From 8efc4ea2fbc52365e389bd09b9885c8b8d2de951 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 31 Jan 2024 19:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-31T19:00:25.051961+00:00 --- CVE-2021/CVE-2021-31xx/CVE-2021-3156.json | 6 +- CVE-2021/CVE-2021-421xx/CVE-2021-42145.json | 69 ++++++++++- CVE-2022/CVE-2022-390xx/CVE-2022-39046.json | 6 +- CVE-2023/CVE-2023-23xx/CVE-2023-2312.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2929.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2930.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2931.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2932.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2933.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2934.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2935.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2936.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2937.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2938.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2939.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2940.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2941.json | 6 +- CVE-2023/CVE-2023-30xx/CVE-2023-3079.json | 6 +- CVE-2023/CVE-2023-32xx/CVE-2023-3214.json | 6 +- CVE-2023/CVE-2023-32xx/CVE-2023-3215.json | 6 +- CVE-2023/CVE-2023-32xx/CVE-2023-3216.json | 6 +- CVE-2023/CVE-2023-32xx/CVE-2023-3217.json | 6 +- CVE-2023/CVE-2023-34xx/CVE-2023-3420.json | 6 +- CVE-2023/CVE-2023-34xx/CVE-2023-3421.json | 6 +- CVE-2023/CVE-2023-34xx/CVE-2023-3422.json | 6 +- CVE-2023/CVE-2023-358xx/CVE-2023-35836.json | 92 ++++++++++++-- CVE-2023/CVE-2023-358xx/CVE-2023-35837.json | 92 ++++++++++++-- CVE-2023/CVE-2023-376xx/CVE-2023-37679.json | 8 +- CVE-2023/CVE-2023-37xx/CVE-2023-3727.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3728.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3730.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3732.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3733.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3734.json | 10 +- CVE-2023/CVE-2023-37xx/CVE-2023-3735.json | 10 +- CVE-2023/CVE-2023-37xx/CVE-2023-3736.json | 10 +- CVE-2023/CVE-2023-37xx/CVE-2023-3737.json | 10 +- CVE-2023/CVE-2023-37xx/CVE-2023-3738.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3740.json | 10 +- CVE-2023/CVE-2023-40xx/CVE-2023-4068.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4069.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4070.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4071.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4072.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4073.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4074.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4075.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4076.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4077.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4078.json | 6 +- CVE-2023/CVE-2023-414xx/CVE-2023-41474.json | 68 ++++++++++- CVE-2023/CVE-2023-432xx/CVE-2023-43208.json | 8 +- CVE-2023/CVE-2023-43xx/CVE-2023-4349.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4350.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4351.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4352.json | 8 +- CVE-2023/CVE-2023-43xx/CVE-2023-4353.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4354.json | 8 +- CVE-2023/CVE-2023-43xx/CVE-2023-4355.json | 8 +- CVE-2023/CVE-2023-43xx/CVE-2023-4356.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4357.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4358.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4359.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4360.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4361.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4362.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4363.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4364.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4365.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4366.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4367.json | 6 +- CVE-2023/CVE-2023-43xx/CVE-2023-4368.json | 6 +- CVE-2023/CVE-2023-443xx/CVE-2023-44312.json | 6 +- CVE-2023/CVE-2023-443xx/CVE-2023-44313.json | 6 +- CVE-2023/CVE-2023-44xx/CVE-2023-4427.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4428.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4429.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4430.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4431.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4572.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47116.json | 63 ++++++++++ CVE-2023/CVE-2023-47xx/CVE-2023-4761.json | 6 +- CVE-2023/CVE-2023-47xx/CVE-2023-4762.json | 6 +- CVE-2023/CVE-2023-47xx/CVE-2023-4763.json | 6 +- CVE-2023/CVE-2023-47xx/CVE-2023-4764.json | 6 +- CVE-2023/CVE-2023-49xx/CVE-2023-4900.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4901.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4902.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4903.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4904.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4905.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4906.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4907.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4908.json | 8 +- CVE-2023/CVE-2023-49xx/CVE-2023-4909.json | 8 +- CVE-2023/CVE-2023-501xx/CVE-2023-50165.json | 55 +++++++++ CVE-2023/CVE-2023-501xx/CVE-2023-50166.json | 55 +++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5186.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5187.json | 8 +- CVE-2023/CVE-2023-523xx/CVE-2023-52355.json | 94 ++++++++++++++- CVE-2023/CVE-2023-523xx/CVE-2023-52356.json | 98 ++++++++++++++- CVE-2023/CVE-2023-52xx/CVE-2023-5217.json | 8 +- CVE-2023/CVE-2023-52xx/CVE-2023-5218.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5346.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5389.json | 8 +- CVE-2023/CVE-2023-53xx/CVE-2023-5390.json | 59 +++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5472.json | 6 +- CVE-2023/CVE-2023-54xx/CVE-2023-5473.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5474.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5475.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5476.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5477.