admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T00:55:25.245537+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 00:55:28 +00:00
parent 366a7a0cd6
commit 84ae97a83a
29 changed files with 1811 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2023/CVE-2023-368xx/CVE-2023-36851.json
View File

@ -2,12 +2,20 @@
"id": "CVE-2023-36851",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-09-27T15:18:54.877",
"lastModified": "2023-09-28T15:34:11.443",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-25T23:15:08.073",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-11-13",
"cisaActionDue": "2023-11-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n"
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\nintegrity\u00a0or confidentiality, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * \n\n21.2 versions prior to 21.2R3-S8;\n * 21.4 \n\nversions prior to \n\n21.4R3-S6;\n * 22.1 \n\nversions prior to \n\n22.1R3-S5;\n * 22.2 \n\nversions prior to \n\n22.2R3-S3;\n * 22.3 \n\nversions prior to \n\n22.3R3-S2;\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S2,\u00a023.2R2.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n faltante para funciones cr\u00edticas en Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado cause un impacto limitado en la integridad del sistema de archivos. Con una solicitud espec\u00edfica a webauth_operation.php que no requiere autenticaci\u00f3n, un atacante puede cargar archivos arbitrarios a trav\u00e9s de J-Web, lo que provoca una p\u00e9rdida de integridad de una determinada parte del sistema de archivos, lo que puede permitir el encadenamiento a otras vulnerabilidades. . Este problema afecta a Juniper Networks Junos OS en la serie SRX: * Versiones 22.4 anteriores a 22,4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R2."
}
],
"metrics": {

16
CVE-2023/CVE-2023-40xx/CVE-2023-4001.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4001",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T11:15:08.270",
"lastModified": "2024-01-25T20:15:37.510",
"lastModified": "2024-01-25T23:15:08.270",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 5.2
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},

8
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-22T15:15:08.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T23:15:08.487",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -67,6 +67,10 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257691",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-04xx/CVE-2024-0408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-22T15:15:08.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T23:15:08.590",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,10 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257689",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-04xx/CVE-2024-0409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-22T15:15:08.803",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-25T23:15:08.683",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,10 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257690",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"

88
CVE-2024/CVE-2024-08xx/CVE-2024-0889.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0889",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:08.790",
"lastModified": "2024-01-25T23:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252041",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252041",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-08xx/CVE-2024-0890.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0890",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.017",
"lastModified": "2024-01-25T23:15:09.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252042",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252042",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-08xx/CVE-2024-0891.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0891",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.250",
"lastModified": "2024-01-25T23:15:09.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252043",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252043",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2024/CVE-2024-216xx/CVE-2024-21617.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21617",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:50.230",
