admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-22T21:00:26.033306+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-22 21:03:50 +00:00
parent a708cd5491
commit 84edbc501a
79 changed files with 2285 additions and 510 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2016/CVE-2016-23xx/CVE-2016-2386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-2386",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-02-16T15:59:00.133",
"lastModified": "2024-11-21T02:48:21.830",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:22:36.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2016/CVE-2016-23xx/CVE-2016-2388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-2388",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-02-16T15:59:02.103",
"lastModified": "2024-11-21T02:48:22.130",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:30:18.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

10
CVE-2016/CVE-2016-36xx/CVE-2016-3643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-3643",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-06-17T15:59:02.257",
"lastModified": "2024-11-21T02:50:26.667",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:30:35.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",

4
CVE-2016/CVE-2016-39xx/CVE-2016-3976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-3976",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-04-07T23:59:10.797",
"lastModified": "2024-11-21T02:51:04.187",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:30:26.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2016/CVE-2016-62xx/CVE-2016-6277.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-6277",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-12-14T16:59:00.350",
"lastModified": "2024-11-21T02:55:48.300",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:18:11.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2016/CVE-2016-85xx/CVE-2016-8562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-8562",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-11-18T21:59:02.033",
"lastModified": "2024-11-21T02:59:34.477",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:30:58.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2016/CVE-2016-95xx/CVE-2016-9563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-9563",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-11-23T02:59:06.370",
"lastModified": "2024-11-21T03:01:23.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:18:02.690",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-10002xx/CVE-2017-1000253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-1000253",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-10-05T01:29:04.790",
"lastModified": "2024-11-21T03:04:30.343",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:08:07.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-113xx/CVE-2017-11317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-11317",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-23T17:29:00.177",
"lastModified": "2024-11-21T03:07:32.483",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:07:47.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-113xx/CVE-2017-11357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-11357",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-23T17:29:00.227",
"lastModified": "2024-11-21T03:07:38.507",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:07:51.773",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-159xx/CVE-2017-15944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-15944",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-12-11T17:29:00.490",
"lastModified": "2024-11-21T03:15:30.397",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:08:32.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-166xx/CVE-2017-16651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-16651",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-11-09T14:29:00.267",
"lastModified": "2024-11-21T03:16:45.910",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:08:25.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-175xx/CVE-2017-17562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-17562",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-12-12T19:29:00.207",
"lastModified": "2024-11-21T03:18:10.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:08:37.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-55xx/CVE-2017-5521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-5521",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-17T09:59:00.333",
"lastModified": "2024-11-21T03:27:48.497",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:18:19.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-60xx/CVE-2017-6077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-6077",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-02-22T23:59:00.190",
"lastModified": "2024-11-21T03:29:02.863",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:18:26.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-63xx/CVE-2017-6316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-6316",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-07-20T04:29:00.423",
"lastModified": "2024-11-21T03:29:33.000",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:07:03.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-63xx/CVE-2017-6334.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-6334",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-03-06T02:59:00.433",
"lastModified": "2024-11-21T03:29:34.713",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:12:10.727",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-82xx/CVE-2017-8291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-8291",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-04-27T01:59:02.057",
"lastModified": "2024-11-21T03:33:42.733",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:12:16.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-92xx/CVE-2017-9248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-9248",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-07-03T19:29:00.270",
"lastModified": "2024-11-21T03:35:40.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:17:31.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2017/CVE-2017-98xx/CVE-2017-9841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-9841",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-06-27T17:29:00.177",
"lastModified": "2024-11-21T03:36:57.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:12:20.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

22
CVE-2022/CVE-2022-423xx/CVE-2022-42336.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42336",
"sourceIdentifier": "security@xen.org",
"published": "2023-05-17T01:15:09.480",
"lastModified": "2024-11-21T07:24:46.820",
"lastModified": "2025-01-22T20:15:29.313",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},

32
CVE-2022/CVE-2022-451xx/CVE-2022-45144.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T01:15:09.660",
"lastModified": "2024-11-21T07:28:50.627",
"lastModified": "2025-01-22T20:15:29.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-19xx/CVE-2023-1972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1972",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T22:15:10.827",
"lastModified": "2024-11-21T07:40:15.520",
"lastModified": "2025-01-22T20:15:29.807",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},

22
CVE-2023/CVE-2023-22xx/CVE-2023-2203.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2203",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T22:15:10.943",
"lastModified": "2024-11-21T07:58:08.863",
"lastModified": "2025-01-22T20:15:30.390",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

