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962"
},
{
"lang": "es",

13
CVE-2023/CVE-2023-45xx/CVE-2023-4508.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4508",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-08-24T23:15:09.380",
"lastModified": "2023-09-30T17:15:39.413",
"lastModified": "2024-01-31T00:15:45.800",
"vulnStatus": "Modified",
"descriptions": [
{
@ -104,11 +104,8 @@
]
},
{
"url": "https://github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5",
"source": "security@ubuntu.com",
"tags": [
"Patch"
]
"url": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/gerbv/gerbv/issues/191",
@ -118,10 +115,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html",
"source": "security@ubuntu.com"
}
]
}

84
CVE-2023/CVE-2023-517xx/CVE-2023-51702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51702",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-24T13:15:08.150",
"lastModified": "2024-01-24T15:15:08.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:00:53.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Desde la versi\u00f3n 5.2.0, cuando se utiliza el modo diferible con la ruta de un archivo de configuraci\u00f3n de Kubernetes para la autenticaci\u00f3n, el trabajador de Airflow serializa este archivo de configuraci\u00f3n como un diccionario y lo env\u00eda al activador almacen\u00e1ndolo en metadatos sin ning\u00fan cifrado. Adem\u00e1s, si se utiliza con una versi\u00f3n de Airflow entre 2.3.0 y 2.6.0, el diccionario de configuraci\u00f3n se registrar\u00e1 como texto plano en el servicio activador sin enmascaramiento. Esto permite que cualquier persona con acceso a los metadatos o al registro del activador obtenga el archivo de configuraci\u00f3n y lo utilice para acceder al cl\u00faster de Kubernetes. Este comportamiento se cambi\u00f3 en la versi\u00f3n 7.0.0, que dej\u00f3 de serializar el contenido del archivo y comenz\u00f3 a proporcionar la ruta del archivo para leer el contenido en el activador. Se recomienda a los usuarios actualizar a la versi\u00f3n 7.0.0, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -31,26 +54,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.6.1",
"matchCriteriaId": "6592EF36-124C-4817-AAA7-33E0D5C1AB57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:airflow_cncf_kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "FD1C8DDC-BBE7-494E-87EF-F478DB8453C0"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/apache/airflow/pull/29498",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/apache/airflow/pull/30110",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/apache/airflow/pull/36492",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-70xx/CVE-2023-7063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7063",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-20T09:15:07.520",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:02:10.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpforms:wpforms:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "1.8.5.3",
"matchCriteriaId": "39B8E083-09E7-4BD4-945E-2615D1ED6366"
}
]
}
]
}
],
"references": [
{
"url": "https://wpforms.com/docs/how-to-view-recent-changes-to-the-wpforms-plugin-changelog/#1-8-5-4-2023-12-27",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

112
CVE-2024/CVE-2024-03xx/CVE-2024-0317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0317",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-15T17:15:08.850",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:04:42.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +70,96 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FD56BD-467E-474E-9512-6C7578892E87"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C196CC1F-F9F0-4FA3-85B7-78ADD07D9BA7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:*",
"matchCriteriaId": "CADEC68D-AE9E-4BE5-AE8B-26DF54EA2626"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0618D1C-184D-4F39-B86A-9A11BA6B7966"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF6F74D-AF80-4DCA-AD55-2B0C91097FC5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62AC2BDE-60CE-40FD-AC51-F89BDB22FF3B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

167
CVE-2024/CVE-2024-04xx/CVE-2024-0408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-25T23:15:08.590",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T23:04:09.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,30 +80,151 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "9C935C5C-1450-47E2-8736-EDED8D49475D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.1.11",
"matchCriteriaId": "565381E7-E0BD-408F-B970-34E9724B1B08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.4",
"matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0408",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257689",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

168
CVE-2024/CVE-2024-04xx/CVE-2024-0409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-25T23:15:08.683",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T23:03:34.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,30 +80,152 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "9C935C5C-1450-47E2-8736-EDED8D49475D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.1.11",
"matchCriteriaId": "565381E7-E0BD-408F-B970-34E9724B1B08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.4",
"matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0409",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257690",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-215xx/CVE-2024-21585.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21585",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:46.053",
"lastModified": "2024-01-19T17:45:23.603",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-31T00:15:45.920",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nWhen the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S1-EVO;\n * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.\n\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nWhen the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S1-EVO;\n * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",