"lastModified": "2024-01-18T20:28:48.990",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-26T00:15:07.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).\n\nOn all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.\n\nThe memory usage can be monitored using the below commands.\n\nuser@host> show chassis routing-engine no-forwarding\nuser@host> show system memory | no-more\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S1, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2.\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 20.4R3-S7.\n\n\n\n"
"value": "\nAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).\n\nOn all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThe memory usage can be monitored using the below commands.\n\nuser@host> show chassis routing-engine no-forwarding\nuser@host> show system memory | no-more\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S1, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2.\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 20.4R3-S7.\n\n\n\n"
},
{
"lang": "es",

59
CVE-2024/CVE-2024-216xx/CVE-2024-21619.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21619",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-25T23:15:09.467",
"lastModified": "2024-01-25T23:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.\n\nWhen a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
},
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA76390",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2024/CVE-2024-216xx/CVE-2024-21620.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21620",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-25T23:15:09.680",
"lastModified": "2024-01-25T23:15:09.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.\n\nA specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S10;\n * 21.2 versions earlier than 21.2R3-S8;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3-S1;\n * 23.2 versions earlier than 23.2R2;\n * 23.4 versions earlier than 23.4R2.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA76390",
"source": "sirt@juniper.net"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23613.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23613",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.123",
"lastModified": "2024-01-26T00:15:08.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-execution",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23614.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23614",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.373",
"lastModified": "2024-01-26T00:15:08.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "NONE",
"baseScore": 9.4
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23615.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23615",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.627",
"lastModified": "2024-01-26T00:15:08.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23616.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23616",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.843",
"lastModified": "2024-01-26T00:15:08.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23617.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23617",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.060",
"lastModified": "2024-01-26T00:15:09.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23618.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23618",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.263",
"lastModified": "2024-01-26T00:15:09.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23619.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23619",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.470",
"lastModified": "2024-01-26T00:15:09.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23620.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23620",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.687",
"lastModified": "2024-01-26T00:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23621.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23621",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.957",
"lastModified": "2024-01-26T00:15:09.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-131"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23622.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23622",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.190",
