admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-21T09:02:08.898797+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-21 09:02:12 +00:00
parent e374ab0221
commit 8508eaaf42
45 changed files with 1517 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2023/CVE-2023-428xx/CVE-2023-42823.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-42823",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.540",
"lastModified": "2024-02-21T07:15:47.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-428xx/CVE-2023-42834.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-42834",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.977",
"lastModified": "2024-02-21T07:15:47.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42835.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42835",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.167",
"lastModified": "2024-02-21T07:15:48.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42836.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42836",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.333",
"lastModified": "2024-02-21T07:15:48.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42838.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42838",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.543",
"lastModified": "2024-02-21T07:15:48.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214037",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42839.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42839",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.633",
"lastModified": "2024-02-21T07:15:48.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42840.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42840",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.767",
"lastModified": "2024-02-21T07:15:48.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-428xx/CVE-2023-42843.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42843",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.940",
"lastModified": "2024-02-21T07:15:48.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213986",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-428xx/CVE-2023-42848.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-42848",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.113",
"lastModified": "2024-02-21T07:15:49.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42853.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42853",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.273",
"lastModified": "2024-02-21T07:15:49.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42855.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42855",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.460",
"lastModified": "2024-02-21T07:15:49.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42858.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.533",
"lastModified": "2024-02-21T07:15:49.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42859.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42859",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.670",
"lastModified": "2024-02-21T07:15:49.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42860.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.827",
"lastModified": "2024-02-21T07:15:49.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-428xx/CVE-2023-42873.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-42873",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.997",
"lastModified": "2024-02-21T07:15:49.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42877.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42877",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.173",
"lastModified": "2024-02-21T07:15:50.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42878.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42878",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.357",
"lastModified": "2024-02-21T07:15:50.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-428xx/CVE-2023-42889.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42889",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.453",
"lastModified": "2024-02-21T07:15:50.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42928.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42928",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.603",
"lastModified": "2024-02-21T07:15:50.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42939.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42939",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.767",
"lastModified": "2024-02-21T07:15:50.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-429xx/CVE-2023-42942.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-42942",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.963",
"lastModified": "2024-02-21T07:15:50.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213985",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42945.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42945",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.140",
"lastModified": "2024-02-21T07:15:51.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-429xx/CVE-2023-42946.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42946",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.307",
"lastModified": "2024-02-21T07:15:51.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-429xx/CVE-2023-42951.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42951",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.363",
"lastModified": "2024-02-21T07:15:51.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-429xx/CVE-2023-42952.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42952",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.510",
"lastModified": "2024-02-21T07:15:51.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213983",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214038",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-429xx/CVE-2023-42953.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-42953",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.717",
"lastModified": "2024-02-21T07:15:51.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213982",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213984",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213987",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213988",
"source": "product-security@apple.com"
}
]
}

8
CVE-2023/CVE-2023-460xx/CVE-2023-46045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46045",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T06:15:45.123",
"lastModified": "2024-02-10T04:06:57.840",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-21T07:15:51.880",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -70,6 +70,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/24",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/graphviz/graphviz/-/issues/2441",
"source": "cve@mitre.org",

36
CVE-2023/CVE-2023-524xx/CVE-2023-52440.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52440",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.203",
"lastModified": "2024-02-21T08:15:45.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-524xx/CVE-2023-52441.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52441",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.463",
"lastModified": "2024-02-21T08:15:45.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-524xx/CVE-2023-52442.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52442",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.547",
"lastModified": "2024-02-21T08:15:45.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in compound request\n\n`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()\nwill always return the first request smb2 header in a compound request.\nif `SMB2_TREE_CONNECT_HE` is the first command in compound request, will\nreturn 0, i.e. The tree id check is skipped.\nThis patch use ksmbd_req_buf_next() to get current command in compound."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

47
CVE-2024/CVE-2024-05xx/CVE-2024-0593.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-0593",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:52.520",
"lastModified": "2024-02-21T07:15:52.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-10xx/CVE-2024-1081.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1081",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:53.183",
"lastModified": "2024-02-21T07:15:53.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038174%40interactive-3d-flipbook-powered-physics-engine&new=3038174%40interactive-3d-flipbook-powered-physics-engine&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve",
"source": "security@wordfence.com"
}
]
}

73
CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-02-11T06:15:11.833",
"lastModified": "2024-02-21T07:15:53.630",
"vulnStatus": "Modified",
"cisaExploitAdd": "2024-01-23",
"cisaActionDue": "2024-02-13",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited."
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited."
},
{
"lang": "es",
@ -128,71 +128,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/6",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com",
@ -248,6 +183,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214070",
"source": "product-security@apple.com"
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24798.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24798",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T08:15:45.610",
"lastModified": "2024-02-21T08:15:45.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/debug/wordpress-debug-plugin-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24802.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24802",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T08:15:46.027",
"lastModified": "2024-02-21T08:15:46.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jtrt-responsive-tables/wordpress-jtrt-responsive-tables-plugin-4-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2024/CVE-2024-248xx/CVE-2024-24837.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24837",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T08:15:46.277",
"lastModified": "2024-02-21T08:15:46.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce, Fr\u00e9d\u00e9ric GILLES FG Drupal to WordPress, Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24843.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24843",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:54.413",
"lastModified": "2024-02-21T07:15:54.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-10-8-csrf-leading-to-plugin-settings-change-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24849.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24849",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:55.140",
"lastModified": "2024-02-21T07:15:55.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24872.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24872",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:55.780",
"lastModified": "2024-02-21T07:15:55.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24876.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24876",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:56.193",
"lastModified": "2024-02-21T07:15:56.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/admin-menu-editor/wordpress-admin-menu-editor-plugin-1-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-259xx/CVE-2024-25904.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25904",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:56.863",
"lastModified": "2024-02-21T07:15:56.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tinymce-and-tinymce-advanced-professsional-formats-and-styles/wordpress-tinymce-and-tinymce-advanced-professsional-formats-and-styles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-259xx/CVE-2024-25905.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25905",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-21T07:15:57.410",
"lastModified": "2024-02-21T07:15:57.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2024/CVE-2024-259xx/CVE-2024-25973.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25973",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-02-20T08:15:07.717",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-02-21T07:15:58.040",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/23",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
},
{
"url": "https://r.sec-consult.com/openolat",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"