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5478.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5479.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5480.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5481.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5482.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5483.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5484.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5485.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5486.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5487.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5849.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5850.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5851.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5852.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5853.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5854.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5855.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5856.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5857.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5858.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5859.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5996.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5997.json | 8 +- CVE-2023/CVE-2023-61xx/CVE-2023-6112.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6246.json | 94 ++++++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6267.json | 84 ++++++++++++- CVE-2023/CVE-2023-63xx/CVE-2023-6345.json | 8 +- CVE-2023/CVE-2023-63xx/CVE-2023-6346.json | 6 +- CVE-2023/CVE-2023-63xx/CVE-2023-6347.json | 6 +- CVE-2023/CVE-2023-63xx/CVE-2023-6348.json | 6 +- CVE-2023/CVE-2023-63xx/CVE-2023-6350.json | 6 +- CVE-2023/CVE-2023-63xx/CVE-2023-6351.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6508.json | 8 +- CVE-2023/CVE-2023-65xx/CVE-2023-6509.json | 8 +- CVE-2023/CVE-2023-65xx/CVE-2023-6510.json | 8 +- CVE-2023/CVE-2023-65xx/CVE-2023-6511.json | 8 +- CVE-2023/CVE-2023-65xx/CVE-2023-6512.json | 8 +- CVE-2023/CVE-2023-67xx/CVE-2023-6702.json | 8 +- CVE-2023/CVE-2023-67xx/CVE-2023-6703.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6704.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6705.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6706.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6707.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6779.json | 6 +- CVE-2023/CVE-2023-67xx/CVE-2023-6780.json | 6 +- CVE-2023/CVE-2023-70xx/CVE-2023-7024.json | 8 +- CVE-2023/CVE-2023-72xx/CVE-2023-7227.json | 127 +++++++++++++++++++- CVE-2024/CVE-2024-02xx/CVE-2024-0219.json | 4 +- CVE-2024/CVE-2024-02xx/CVE-2024-0222.json | 8 +- CVE-2024/CVE-2024-02xx/CVE-2024-0223.json | 8 +- CVE-2024/CVE-2024-02xx/CVE-2024-0224.json | 8 +- CVE-2024/CVE-2024-02xx/CVE-2024-0225.json | 8 +- CVE-2024/CVE-2024-04xx/CVE-2024-0402.json | 108 ++++++++++++++++- CVE-2024/CVE-2024-08xx/CVE-2024-0832.json | 4 +- CVE-2024/CVE-2024-08xx/CVE-2024-0833.json | 4 +- CVE-2024/CVE-2024-08xx/CVE-2024-0880.json | 61 +++++++++- CVE-2024/CVE-2024-08xx/CVE-2024-0882.json | 73 ++++++++++- CVE-2024/CVE-2024-08xx/CVE-2024-0883.json | 61 +++++++++- CVE-2024/CVE-2024-209xx/CVE-2024-20918.json | 8 +- CVE-2024/CVE-2024-209xx/CVE-2024-20926.json | 8 +- CVE-2024/CVE-2024-209xx/CVE-2024-20952.json | 8 +- CVE-2024/CVE-2024-218xx/CVE-2024-21888.json | 43 +++++++ CVE-2024/CVE-2024-218xx/CVE-2024-21893.json | 43 +++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22160.json | 55 +++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22161.json | 55 +++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22162.json | 55 +++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22163.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22282.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22286.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22289.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22292.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22293.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22295.json | 55 +++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22297.json | 55 +++++++++ CVE-2024/CVE-2024-223xx/CVE-2024-22302.json | 55 +++++++++ CVE-2024/CVE-2024-223xx/CVE-2024-22306.json | 55 +++++++++ CVE-2024/CVE-2024-223xx/CVE-2024-22307.json | 55 +++++++++ CVE-2024/CVE-2024-223xx/CVE-2024-22310.json | 55 +++++++++ CVE-2024/CVE-2024-225xx/CVE-2024-22529.json | 80 +++++++++++- CVE-2024/CVE-2024-227xx/CVE-2024-22749.json | 75 +++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23637.json | 67 +++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23897.json | 81 ++++++++++++- CVE-2024/CVE-2024-238xx/CVE-2024-23899.json | 74 +++++++++++- CVE-2024/CVE-2024-239xx/CVE-2024-23900.json | 74 +++++++++++- CVE-2024/CVE-2024-239xx/CVE-2024-23901.json | 73 ++++++++++- CVE-2024/CVE-2024-239xx/CVE-2024-23902.json | 73 ++++++++++- CVE-2024/CVE-2024-239xx/CVE-2024-23903.json | 73 ++++++++++- CVE-2024/CVE-2024-245xx/CVE-2024-24566.json | 59 +++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24579.json | 59 +++++++++ README.md | 91 ++++++++------ 202 files changed, 3863 insertions(+), 372 deletions(-) create mode 100644 CVE-2023/CVE-2023-471xx/CVE-2023-47116.json create mode 100644 CVE-2023/CVE-2023-501xx/CVE-2023-50165.json create mode 100644 CVE-2023/CVE-2023-501xx/CVE-2023-50166.json create mode 100644 CVE-2023/CVE-2023-53xx/CVE-2023-5390.json create mode 100644 CVE-2024/CVE-2024-218xx/CVE-2024-21888.json create mode 100644 CVE-2024/CVE-2024-218xx/CVE-2024-21893.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22160.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22161.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22162.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22163.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22282.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22286.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22289.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22292.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22293.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22295.json create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22297.json create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22302.json create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22306.json create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22307.json create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22310.