22
CVE-2023/CVE-2023-22xx/CVE-2023-2295.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2295",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T23:15:09.250",
"lastModified": "2024-11-21T07:58:19.840",
"lastModified": "2025-01-22T19:15:08.283",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2023/CVE-2023-23xx/CVE-2023-2319.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2319",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T23:15:09.313",
"lastModified": "2024-11-21T07:58:22.820",
"lastModified": "2025-01-22T19:15:09.283",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

22
CVE-2023/CVE-2023-24xx/CVE-2023-2491.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2491",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T22:15:10.997",
"lastModified": "2024-11-21T07:58:43.033",
"lastModified": "2025-01-22T19:15:09.470",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

32
CVE-2023/CVE-2023-272xx/CVE-2023-27233.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T20:15:09.933",
"lastModified": "2024-11-21T07:52:29.817",
"lastModified": "2025-01-22T20:15:29.997",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-27xx/CVE-2023-2731.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2731",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T22:15:11.047",
"lastModified": "2024-11-21T07:59:11.173",
"lastModified": "2025-01-22T19:15:09.643",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

32
CVE-2023/CVE-2023-298xx/CVE-2023-29837.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T20:15:10.280",
"lastModified": "2024-11-21T07:57:33.933",
"lastModified": "2025-01-22T20:15:30.200",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

78
CVE-2024/CVE-2024-111xx/CVE-2024-11166.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-11166",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-22T19:15:09.890",
"lastModified": "2025-01-22T19:15:09.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-15"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

84
CVE-2024/CVE-2024-14xx/CVE-2024-1497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1497",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:23.547",
"lastModified": "2024-11-21T08:50:42.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T21:00:03.030",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.10.31",
"matchCriteriaId": "98554FEB-F35E-46DB-9429-E8841DF824A7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php#L1219",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php#L1219",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-14xx/CVE-2024-1499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1499",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:23.723",
"lastModified": "2024-11-21T08:50:42.720",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:58:15.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.10.31",
"matchCriteriaId": "98554FEB-F35E-46DB-9429-E8841DF824A7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1037",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1037",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-15xx/CVE-2024-1505.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1505",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:23.893",
"lastModified": "2024-11-21T08:50:43.523",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:57:20.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.20",
"matchCriteriaId": "7AFAFC9F-C68B-49FA-9465-F7AE2395CD3B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3037880/academy#file473",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-15xx/CVE-2024-1535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1535",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:24.090",
"lastModified": "2024-11-21T08:50:46.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T20:53:46.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.15.3",
"matchCriteriaId": "3FD5572B-90EE-4FD7-8F0C-4974CF3AE66C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L952",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3047008/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L952",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3047008/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-18xx/CVE-2024-1854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1854",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:27.717",
"lastModified": "2024-11-21T08:51:27.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T20:04:10.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.5.2",
"matchCriteriaId": "20E79189-3633-4F96-90CA-785E568D2374"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-20xx/CVE-2024-2028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2028",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:31.233",
"lastModified": "2024-11-21T09:08:52.443",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:51:56.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exclusiveaddons:exclusive_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.9.1",
"matchCriteriaId": "74B3CC99-A814-4BC3-ABCC-447040EA6600"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2024/CVE-2024-21xx/CVE-2024-2106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2106",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:31.703",
"lastModified": "2024-11-21T09:09:02.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:48:46.947",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,41 +36,115 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.11",
"matchCriteriaId": "D558E082-D6F6-4FDD-95F0-D2F3A662A10D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2126",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:31.867",
"lastModified": "2024-11-21T09:09:05.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T19:40:23.033",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.10.33",
"matchCriteriaId": "14ACAC09-41E1-4C87-B9FE-275217EDD058"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3046442/themeisle-companion",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3046442/themeisle-companion",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-282xx/CVE-2024-28240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28240",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-25T17:15:49.010",
"lastModified": "2024-11-21T09:06:04.470",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:17:23.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,24 +69,64 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2",
"matchCriteriaId": "1655019E-8DC6-4FE3-8F15-6A6B58B748EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-282xx/CVE-2024-28241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28241",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-25T17:15:49.200",
"lastModified": "2024-11-21T09:06:04.617",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:12:19.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,24 +69,64 @@
"value": "CWE-269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2",
"matchCriteriaId": "1655019E-8DC6-4FE3-8F15-6A6B58B748EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-327xx/CVE-2024-32721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32721",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T10:15:06.527",
"lastModified": "2024-11-21T09:15:33.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:29:07.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.4",
"matchCriteriaId": "6AFBE321-177F-4D98-AFCD-FE8095046948"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-327xx/CVE-2024-32782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.673",
"lastModified": "2024-11-21T09:15:42.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T20:34:45.757",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.8",
"matchCriteriaId": "63CB316A-F8DF-44E5-BF56-DE725ACE8A27"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-4-7-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-4-7-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-327xx/CVE-2024-32785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32785",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.793",
"lastModified": "2024-11-21T09:15:43.027",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:26:59.490",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-352"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webangon:the_pack_elementor_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.8.4",
"matchCriteriaId": "3F0D6A62-40B1-430C-ACD6-7F1483E85066"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-8-3-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-8-3-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-327xx/CVE-2024-32793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32793",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T15:15:47.157",
"lastModified": "2024-11-21T09:15:44.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-22T20:20:20.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0",
"matchCriteriaId": "056698AA-9625-4637-B733-41DE0235F5E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-33xx/CVE-2024-3343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3343",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-11T11:15:48.647",
"lastModified": "2024-11-21T09:29:25.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T19:10:44.697",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:otter_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.9",
"matchCriteriaId": "7B0E5845-862D-4DF9-9124-D09FDD0BA0E0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3068495/otter-blocks",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67981160-6c91-48a4-ba1c-68204d538ed6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3068495/otter-blocks",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67981160-6c91-48a4-ba1c-68204d538ed6?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-33xx/CVE-2024-3344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3344",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-11T11:15:48.820",
"lastModified": "2024-11-21T09:29:25.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-22T19:08:18.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:otter_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.9",
"matchCriteriaId": "7B0E5845-862D-4DF9-9124-D09FDD0BA0E0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3068495/otter-blocks",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db836f4b-d31f-4442-89a5-1a400525c598?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3068495/otter-blocks",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db836f4b-d31f-4442-89a5-1a400525c598?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-454xx/CVE-2024-45478.json
View File