70
CVE-2024/CVE-2024-222xx/CVE-2024-22229.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22229",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-01-24T17:15:08.410",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:01:36.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contienen una vulnerabilidad por la cual un atacante autenticado puede falsificar los mensajes de registro. Un atacante podr\u00eda aprovechar esta vulnerabilidad para falsificar entradas de registro, crear falsas alarmas e inyectar contenido malicioso en registros que comprometan su integridad. Un atacante malicioso tambi\u00e9n podr\u00eda impedir que el producto registre informaci\u00f3n mientras se realizan acciones maliciosas o implicar a un usuario arbitrario por actividades maliciosas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:5.3.0.0.5.120:*:*:*:*:*:*:*",
"matchCriteriaId": "893E7ED1-18F4-479B-8319-168155EC6052"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_xt_operating_environment:5.3.0.0.5.120:*:*:*:*:*:*:*",
"matchCriteriaId": "8102E9B0-BF83-464E-B199-99C9B26C55A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unityvsa_operating_environment:5.3.0.0.5.120:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A21556-3794-40D5-A577-79D64A2C588A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

94
CVE-2024/CVE-2024-236xx/CVE-2024-23638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T00:15:08.573",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T23:05:12.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-672"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,30 +80,76 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndIncluding": "5.9",
"matchCriteriaId": "A3D67FB6-14F1-40C3-B636-ADDF38F94FA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.6",
"matchCriteriaId": "434DE988-6D70-4BAE-8A1A-D07871424517"
}
]
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