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23637.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24566.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24579.json diff --git a/CVE-2021/CVE-2021-31xx/CVE-2021-3156.json b/CVE-2021/CVE-2021-31xx/CVE-2021-3156.json index e9045a24c2c..b242167d4c4 100644 --- a/CVE-2021/CVE-2021-31xx/CVE-2021-3156.json +++ b/CVE-2021/CVE-2021-31xx/CVE-2021-3156.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3156", "sourceIdentifier": "cve@mitre.org", "published": "2021-01-26T21:15:12.987", - "lastModified": "2024-01-30T21:15:08.140", + "lastModified": "2024-01-31T18:15:45.590", "vulnStatus": "Modified", "cisaExploitAdd": "2022-04-06", "cisaActionDue": "2022-04-27", @@ -507,6 +507,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2021/Feb/42", "source": "cve@mitre.org", diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json index abca7b3f2e8..6ac7fbd0ac1 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json @@ -2,19 +2,80 @@ "id": "CVE-2021-42145", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T19:15:08.420", - "lastModified": "2024-01-24T19:43:42.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:56:08.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service." + }, + { + "lang": "es", + "value": "Un error de aserci\u00f3n descubierto en check_certificate_request() en Contiki-NG tinyDTLS a trav\u00e9s de la rama maestra 53a0d97 permite a los atacantes provocar una denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2018-08-30", + "matchCriteriaId": "E938DF84-2663-4516-87E3-B7E46789F6A1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://seclists.org/fulldisclosure/2024/Jan/18", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json index 4c861c6ab1f..4e4e8c35614 100644 --- a/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json +++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39046", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-31T06:15:07.467", - "lastModified": "2024-01-30T21:15:08.370", + "lastModified": "2024-01-31T18:15:45.807", "vulnStatus": "Modified", "descriptions": [ { @@ -238,6 +238,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2312.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2312.json index fb202a9d552..a679b75d798 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2312.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2312.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2312", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:10.017", - "lastModified": "2023-08-27T03:15:14.130", + "lastModified": "2024-01-31T17:15:10.973", "vulnStatus": "Modified", "descriptions": [ { @@ -103,6 +103,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2929.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2929.json index f2cf52dacde..454528f6710 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2929.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2929.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2929", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:09.997", - "lastModified": "2023-11-25T11:15:15.580", + "lastModified": "2024-01-31T17:15:11.073", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2930.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2930.json index eb5f26e3e19..558e1c74003 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2930.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2930.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2930", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.067", - "lastModified": "2023-11-25T11:15:15.670", + "lastModified": "2024-01-31T17:15:11.153", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2931.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2931.json index c37801d177c..7c63f61dac7 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2931.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2931.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2931", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.117", - "lastModified": "2023-11-25T11:15:15.740", + "lastModified": "2024-01-31T17:15:11.213", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2932.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2932.json index e5dec6eeca4..16f87d3ec86 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2932.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2932.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2932", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.167", - "lastModified": "2023-11-25T11:15:15.810", + "lastModified": "2024-01-31T17:15:11.270", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2933.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2933.json index bb28fb9108f..ed46641792d 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2933.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2933.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2933", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.210", - "lastModified": "2023-11-25T11:15:15.953", + "lastModified": "2024-01-31T17:15:11.323", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2934.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2934.json index e6fa18499e1..8e8b01419ff 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2934.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2934.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2934", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.257", - "lastModified": "2023-11-25T11:15:16.073", + "lastModified": "2024-01-31T17:15:11.383", "vulnStatus": "Modified", "descriptions": [ { @@ -88,6 +88,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2935.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2935.json index 8a924df1a0e..821ce148df5 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2935.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2935.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2935", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.307", - "lastModified": "2023-11-25T11:15:16.207", + "lastModified": "2024-01-31T17:15:11.440", "vulnStatus": "Modified", "descriptions": [ { @@ -88,6 +88,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2936.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2936.json index 7ffeb5ea0ba..906f7fe16d4 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2936.