@ -2,20 +2,47 @@
"id": "CVE-2024-45478",
"sourceIdentifier": "security@apache.org",
"published": "2025-01-21T22:15:12.137",
"lastModified": "2025-01-21T22:15:12.137",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.113",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.\nUsers are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS almacenado en la p\u00e1gina de edici\u00f3n de servicios de la interfaz de usuario de Apache Ranger en la versi\u00f3n 2.4.0 de Apache Ranger. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.5.0 de Apache Ranger, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

24
CVE-2024/CVE-2024-517xx/CVE-2024-51734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51734",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-04T23:15:05.213",
"lastModified": "2024-11-05T20:35:26.167",
"lastModified": "2025-01-22T20:15:30.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,28 +59,6 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"baseScore": 0.0,
"baseSeverity": "NONE",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
}
]
},
"weaknesses": [

21
CVE-2024/CVE-2024-569xx/CVE-2024-56914.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-56914",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T20:15:30.737",
"lastModified": "2025-01-22T20:15:30.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/2664521593/mycve/blob/main/BOF_in_D-Link_DSL-3782_1.pdf",
"source": "cve@mitre.org"
}
]
}

78
CVE-2024/CVE-2024-93xx/CVE-2024-9310.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-9310",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-22T19:15:10.277",
"lastModified": "2025-01-22T19:15:10.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-807"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

25
CVE-2025/CVE-2025-06xx/CVE-2025-0611.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-0611",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-01-22T20:15:30.860",
"lastModified": "2025-01-22T20:15:30.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/386143468",
"source": "chrome-cve-admin@google.com"
}
]
}

25
CVE-2025/CVE-2025-06xx/CVE-2025-0612.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-0612",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-01-22T20:15:30.957",
"lastModified": "2025-01-22T20:15:30.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/385155406",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2025/CVE-2025-06xx/CVE-2025-0625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0625",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-22T02:15:31.123",
"lastModified": "2025-01-22T02:15:31.123",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.397",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://www.campcodes.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