"lastModified": "2024-01-26T00:15:10.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-131"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23624.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23624",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.397",
"lastModified": "2024-01-26T00:15:10.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23625.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23625",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.620",
"lastModified": "2024-01-26T00:15:10.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23626.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23626",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.820",
"lastModified": "2024-01-26T00:15:10.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the \u2018SaveSysLogParams\u2019 \nparameter of the Motorola MR2600. A remote attacker can exploit this \nvulnerability to achieve command execution. Authentication is required, \nhowever can be bypassed.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23627.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23627",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.037",
"lastModified": "2024-01-26T00:15:11.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv4params-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23628.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23628",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.273",
"lastModified": "2024-01-26T00:15:11.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23629.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23629",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.650",
"lastModified": "2024-01-26T00:15:11.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "NONE",
"baseScore": 7.8
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.5,
"impactScore": 9.2,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2024/CVE-2024-236xx/CVE-2024-23630.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-23630",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:12.187",
"lastModified": "2024-01-26T00:15:12.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

79
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-25T23:00:24.580846+00:00
2024-01-26T00:55:25.245537+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-25T22:20:11.087000+00:00
2024-01-26T00:15:12.187000+00:00
```
### Last Data Feed Release
@ -29,60 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236821
236843
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `22`
* [CVE-2023-52046](CVE-2023/CVE-2023-520xx/CVE-2023-52046.json) (`2024-01-25T21:15:08.730`)
* [CVE-2023-52251](CVE-2023/CVE-2023-522xx/CVE-2023-52251.json) (`2024-01-25T21:15:08.787`)
* [CVE-2023-51833](CVE-2023/CVE-2023-518xx/CVE-2023-51833.json) (`2024-01-25T22:15:07.737`)
* [CVE-2024-0884](CVE-2024/CVE-2024-08xx/CVE-2024-0884.json) (`2024-01-25T21:15:08.900`)
* [CVE-2024-0885](CVE-2024/CVE-2024-08xx/CVE-2024-0885.json) (`2024-01-25T21:15:09.117`)
* [CVE-2024-22635](CVE-2024/CVE-2024-226xx/CVE-2024-22635.json) (`2024-01-25T21:15:09.333`)
* [CVE-2024-22636](CVE-2024/CVE-2024-226xx/CVE-2024-22636.json) (`2024-01-25T21:15:09.380`)
* [CVE-2024-22637](CVE-2024/CVE-2024-226xx/CVE-2024-22637.json) (`2024-01-25T21:15:09.427`)
* [CVE-2024-22638](CVE-2024/CVE-2024-226xx/CVE-2024-22638.json) (`2024-01-25T21:15:09.470`)
* [CVE-2024-22639](CVE-2024/CVE-2024-226xx/CVE-2024-22639.json) (`2024-01-25T21:15:09.520`)
* [CVE-2024-24399](CVE-2024/CVE-2024-243xx/CVE-2024-24399.json) (`2024-01-25T21:15:09.563`)
* [CVE-2024-0886](CVE-2024/CVE-2024-08xx/CVE-2024-0886.json) (`2024-01-25T22:15:07.797`)
* [CVE-2024-0887](CVE-2024/CVE-2024-08xx/CVE-2024-0887.json) (`2024-01-25T22:15:08.067`)
* [CVE-2024-0888](CVE-2024/CVE-2024-08xx/CVE-2024-0888.json) (`2024-01-25T22:15:08.323`)
* [CVE-2024-22922](CVE-2024/CVE-2024-229xx/CVE-2024-22922.json) (`2024-01-25T22:15:08.567`)
* [CVE-2024-23055](CVE-2024/CVE-2024-230xx/CVE-2024-23055.json) (`2024-01-25T22:15:08.623`)
* [CVE-2024-0889](CVE-2024/CVE-2024-08xx/CVE-2024-0889.json) (`2024-01-25T23:15:08.790`)
* [CVE-2024-0890](CVE-2024/CVE-2024-08xx/CVE-2024-0890.json) (`2024-01-25T23:15:09.017`)
* [CVE-2024-0891](CVE-2024/CVE-2024-08xx/CVE-2024-0891.json) (`2024-01-25T23:15:09.250`)
* [CVE-2024-21619](CVE-2024/CVE-2024-216xx/CVE-2024-21619.json) (`2024-01-25T23:15:09.467`)
* [CVE-2024-21620](CVE-2024/CVE-2024-216xx/CVE-2024-21620.json) (`2024-01-25T23:15:09.680`)