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2936.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2936", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.350", - "lastModified": "2023-11-25T11:15:16.297", + "lastModified": "2024-01-31T17:15:11.500", "vulnStatus": "Modified", "descriptions": [ { @@ -88,6 +88,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2937.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2937.json index e9a5fddca96..e82fcb2770b 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2937.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2937.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2937", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.393", - "lastModified": "2023-11-25T11:15:16.367", + "lastModified": "2024-01-31T17:15:11.553", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2938.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2938.json index b5918a2e769..4d03cec7d98 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2938.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2938.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2938", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.433", - "lastModified": "2023-11-25T11:15:16.453", + "lastModified": "2024-01-31T17:15:11.607", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json index 4e7a83018b9..b0762a88aea 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2939", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.477", - "lastModified": "2023-11-25T11:15:16.533", + "lastModified": "2024-01-31T17:15:11.687", "vulnStatus": "Modified", "descriptions": [ { @@ -97,6 +97,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json index f134851a2b3..b49d732a575 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2940", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.527", - "lastModified": "2023-11-25T11:15:16.777", + "lastModified": "2024-01-31T17:15:11.807", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2941.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2941.json index 5f8e0013099..8ae0e9965d8 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2941.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2941.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2941", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.570", - "lastModified": "2023-11-25T11:15:16.860", + "lastModified": "2024-01-31T17:15:11.863", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5418", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json index fb09ac25e37..ab7194e8054 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3079", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-05T22:15:12.383", - "lastModified": "2023-12-14T16:15:45.310", + "lastModified": "2024-01-31T17:15:11.930", "vulnStatus": "Modified", "cisaExploitAdd": "2023-06-07", "cisaActionDue": "2023-06-28", @@ -142,6 +142,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.couchbase.com/alerts/", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json index b6ce2d5362a..2958513d0c5 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3214", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.170", - "lastModified": "2023-11-25T11:15:18.360", + "lastModified": "2024-01-31T17:15:12.020", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5428", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json index 06bd1fcfa38..7a1103ff0ac 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3215", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.223", - "lastModified": "2023-11-25T11:15:18.457", + "lastModified": "2024-01-31T17:15:12.093", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5428", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json index e90d3a4f504..8846e959a36 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3216", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.273", - "lastModified": "2023-11-25T11:15:18.547", + "lastModified": "2024-01-31T17:15:12.160", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5428", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3217.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3217.json index 11b2dba7241..89133df3277 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3217.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3217.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.320", - "lastModified": "2023-11-25T11:15:18.630", + "lastModified": "2024-01-31T17:15:12.227", "vulnStatus": "Modified", "descriptions": [ { @@ -127,6 +127,10 @@ "url": "https://security.gentoo.org/glsa/202311-11", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5428", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json index 010a6eaddea..0d72335c8d7 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3420", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.557", - "lastModified": "2023-07-04T04:15:11.653", + "lastModified": "2024-01-31T17:15:12.290", "vulnStatus": "Modified", "descriptions": [ { @@ -108,6 +108,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5440", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json index 19f87cc0ae4..6555fe8bf01 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3421", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.597", - "lastModified": "2023-09-25T19:15:09.827", + "lastModified": "2024-01-31T17:15:12.373", "vulnStatus": "Modified", "descriptions": [ { @@ -108,6 +108,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5440", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json index 913d227e36b..8bf9a71422a 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3422", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.640", - "lastModified": "2023-07-04T04:15:12.673", + "lastModified": "2024-01-31T17:15:12.510", "vulnStatus": "Modified", "descriptions": [ { @@ -108,6 +108,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5440", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35836.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35836.json index 3596996b68a..a368fe73c0c 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35836.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35836.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35836", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T23:15:08.000", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:38:16.