22
CVE-2025/CVE-2025-215xx/CVE-2025-21505.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21505",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:15.573",
"lastModified": "2025-01-21T21:15:15.573",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Components Services). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21506.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21506",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:15.707",
"lastModified": "2025-01-21T21:15:15.707",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.643",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Project Foundation de Oracle E-Business Suite (componente: Technology Foundation). Las versiones compatibles afectadas son 12.2.3-12.2.13. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Project Foundation. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle Project Foundation, as\u00ed como el acceso no autorizado a datos cr\u00edticos o al acceso completo a todos los datos accesibles de Oracle Project Foundation. Puntuaci\u00f3n base CVSS 3.1: 8,1 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21508.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21508",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:15.973",
"lastModified": "2025-01-21T21:15:15.973",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son anteriores a la 9.2.9.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP ponga en peligro JD Edwards EnterpriseOne Tools. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo repetitivo frecuente (DOS completo) de JD Edwards EnterpriseOne Tools. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21516.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21516",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.030",
"lastModified": "2025-01-21T21:15:17.030",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customer Care. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Care accessible data as well as unauthorized access to critical data or complete access to all Oracle Customer Care accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Customer Care de Oracle E-Business Suite (componente: Solicitudes de servicio). Las versiones compatibles afectadas son 12.2.5-12.2.13. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Customer Care. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle Customer Care, as\u00ed como el acceso no autorizado a datos cr\u00edticos o al acceso completo a todos los datos accesibles de Oracle Customer Care. Puntuaci\u00f3n base CVSS 3.1: 8,1 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21517.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21517",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.157",
"lastModified": "2025-01-21T21:15:17.157",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:10.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son anteriores a la 9.2.9.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa JD Edwards EnterpriseOne Tools. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de JD Edwards EnterpriseOne Tools. Puntuaci\u00f3n base de CVSS 3.1: 4,3 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21518.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21518",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.290",
"lastModified": "2025-01-21T21:15:17.290",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21519.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21519",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.407",
"lastModified": "2025-01-21T21:15:17.407",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Security: Privileges). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que es dif\u00edcil de explotar, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo repetitivo frecuente (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21520.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21520",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.537",
"lastModified": "2025-01-21T21:15:17.537",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Options). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que es dif\u00edcil de explotar, permite que un atacante con privilegios elevados y que inicie sesi\u00f3n en la infraestructura donde se ejecuta MySQL Server pueda comprometer MySQL Server. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. Puntuaci\u00f3n base CVSS 3.1 1.8 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21521.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21521",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.663",
"lastModified": "2025-01-21T21:15:17.663",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.457",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Thread Pooling). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21522.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21522",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:17.797",
"lastModified": "2025-01-21T21:15:17.797",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Parser). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21525.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21525",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:18.210",
"lastModified": "2025-01-21T21:15:18.210",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DDL). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21531.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21531",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:18.980",
"lastModified": "2025-01-21T21:15:18.980",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.807",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21533.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21533",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.240",
"lastModified": "2025-01-21T21:15:19.240",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:11.927",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles afectadas son anteriores a la 7.0.24 y a la 7.1.6. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios que inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox ponga en peligro Oracle VM VirtualBox. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle VM VirtualBox. Puntuaci\u00f3n base de CVSS 3.1: 5,5 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21534.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21534",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.363",
"lastModified": "2025-01-21T21:15:19.363",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Performance Schema). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21535.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21535",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.477",
"lastModified": "2025-01-21T21:15:19.477",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles afectadas son 12.2.1.4.0 y 14.1.1.0.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP ponga en peligro Oracle WebLogic Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la toma de control de Oracle WebLogic Server. Puntuaci\u00f3n base CVSS 3.1: 9,8 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21536.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21536",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.613",
"lastModified": "2025-01-21T21:15:19.613",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.263",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21537.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21537",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.760",
"lastModified": "2025-01-21T21:15:19.760",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.373",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Cash Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto PeopleSoft Enterprise FIN Cash Management de Oracle PeopleSoft (componente: Cash Management). La versi\u00f3n compatible afectada es la 9.2. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa PeopleSoft Enterprise FIN Cash Management. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de PeopleSoft Enterprise FIN Cash Management, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise FIN Cash Management. Puntuaci\u00f3n base de CVSS 3.1: 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21538.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21538",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:19.887",
"lastModified": "2025-01-21T21:15:19.887",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.490",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son anteriores a la 9.2.9.2. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP ponga en peligro JD Edwards EnterpriseOne Tools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Tools, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de JD Edwards EnterpriseOne Tools, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Tools. Puntuaci\u00f3n base de CVSS 3.1: 6,1 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21539.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21539",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:20.023",
"lastModified": "2025-01-21T21:15:20.023",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN eSettlements. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN eSettlements accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN eSettlements accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto PeopleSoft Enterprise FIN eSettlements de Oracle PeopleSoft (componente: eSettlements). La versi\u00f3n compatible afectada es la 9.2. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa PeopleSoft Enterprise FIN eSettlements. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado el acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos de los datos accesibles de PeopleSoft Enterprise FIN eSettlements, as\u00ed como el acceso no autorizado a un subconjunto de los datos accesibles de PeopleSoft Enterprise FIN eSettlements. Puntuaci\u00f3n base de CVSS 3.1: 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21540.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21540",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:20.153",
"lastModified": "2025-01-21T21:15:20.153",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.713",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Security: Privileges). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de MySQL Server, as\u00ed como un acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. Puntuaci\u00f3n base CVSS 3.1 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21541.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21541",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:20.287",
"lastModified": "2025-01-21T21:15:20.287",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.827",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Workflow de Oracle E-Business Suite (componente: Admin Screens and Grants UI). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Workflow. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Workflow, as\u00ed como un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Workflow. Puntuaci\u00f3n base CVSS 3.1 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21542.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21542",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:20.420",
"lastModified": "2025-01-21T21:15:20.420",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:12.943",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Communications Order and Service Management de Oracle Communications Applications (componente: Seguridad). Las versiones compatibles afectadas son 7.4.0, 7.4.1 y 7.5.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle Communications Order and Service Management. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de Oracle Communications Order and Service Management, as\u00ed como un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Order and Service Management y la capacidad no autorizada de provocar una denegaci\u00f3n parcial de servicio (DOS parcial) de Oracle Communications Order and Service Management. Puntuaci\u00f3n base de CVSS 3.1: 6,3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