6
CVE-2024/CVE-2024-259xx/CVE-2024-25974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25974",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-02-20T08:15:07.823",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-02-21T07:15:58.427",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/23",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
},
{
"url": "https://r.sec-consult.com/openolat",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-21T07:00:24.360062+00:00
2024-02-21T09:02:08.898797+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-21T05:15:08.880000+00:00
2024-02-21T08:15:46.277000+00:00
```
### Last Data Feed Release
@ -29,21 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239046
239086
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `40`
* [CVE-2024-22235](CVE-2024/CVE-2024-222xx/CVE-2024-22235.json) (`2024-02-21T05:15:08.880`)
* [CVE-2023-42877](CVE-2023/CVE-2023-428xx/CVE-2023-42877.json) (`2024-02-21T07:15:50.173`)
* [CVE-2023-42878](CVE-2023/CVE-2023-428xx/CVE-2023-42878.json) (`2024-02-21T07:15:50.357`)
* [CVE-2023-42889](CVE-2023/CVE-2023-428xx/CVE-2023-42889.json) (`2024-02-21T07:15:50.453`)
* [CVE-2023-42928](CVE-2023/CVE-2023-429xx/CVE-2023-42928.json) (`2024-02-21T07:15:50.603`)
* [CVE-2023-42939](CVE-2023/CVE-2023-429xx/CVE-2023-42939.json) (`2024-02-21T07:15:50.767`)
* [CVE-2023-42942](CVE-2023/CVE-2023-429xx/CVE-2023-42942.json) (`2024-02-21T07:15:50.963`)
* [CVE-2023-42945](CVE-2023/CVE-2023-429xx/CVE-2023-42945.json) (`2024-02-21T07:15:51.140`)
* [CVE-2023-42946](CVE-2023/CVE-2023-429xx/CVE-2023-42946.json) (`2024-02-21T07:15:51.307`)
* [CVE-2023-42951](CVE-2023/CVE-2023-429xx/CVE-2023-42951.json) (`2024-02-21T07:15:51.363`)
* [CVE-2023-42952](CVE-2023/CVE-2023-429xx/CVE-2023-42952.json) (`2024-02-21T07:15:51.510`)
* [CVE-2023-42953](CVE-2023/CVE-2023-429xx/CVE-2023-42953.json) (`2024-02-21T07:15:51.717`)
* [CVE-2023-52440](CVE-2023/CVE-2023-524xx/CVE-2023-52440.json) (`2024-02-21T08:15:45.203`)
* [CVE-2023-52441](CVE-2023/CVE-2023-524xx/CVE-2023-52441.json) (`2024-02-21T08:15:45.463`)
* [CVE-2023-52442](CVE-2023/CVE-2023-524xx/CVE-2023-52442.json) (`2024-02-21T08:15:45.547`)
* [CVE-2024-0593](CVE-2024/CVE-2024-05xx/CVE-2024-0593.json) (`2024-02-21T07:15:52.520`)
* [CVE-2024-1081](CVE-2024/CVE-2024-10xx/CVE-2024-1081.json) (`2024-02-21T07:15:53.183`)
* [CVE-2024-24843](CVE-2024/CVE-2024-248xx/CVE-2024-24843.json) (`2024-02-21T07:15:54.413`)
* [CVE-2024-24849](CVE-2024/CVE-2024-248xx/CVE-2024-24849.json) (`2024-02-21T07:15:55.140`)
* [CVE-2024-24872](CVE-2024/CVE-2024-248xx/CVE-2024-24872.json) (`2024-02-21T07:15:55.780`)
* [CVE-2024-24876](CVE-2024/CVE-2024-248xx/CVE-2024-24876.json) (`2024-02-21T07:15:56.193`)
* [CVE-2024-25904](CVE-2024/CVE-2024-259xx/CVE-2024-25904.json) (`2024-02-21T07:15:56.863`)
* [CVE-2024-25905](CVE-2024/CVE-2024-259xx/CVE-2024-25905.json) (`2024-02-21T07:15:57.410`)
* [CVE-2024-24798](CVE-2024/CVE-2024-247xx/CVE-2024-24798.json) (`2024-02-21T08:15:45.610`)
* [CVE-2024-24802](CVE-2024/CVE-2024-248xx/CVE-2024-24802.json) (`2024-02-21T08:15:46.027`)
* [CVE-2024-24837](CVE-2024/CVE-2024-248xx/CVE-2024-24837.json) (`2024-02-21T08:15:46.277`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `4`
* [CVE-2024-1631](CVE-2024/CVE-2024-16xx/CVE-2024-1631.json) (`2024-02-21T05:15:08.790`)
* [CVE-2023-46045](CVE-2023/CVE-2023-460xx/CVE-2023-46045.json) (`2024-02-21T07:15:51.880`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-02-21T07:15:53.630`)
* [CVE-2024-25973](CVE-2024/CVE-2024-259xx/CVE-2024-25973.json) (`2024-02-21T07:15:58.040`)
* [CVE-2024-25974](CVE-2024/CVE-2024-259xx/CVE-2024-25974.json) (`2024-02-21T07:15:58.427`)
## Download and Usage