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,101 @@ "value": "Se descubri\u00f3 un problema en SolaX Pocket WiFi 3 hasta 3.001.02. Un atacante dentro del alcance de RF puede obtener una copia en texto plano de la configuraci\u00f3n de red del dispositivo, incluido el Wi-Fi PSK, durante la instalaci\u00f3n y reconfiguraci\u00f3n del dispositivo. Si tiene \u00e9xito, el atacante puede infiltrarse a\u00fan m\u00e1s en las redes Wi-Fi del objetivo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndIncluding": "3.009.03_20230504", + "matchCriteriaId": "FAA04768-4E31-414A-A19C-855B1E1D8CCE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "112442CA-E44E-4C2B-95C3-9162E56B9F16" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solaxpower.com/downloads/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://yougottahackthat.com/blog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35837.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35837.json index 7c12a40611b..3a7ba0f3c66 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35837.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35837", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T23:15:08.050", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:25:21.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,101 @@ "value": "Se descubri\u00f3 un problema en SolaX Pocket WiFi 3 hasta 3.001.02. La autenticaci\u00f3n para la interfaz web se completa a trav\u00e9s de un AP WiFi no autenticado. La contrase\u00f1a administrativa para la interfaz web tiene una contrase\u00f1a predeterminada, igual al ID de registro del dispositivo. Este mismo ID de registro se utiliza como nombre SSID de WiFi. No existe ninguna rutina para forzar un cambio en esta contrase\u00f1a en el primer uso o para informar al usuario sobre su estado predeterminado. Una vez autenticado, un atacante puede reconfigurar el dispositivo o cargar un nuevo firmware, lo cual puede provocar una denegaci\u00f3n de servicio, ejecuci\u00f3n de c\u00f3digo o escalada de privilegios." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndIncluding": "3.009.03_20230504", + "matchCriteriaId": "FAA04768-4E31-414A-A19C-855B1E1D8CCE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "112442CA-E44E-4C2B-95C3-9162E56B9F16" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solaxpower.com/downloads/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://yougottahackthat.com/blog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37679.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37679.json index 63a760918e8..90a094e0683 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37679.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37679.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37679", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-03T03:15:10.697", - "lastModified": "2023-08-07T19:37:34.487", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T18:15:45.940", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -82,6 +82,10 @@ "Product" ] }, + { + "url": "http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://www.ihteam.net/advisory/mirth-connect", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3727.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3727.json index b130ea9c7ea..89eefe3cd31 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3727.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3727.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3727", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:31.320", - "lastModified": "2023-08-12T06:16:32.627", + "lastModified": "2024-01-31T17:15:12.590", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3728.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3728.json index 41e1b2797d5..952b76b52cb 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3728.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3728.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3728", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:31.490", - "lastModified": "2023-08-12T06:16:40.940", + "lastModified": "2024-01-31T17:15:12.677", "vulnStatus": "Modified", "descriptions": [ { @@ -86,6 +86,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3730.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3730.json index 2456b53517c..146af248247 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3730.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3730.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3730", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:31.857", - "lastModified": "2023-08-12T06:16:41.433", + "lastModified": "2024-01-31T17:15:12.737", "vulnStatus": "Modified", "descriptions": [ { @@ -86,6 +86,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3732.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3732.json index 30b13af85e5..f6bf18c0c30 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3732.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3732.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3732", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:32.247", - "lastModified": "2023-08-18T17:15:09.997", + "lastModified": "2024-01-31T17:15:12.800", "vulnStatus": "Modified", "descriptions": [ { @@ -90,6 +90,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3733.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3733.json index ea6e34caf60..c6eb82a912e 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3733.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3733.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3733", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:32.443", - "lastModified": "2023-08-12T06:17:57.680", + "lastModified": "2024-01-31T17:15:12.870", "vulnStatus": "Modified", "descriptions": [ { @@ -85,6 +85,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3734.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3734.json index 4ba7b79f4d9..a91e59648c6 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3734.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3734.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3734", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:32.607", - "lastModified": "2023-08-12T06:18:29.297", + "lastModified": "2024-01-31T17:15:12.930", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La implementaci\u00f3n inadecuada de Picture In Picture en Google Chrome anterior a la versi\u00f3n 115.0.5790.98 permit\u00eda a un atacante remoto falsificar potencialmente el contenido de la Omnibox (barra de URL) a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Media)" } ], "metrics": { @@ -85,6 +89,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3735.