22
CVE-2025/CVE-2025-215xx/CVE-2025-21543.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2025-21543",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:20.550",
"lastModified": "2025-01-21T21:15:20.550",
"vulnStatus": "Received",
"lastModified": "2025-01-22T19:15:13.060",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Packaging). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",

80
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-22T19:00:26.262278+00:00
2025-01-22T21:00:26.033306+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-22T18:53:08.023000+00:00
2025-01-22T21:00:03.030000+00:00
```
### Last Data Feed Release
@ -33,59 +33,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
278610
278615
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `5`
- [CVE-2024-51457](CVE-2024/CVE-2024-514xx/CVE-2024-51457.json) (`2025-01-22T17:15:12.390`)
- [CVE-2024-55957](CVE-2024/CVE-2024-559xx/CVE-2024-55957.json) (`2025-01-22T18:15:20.237`)
- [CVE-2025-0651](CVE-2025/CVE-2025-06xx/CVE-2025-0651.json) (`2025-01-22T18:15:20.363`)
- [CVE-2025-20128](CVE-2025/CVE-2025-201xx/CVE-2025-20128.json) (`2025-01-22T17:15:12.583`)
- [CVE-2025-20156](CVE-2025/CVE-2025-201xx/CVE-2025-20156.json) (`2025-01-22T17:15:12.800`)
- [CVE-2025-20165](CVE-2025/CVE-2025-201xx/CVE-2025-20165.json) (`2025-01-22T17:15:13.010`)
- [CVE-2025-23028](CVE-2025/CVE-2025-230xx/CVE-2025-23028.json) (`2025-01-22T17:15:13.487`)
- [CVE-2025-23047](CVE-2025/CVE-2025-230xx/CVE-2025-23047.json) (`2025-01-22T18:15:21.893`)
- [CVE-2025-24397](CVE-2025/CVE-2025-243xx/CVE-2025-24397.json) (`2025-01-22T17:15:13.670`)
- [CVE-2025-24398](CVE-2025/CVE-2025-243xx/CVE-2025-24398.json) (`2025-01-22T17:15:13.760`)
- [CVE-2025-24399](CVE-2025/CVE-2025-243xx/CVE-2025-24399.json) (`2025-01-22T17:15:13.853`)
- [CVE-2025-24400](CVE-2025/CVE-2025-244xx/CVE-2025-24400.json) (`2025-01-22T17:15:13.943`)
- [CVE-2025-24401](CVE-2025/CVE-2025-244xx/CVE-2025-24401.json) (`2025-01-22T17:15:14.027`)
- [CVE-2025-24402](CVE-2025/CVE-2025-244xx/CVE-2025-24402.json) (`2025-01-22T17:15:14.123`)
- [CVE-2025-24403](CVE-2025/CVE-2025-244xx/CVE-2025-24403.json) (`2025-01-22T17:15:14.220`)
- [CVE-2024-11166](CVE-2024/CVE-2024-111xx/CVE-2024-11166.json) (`2025-01-22T19:15:09.890`)
- [CVE-2024-56914](CVE-2024/CVE-2024-569xx/CVE-2024-56914.json) (`2025-01-22T20:15:30.737`)
- [CVE-2024-9310](CVE-2024/CVE-2024-93xx/CVE-2024-9310.json) (`2025-01-22T19:15:10.277`)