52
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-30T23:00:41.061892+00:00
2024-01-31T00:55:25.206071+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-30T22:58:18.047000+00:00
2024-01-31T00:15:45.920000+00:00
```
### Last Data Feed Release
@ -34,43 +34,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `0`
* [CVE-2023-51197](CVE-2023/CVE-2023-511xx/CVE-2023-51197.json) (`2024-01-30T22:15:52.613`)
* [CVE-2023-51198](CVE-2023/CVE-2023-511xx/CVE-2023-51198.json) (`2024-01-30T22:15:52.670`)
* [CVE-2023-51202](CVE-2023/CVE-2023-512xx/CVE-2023-51202.json) (`2024-01-30T22:15:52.720`)
* [CVE-2023-51204](CVE-2023/CVE-2023-512xx/CVE-2023-51204.json) (`2024-01-30T22:15:52.767`)
* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-01-30T21:15:08.607`)
* [CVE-2024-1059](CVE-2024/CVE-2024-10xx/CVE-2024-1059.json) (`2024-01-30T22:15:52.937`)
* [CVE-2024-1060](CVE-2024/CVE-2024-10xx/CVE-2024-1060.json) (`2024-01-30T22:15:53.000`)
* [CVE-2024-1077](CVE-2024/CVE-2024-10xx/CVE-2024-1077.json) (`2024-01-30T22:15:53.090`)
* [CVE-2024-23834](CVE-2024/CVE-2024-238xx/CVE-2024-23834.json) (`2024-01-30T22:15:53.307`)
### CVEs modified in the last Commit
Recently modified CVEs: `20`
Recently modified CVEs: `15`
* [CVE-2018-7550](CVE-2018/CVE-2018-75xx/CVE-2018-7550.json) (`2024-01-30T22:15:52.420`)
* [CVE-2021-3156](CVE-2021/CVE-2021-31xx/CVE-2021-3156.json) (`2024-01-30T21:15:08.140`)
* [CVE-2022-39046](CVE-2022/CVE-2022-390xx/CVE-2022-39046.json) (`2024-01-30T21:15:08.370`)
* [CVE-2022-4964](CVE-2022/CVE-2022-49xx/CVE-2022-4964.json) (`2024-01-30T21:50:30.930`)
* [CVE-2023-52038](CVE-2023/CVE-2023-520xx/CVE-2023-52038.json) (`2024-01-30T21:02:47.613`)
* [CVE-2023-51711](CVE-2023/CVE-2023-517xx/CVE-2023-51711.json) (`2024-01-30T21:10:53.387`)
* [CVE-2023-40440](CVE-2023/CVE-2023-404xx/CVE-2023-40440.json) (`2024-01-30T21:15:08.517`)
* [CVE-2023-24676](CVE-2023/CVE-2023-246xx/CVE-2023-24676.json) (`2024-01-30T21:26:16.803`)
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-30T22:15:52.810`)
* [CVE-2023-43317](CVE-2023/CVE-2023-433xx/CVE-2023-43317.json) (`2024-01-30T22:17:58.823`)
* [CVE-2023-50943](CVE-2023/CVE-2023-509xx/CVE-2023-50943.json) (`2024-01-30T22:57:59.310`)
* [CVE-2023-50944](CVE-2023/CVE-2023-509xx/CVE-2023-50944.json) (`2024-01-30T22:58:18.047`)
* [CVE-2024-22751](CVE-2024/CVE-2024-227xx/CVE-2024-22751.json) (`2024-01-30T21:18:23.127`)
* [CVE-2024-21765](CVE-2024/CVE-2024-217xx/CVE-2024-21765.json) (`2024-01-30T22:14:09.087`)
* [CVE-2024-21796](CVE-2024/CVE-2024-217xx/CVE-2024-21796.json) (`2024-01-30T22:14:16.247`)
* [CVE-2024-22380](CVE-2024/CVE-2024-223xx/CVE-2024-22380.json) (`2024-01-30T22:14:24.967`)
* [CVE-2024-22366](CVE-2024/CVE-2024-223xx/CVE-2024-22366.json) (`2024-01-30T22:15:32.033`)
* [CVE-2024-21735](CVE-2024/CVE-2024-217xx/CVE-2024-21735.json) (`2024-01-30T22:15:53.150`)
* [CVE-2024-22372](CVE-2024/CVE-2024-223xx/CVE-2024-22372.json) (`2024-01-30T22:17:49.987`)
* [CVE-2024-22309](CVE-2024/CVE-2024-223xx/CVE-2024-22309.json) (`2024-01-30T22:18:55.947`)
* [CVE-2017-20189](CVE-2017/CVE-2017-201xx/CVE-2017-20189.json) (`2024-01-30T23:01:53.763`)
* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-31T00:15:45.270`)
* [CVE-2021-33631](CVE-2021/CVE-2021-336xx/CVE-2021-33631.json) (`2024-01-31T00:15:45.387`)
* [CVE-2022-40700](CVE-2022/CVE-2022-407xx/CVE-2022-40700.json) (`2024-01-30T23:03:18.550`)
* [CVE-2023-51702](CVE-2023/CVE-2023-517xx/CVE-2023-51702.json) (`2024-01-30T23:00:53.027`)
* [CVE-2023-7063](CVE-2023/CVE-2023-70xx/CVE-2023-7063.json) (`2024-01-30T23:02:10.287`)
* [CVE-2023-3341](CVE-2023/CVE-2023-33xx/CVE-2023-3341.json) (`2024-01-31T00:15:45.500`)
* [CVE-2023-45779](CVE-2023/CVE-2023-457xx/CVE-2023-45779.json) (`2024-01-31T00:15:45.653`)
* [CVE-2023-4508](CVE-2023/CVE-2023-45xx/CVE-2023-4508.json) (`2024-01-31T00:15:45.800`)
* [CVE-2024-22229](CVE-2024/CVE-2024-222xx/CVE-2024-22229.json) (`2024-01-30T23:01:36.513`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-30T23:03:34.597`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-30T23:04:09.157`)
* [CVE-2024-0317](CVE-2024/CVE-2024-03xx/CVE-2024-0317.json) (`2024-01-30T23:04:42.877`)
* [CVE-2024-23638](CVE-2024/CVE-2024-236xx/CVE-2024-23638.json) (`2024-01-30T23:05:12.243`)
* [CVE-2024-21585](CVE-2024/CVE-2024-215xx/CVE-2024-21585.json) (`2024-01-31T00:15:45.920`)
## Download and Usage