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3735.json index 231f62a9831..b6aced1816c 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3735.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3735.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3735", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:32.773", - "lastModified": "2023-08-12T06:18:29.783", + "lastModified": "2024-01-31T17:15:13.000", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La implementaci\u00f3n inadecuada de las Solicitudes de Permiso de la API Web en Google Chrome anteriores a la versi\u00f3n 115.0.5790.98 permit\u00eda a un atacante remoto ocultar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Media)" } ], "metrics": { @@ -85,6 +89,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3736.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3736.json index 5690081182c..a2e203694ca 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3736.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3736.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3736", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:33.013", - "lastModified": "2023-08-12T06:19:05.223", + "lastModified": "2024-01-31T17:15:13.063", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La implementaci\u00f3n inadecuada de las Pesta\u00f1as Personalizadas en Google Chrome en Android antes de la versi\u00f3n 115.0.5790.98 permit\u00eda a un atacante remoto filtrar datos de origen cruzado a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Media)" } ], "metrics": { @@ -97,6 +101,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3737.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3737.json index 1e56314a5c1..e90c558c4a7 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3737.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3737.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3737", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:33.177", - "lastModified": "2023-08-12T06:19:06.317", + "lastModified": "2024-01-31T17:15:13.123", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en Notificaciones en Google Chrome anterior a 115.0.5790.98 permit\u00eda a un atacante remoto falsificar el contenido de las notificaciones multimedia a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Media)" } ], "metrics": { @@ -85,6 +89,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3738.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3738.json index 28141e22225..62684a214a1 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3738.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3738.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3738", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:33.427", - "lastModified": "2023-08-12T06:19:07.383", + "lastModified": "2024-01-31T17:15:13.183", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3740.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3740.json index 60d61774274..3e6f886a770 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3740.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3740.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3740", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-01T23:15:33.793", - "lastModified": "2023-08-12T06:19:08.517", + "lastModified": "2024-01-31T17:15:13.297", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)" + }, + { + "lang": "es", + "value": "La validaci\u00f3n insuficiente de entradas no fiables en los Temas de Google Chrome anteriores a la versi\u00f3n 115.0.5790.98 permit\u00eda a un atacante remoto servir contenido malicioso a un usuario a trav\u00e9s de una URL de fondo manipulada. (Gravedad de seguridad de Chromium: Baja)" } ], "metrics": { @@ -85,6 +89,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json index c13494e1c73..7ac9a680878 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4068", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.513", - "lastModified": "2023-12-22T13:15:09.043", + "lastModified": "2024-01-31T17:15:13.627", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json index 73115ca747e..59db970c3ef 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4069", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.583", - "lastModified": "2023-12-22T13:15:09.140", + "lastModified": "2024-01-31T17:15:13.707", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json index e6cf88182b4..b2035cf43b2 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4070", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.647", - "lastModified": "2023-12-22T13:15:09.207", + "lastModified": "2024-01-31T17:15:13.767", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json index ccc396081b8..5c62d6437dc 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4071", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.710", - "lastModified": "2023-12-22T13:15:09.273", + "lastModified": "2024-01-31T17:15:13.823", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json index 8d2b299cb5e..c1825c32419 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4072", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.773", - "lastModified": "2023-12-22T13:15:09.327", + "lastModified": "2024-01-31T17:15:13.883", "vulnStatus": "Modified", "descriptions": [ { @@ -96,6 +96,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json index b6a28afd643..489ca7ab9f0 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4073", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.840", - "lastModified": "2023-12-22T13:15:09.387", + "lastModified": "2024-01-31T17:15:13.947", "vulnStatus": "Modified", "descriptions": [ { @@ -133,6 +133,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json index 475178d55bc..2acbd603e13 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4074", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.903", - "lastModified": "2023-12-22T13:15:09.453", + "lastModified": "2024-01-31T17:15:14.080", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json index 0d5e4377599..bc06341988a 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4075", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.973", - "lastModified": "2023-12-22T13:15:09.517", + "lastModified": "2024-01-31T17:15:14.137", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json