- [CVE-2025-0611](CVE-2025/CVE-2025-06xx/CVE-2025-0611.json) (`2025-01-22T20:15:30.860`)
- [CVE-2025-0612](CVE-2025/CVE-2025-06xx/CVE-2025-0612.json) (`2025-01-22T20:15:30.957`)
### CVEs modified in the last Commit
Recently modified CVEs: `127`
Recently modified CVEs: `72`
- [CVE-2024-47392](CVE-2024/CVE-2024-473xx/CVE-2024-47392.json) (`2025-01-22T18:25:37.310`)
- [CVE-2024-4774](CVE-2024/CVE-2024-47xx/CVE-2024-4774.json) (`2025-01-22T17:56:00.637`)
- [CVE-2024-49724](CVE-2024/CVE-2024-497xx/CVE-2024-49724.json) (`2025-01-22T18:15:19.813`)
- [CVE-2024-49732](CVE-2024/CVE-2024-497xx/CVE-2024-49732.json) (`2025-01-22T18:15:19.960`)
- [CVE-2024-49733](CVE-2024/CVE-2024-497xx/CVE-2024-49733.json) (`2025-01-22T18:15:20.100`)
- [CVE-2024-49734](CVE-2024/CVE-2024-497xx/CVE-2024-49734.json) (`2025-01-22T17:15:12.253`)
- [CVE-2024-50453](CVE-2024/CVE-2024-504xx/CVE-2024-50453.json) (`2025-01-22T18:29:43.147`)
- [CVE-2024-53808](CVE-2024/CVE-2024-538xx/CVE-2024-53808.json) (`2025-01-22T18:04:55.013`)
- [CVE-2024-56252](CVE-2024/CVE-2024-562xx/CVE-2024-56252.json) (`2025-01-22T17:44:01.447`)
- [CVE-2024-56254](CVE-2024/CVE-2024-562xx/CVE-2024-56254.json) (`2025-01-22T17:44:38.787`)
- [CVE-2024-56266](CVE-2024/CVE-2024-562xx/CVE-2024-56266.json) (`2025-01-22T17:48:32.873`)
- [CVE-2024-57160](CVE-2024/CVE-2024-571xx/CVE-2024-57160.json) (`2025-01-22T17:15:20.300`)
- [CVE-2024-57161](CVE-2024/CVE-2024-571xx/CVE-2024-57161.json) (`2025-01-22T17:15:14.067`)
- [CVE-2024-57769](CVE-2024/CVE-2024-577xx/CVE-2024-57769.json) (`2025-01-22T17:07:20.067`)
- [CVE-2024-57770](CVE-2024/CVE-2024-577xx/CVE-2024-57770.json) (`2025-01-22T17:07:27.687`)
- [CVE-2024-57775](CVE-2024/CVE-2024-577xx/CVE-2024-57775.json) (`2025-01-22T17:07:33.500`)
- [CVE-2025-21529](CVE-2025/CVE-2025-215xx/CVE-2025-21529.json) (`2025-01-22T18:15:20.530`)
- [CVE-2025-21530](CVE-2025/CVE-2025-215xx/CVE-2025-21530.json) (`2025-01-22T18:15:20.687`)
- [CVE-2025-21532](CVE-2025/CVE-2025-215xx/CVE-2025-21532.json) (`2025-01-22T18:15:20.840`)
- [CVE-2025-21544](CVE-2025/CVE-2025-215xx/CVE-2025-21544.json) (`2025-01-22T18:15:20.993`)
- [CVE-2025-21545](CVE-2025/CVE-2025-215xx/CVE-2025-21545.json) (`2025-01-22T18:15:21.117`)
- [CVE-2025-21546](CVE-2025/CVE-2025-215xx/CVE-2025-21546.json) (`2025-01-22T18:15:21.270`)
- [CVE-2025-21547](CVE-2025/CVE-2025-215xx/CVE-2025-21547.json) (`2025-01-22T18:15:21.433`)
- [CVE-2025-21548](CVE-2025/CVE-2025-215xx/CVE-2025-21548.json) (`2025-01-22T18:15:21.583`)