* [CVE-2024-23613](CVE-2024/CVE-2024-236xx/CVE-2024-23613.json) (`2024-01-26T00:15:08.123`)
* [CVE-2024-23614](CVE-2024/CVE-2024-236xx/CVE-2024-23614.json) (`2024-01-26T00:15:08.373`)
* [CVE-2024-23615](CVE-2024/CVE-2024-236xx/CVE-2024-23615.json) (`2024-01-26T00:15:08.627`)
* [CVE-2024-23616](CVE-2024/CVE-2024-236xx/CVE-2024-23616.json) (`2024-01-26T00:15:08.843`)
* [CVE-2024-23617](CVE-2024/CVE-2024-236xx/CVE-2024-23617.json) (`2024-01-26T00:15:09.060`)
* [CVE-2024-23618](CVE-2024/CVE-2024-236xx/CVE-2024-23618.json) (`2024-01-26T00:15:09.263`)
* [CVE-2024-23619](CVE-2024/CVE-2024-236xx/CVE-2024-23619.json) (`2024-01-26T00:15:09.470`)
* [CVE-2024-23620](CVE-2024/CVE-2024-236xx/CVE-2024-23620.json) (`2024-01-26T00:15:09.687`)
* [CVE-2024-23621](CVE-2024/CVE-2024-236xx/CVE-2024-23621.json) (`2024-01-26T00:15:09.957`)
* [CVE-2024-23622](CVE-2024/CVE-2024-236xx/CVE-2024-23622.json) (`2024-01-26T00:15:10.190`)
* [CVE-2024-23624](CVE-2024/CVE-2024-236xx/CVE-2024-23624.json) (`2024-01-26T00:15:10.397`)
* [CVE-2024-23625](CVE-2024/CVE-2024-236xx/CVE-2024-23625.json) (`2024-01-26T00:15:10.620`)
* [CVE-2024-23626](CVE-2024/CVE-2024-236xx/CVE-2024-23626.json) (`2024-01-26T00:15:10.820`)
* [CVE-2024-23627](CVE-2024/CVE-2024-236xx/CVE-2024-23627.json) (`2024-01-26T00:15:11.037`)
* [CVE-2024-23628](CVE-2024/CVE-2024-236xx/CVE-2024-23628.json) (`2024-01-26T00:15:11.273`)
* [CVE-2024-23629](CVE-2024/CVE-2024-236xx/CVE-2024-23629.json) (`2024-01-26T00:15:11.650`)
* [CVE-2024-23630](CVE-2024/CVE-2024-236xx/CVE-2024-23630.json) (`2024-01-26T00:15:12.187`)
### CVEs modified in the last Commit
Recently modified CVEs: `83`
Recently modified CVEs: `6`
* [CVE-2022-3470](CVE-2022/CVE-2022-34xx/CVE-2022-3470.json) (`2024-01-25T21:45:07.293`)
* [CVE-2022-3458](CVE-2022/CVE-2022-34xx/CVE-2022-3458.json) (`2024-01-25T21:45:11.880`)
* [CVE-2022-47160](CVE-2022/CVE-2022-471xx/CVE-2022-47160.json) (`2024-01-25T22:19:32.117`)
* [CVE-2022-45845](CVE-2022/CVE-2022-458xx/CVE-2022-45845.json) (`2024-01-25T22:19:41.890`)
* [CVE-2023-38070](CVE-2023/CVE-2023-380xx/CVE-2023-38070.json) (`2024-01-25T21:01:28.467`)
* [CVE-2023-37269](CVE-2023/CVE-2023-372xx/CVE-2023-37269.json) (`2024-01-25T21:02:15.633`)
* [CVE-2023-48234](CVE-2023/CVE-2023-482xx/CVE-2023-48234.json) (`2024-01-25T21:33:46.273`)
* [CVE-2023-48235](CVE-2023/CVE-2023-482xx/CVE-2023-48235.json) (`2024-01-25T21:33:50.030`)
* [CVE-2023-48237](CVE-2023/CVE-2023-482xx/CVE-2023-48237.json) (`2024-01-25T21:33:53.757`)
* [CVE-2023-48232](CVE-2023/CVE-2023-482xx/CVE-2023-48232.json) (`2024-01-25T21:37:57.007`)
* [CVE-2023-48233](CVE-2023/CVE-2023-482xx/CVE-2023-48233.json) (`2024-01-25T21:38:16.670`)
* [CVE-2023-48236](CVE-2023/CVE-2023-482xx/CVE-2023-48236.json) (`2024-01-25T21:38:21.563`)
* [CVE-2023-41474](CVE-2023/CVE-2023-414xx/CVE-2023-41474.json) (`2024-01-25T21:52:01.053`)
* [CVE-2023-52355](CVE-2023/CVE-2023-523xx/CVE-2023-52355.json) (`2024-01-25T21:52:01.053`)
* [CVE-2023-52356](CVE-2023/CVE-2023-523xx/CVE-2023-52356.json) (`2024-01-25T21:52:01.053`)
* [CVE-2023-50614](CVE-2023/CVE-2023-506xx/CVE-2023-50614.json) (`2024-01-25T22:19:59.777`)
* [CVE-2024-21630](CVE-2024/CVE-2024-216xx/CVE-2024-21630.json) (`2024-01-25T21:52:01.053`)
* [CVE-2024-23655](CVE-2024/CVE-2024-236xx/CVE-2024-23655.json) (`2024-01-25T21:52:01.053`)
* [CVE-2024-23656](CVE-2024/CVE-2024-236xx/CVE-2024-23656.json) (`2024-01-25T21:52:01.053`)
* [CVE-2024-23817](CVE-2024/CVE-2024-238xx/CVE-2024-23817.json) (`2024-01-25T21:52:01.053`)
* [CVE-2024-0717](CVE-2024/CVE-2024-07xx/CVE-2024-0717.json) (`2024-01-25T22:18:53.987`)
* [CVE-2024-22563](CVE-2024/CVE-2024-225xx/CVE-2024-22563.json) (`2024-01-25T22:19:08.390`)
* [CVE-2024-0716](CVE-2024/CVE-2024-07xx/CVE-2024-0716.json) (`2024-01-25T22:19:20.307`)
* [CVE-2024-22422](CVE-2024/CVE-2024-224xx/CVE-2024-22422.json) (`2024-01-25T22:19:52.030`)
* [CVE-2024-22418](CVE-2024/CVE-2024-224xx/CVE-2024-22418.json) (`2024-01-25T22:20:11.087`)
* [CVE-2023-36851](CVE-2023/CVE-2023-368xx/CVE-2023-36851.json) (`2024-01-25T23:15:08.073`)
* [CVE-2023-4001](CVE-2023/CVE-2023-40xx/CVE-2023-4001.json) (`2024-01-25T23:15:08.270`)
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-25T23:15:08.487`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-25T23:15:08.590`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-25T23:15:08.683`)
* [CVE-2024-21617](CVE-2024/CVE-2024-216xx/CVE-2024-21617.json) (`2024-01-26T00:15:07.990`)
## Download and Usage