index 76979826f80..563214d3617 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4076", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.037", - "lastModified": "2023-12-22T13:15:09.583", + "lastModified": "2024-01-31T17:15:14.197", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json index d90a5e55806..acf294b2a28 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4077", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.100", - "lastModified": "2023-12-22T13:15:09.647", + "lastModified": "2024-01-31T17:15:14.250", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json index fa9077174d4..98d65408072 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4078", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.167", - "lastModified": "2023-12-22T13:15:09.707", + "lastModified": "2024-01-31T17:15:14.310", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5467", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json index dd2bb3b3516..05c8aae9fcb 100644 --- a/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json @@ -2,19 +2,79 @@ "id": "CVE-2023-41474", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T20:15:36.993", - "lastModified": "2024-01-25T21:52:01.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:54:51.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de directory traversal en Ivanti Avalanche 6.3.4.153 permite a un atacante remoto autenticado obtener informaci\u00f3n confidencial a trav\u00e9s del componente javax.faces.resource." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*", + "matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/JBalanza/CVE-2023-41474", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43208.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43208.json index 125cc291d98..bb544fbaa18 100644 --- a/CVE-2023/CVE-2023-432xx/CVE-2023-43208.json +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43208", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-26T17:15:09.033", - "lastModified": "2023-11-04T01:50:43.173", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T18:15:46.020", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4349.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4349.json index 93d4e59ee03..02a3b52fb4b 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4349.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4349.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4349", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:10.950", - "lastModified": "2023-08-27T03:15:14.293", + "lastModified": "2024-01-31T17:15:14.370", "vulnStatus": "Modified", "descriptions": [ { @@ -116,6 +116,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4350.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4350.json index 67ab51b8e34..a06893186c6 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4350.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4350.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4350", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.103", - "lastModified": "2023-08-27T03:15:14.490", + "lastModified": "2024-01-31T17:15:14.447", "vulnStatus": "Modified", "descriptions": [ { @@ -129,6 +129,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4351.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4351.json index b9c106b9983..b2689a3da23 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4351.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4351", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.260", - "lastModified": "2023-08-27T03:15:14.647", + "lastModified": "2024-01-31T17:15:14.517", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4352.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4352.json index ddef047114d..776830b8c59 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4352.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4352.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4352", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.463", - "lastModified": "2023-10-30T19:41:46.627", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:14.573", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -136,6 +136,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4353.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4353.json index 20143afcd1b..f85a902315c 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4353.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4353.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4353", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.613", - "lastModified": "2023-08-27T03:15:15.140", + "lastModified": "2024-01-31T17:15:14.650", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4354.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4354.json index 0920c2a97e2..424ddede88b 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4354.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4354.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4354", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.763", - "lastModified": "2023-10-12T02:56:56.870", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:14.710", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4355.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4355.json index a246f7f747e..bf1cdcebc7c 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4355.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4355.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4355", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:11.923", - "lastModified": "2023-10-13T01:01:41.827", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:14.840", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4356.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4356.json index 8f3c5077eca..31ec6b1ecc1 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4356.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4356.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4356", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.090", - "lastModified": "2023-08-27T03:15:16.880", + "lastModified": "2024-01-31T17:15:14.917", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json index 21e89b324c0..28e61c7964b 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4357.