- [CVE-2025-21549](CVE-2025/CVE-2025-215xx/CVE-2025-21549.json) (`2025-01-22T18:15:21.740`)
- [CVE-2024-51734](CVE-2024/CVE-2024-517xx/CVE-2024-51734.json) (`2025-01-22T20:15:30.610`)
- [CVE-2025-0625](CVE-2025/CVE-2025-06xx/CVE-2025-0625.json) (`2025-01-22T19:15:10.397`)
- [CVE-2025-21505](CVE-2025/CVE-2025-215xx/CVE-2025-21505.json) (`2025-01-22T19:15:10.520`)
- [CVE-2025-21506](CVE-2025/CVE-2025-215xx/CVE-2025-21506.json) (`2025-01-22T19:15:10.643`)
- [CVE-2025-21508](CVE-2025/CVE-2025-215xx/CVE-2025-21508.json) (`2025-01-22T19:15:10.767`)
- [CVE-2025-21516](CVE-2025/CVE-2025-215xx/CVE-2025-21516.json) (`2025-01-22T19:15:10.880`)
- [CVE-2025-21517](CVE-2025/CVE-2025-215xx/CVE-2025-21517.json) (`2025-01-22T19:15:10.990`)
- [CVE-2025-21518](CVE-2025/CVE-2025-215xx/CVE-2025-21518.json) (`2025-01-22T19:15:11.100`)
- [CVE-2025-21519](CVE-2025/CVE-2025-215xx/CVE-2025-21519.json) (`2025-01-22T19:15:11.213`)
- [CVE-2025-21520](CVE-2025/CVE-2025-215xx/CVE-2025-21520.json) (`2025-01-22T19:15:11.340`)
- [CVE-2025-21521](CVE-2025/CVE-2025-215xx/CVE-2025-21521.json) (`2025-01-22T19:15:11.457`)
- [CVE-2025-21522](CVE-2025/CVE-2025-215xx/CVE-2025-21522.json) (`2025-01-22T19:15:11.577`)
- [CVE-2025-21525](CVE-2025/CVE-2025-215xx/CVE-2025-21525.json) (`2025-01-22T19:15:11.697`)
- [CVE-2025-21531](CVE-2025/CVE-2025-215xx/CVE-2025-21531.json) (`2025-01-22T19:15:11.807`)
- [CVE-2025-21533](CVE-2025/CVE-2025-215xx/CVE-2025-21533.json) (`2025-01-22T19:15:11.927`)
- [CVE-2025-21534](CVE-2025/CVE-2025-215xx/CVE-2025-21534.json) (`2025-01-22T19:15:12.040`)
- [CVE-2025-21535](CVE-2025/CVE-2025-215xx/CVE-2025-21535.json) (`2025-01-22T19:15:12.150`)
- [CVE-2025-21536](CVE-2025/CVE-2025-215xx/CVE-2025-21536.json) (`2025-01-22T19:15:12.263`)
- [CVE-2025-21537](CVE-2025/CVE-2025-215xx/CVE-2025-21537.json) (`2025-01-22T19:15:12.373`)
- [CVE-2025-21538](CVE-2025/CVE-2025-215xx/CVE-2025-21538.json) (`2025-01-22T19:15:12.490`)
- [CVE-2025-21539](CVE-2025/CVE-2025-215xx/CVE-2025-21539.json) (`2025-01-22T19:15:12.600`)
- [CVE-2025-21540](CVE-2025/CVE-2025-215xx/CVE-2025-21540.json) (`2025-01-22T19:15:12.713`)
- [CVE-2025-21541](CVE-2025/CVE-2025-215xx/CVE-2025-21541.json) (`2025-01-22T19:15:12.827`)
- [CVE-2025-21542](CVE-2025/CVE-2025-215xx/CVE-2025-21542.json) (`2025-01-22T19:15:12.943`)
- [CVE-2025-21543](CVE-2025/CVE-2025-215xx/CVE-2025-21543.json) (`2025-01-22T19:15:13.060`)
## Download and Usage

433
_state.csv
View File

File diff suppressed because it is too large Load Diff