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4357", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.247", - "lastModified": "2023-08-27T03:15:23.483", + "lastModified": "2024-01-31T17:15:14.977", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json index 908a80ad89d..8fb71e954e2 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4358.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4358", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.397", - "lastModified": "2023-08-27T03:15:23.727", + "lastModified": "2024-01-31T17:15:15.053", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json index 21fed904c4a..2bbc18f201e 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4359.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4359", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.637", - "lastModified": "2023-08-27T03:15:23.957", + "lastModified": "2024-01-31T17:15:15.147", "vulnStatus": "Modified", "descriptions": [ { @@ -129,6 +129,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json index c3dd5dda0d3..6f91a28fcdf 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4360.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4360", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.863", - "lastModified": "2023-08-27T03:15:25.467", + "lastModified": "2024-01-31T17:15:15.233", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4361.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4361.json index 67fbec9c91b..d151b98d703 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4361.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4361.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4361", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:12.960", - "lastModified": "2023-08-27T03:15:26.063", + "lastModified": "2024-01-31T17:15:15.307", "vulnStatus": "Modified", "descriptions": [ { @@ -129,6 +129,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json index 2c1ab98e708..19b1a2d8547 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4362.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4362", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.030", - "lastModified": "2023-08-27T03:15:27.143", + "lastModified": "2024-01-31T17:15:15.390", "vulnStatus": "Modified", "descriptions": [ { @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json index f1ac1113039..c65888a62cf 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4363.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4363", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.113", - "lastModified": "2023-08-27T03:15:28.827", + "lastModified": "2024-01-31T17:15:15.463", "vulnStatus": "Modified", "descriptions": [ { @@ -129,6 +129,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json index f67fc76642b..a6b06181c17 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4364.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4364", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.217", - "lastModified": "2023-08-27T03:15:29.733", + "lastModified": "2024-01-31T17:15:15.540", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json index 181f565a5c9..02039fcf399 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4365.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4365", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.290", - "lastModified": "2023-08-27T03:15:30.660", + "lastModified": "2024-01-31T17:15:15.610", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4366.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4366.json index f376dc1cb72..0f6b7830c22 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4366.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4366.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4366", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.413", - "lastModified": "2023-08-27T03:15:31.313", + "lastModified": "2024-01-31T17:15:15.737", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4367.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4367.json index 6cba30887c7..3ab98b67946 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4367.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4367.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4367", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.520", - "lastModified": "2023-08-27T03:15:31.833", + "lastModified": "2024-01-31T17:15:15.890", "vulnStatus": "Modified", "descriptions": [ { @@ -116,6 +116,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json index 67a225d7010..76b11b4a464 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4368", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.597", - "lastModified": "2023-08-27T03:15:32.420", + "lastModified": "2024-01-31T17:15:15.970", "vulnStatus": "Modified", "descriptions": [ { @@ -112,6 +112,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5479", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44312.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44312.json index 7051ee7afa0..6678588e801 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44312.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44312.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44312", "sourceIdentifier": "security@apache.org", "published": "2024-01-31T09:15:43.693", - "lastModified": "2024-01-31T14:05:19.990", + "lastModified": "2024-01-31T18:15:46.110", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/5", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44313.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44313.json index 522306dca2b..b6e6de156b5 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44313.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44313.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44313", "sourceIdentifier": "security@apache.org", "published": "2024-01-31T09:15:43.920", - "lastModified": "2024-01-31T14:05:19.990", + "lastModified": "2024-01-31T18:15:46.207", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/31/4", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json index e496eead63c..a4924c48173 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4427", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.073", - "lastModified": "2023-10-13T01:12:47.790", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.043", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -141,6 +141,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5483", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json index b4f2ca0b6d2..8128d8190dc 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4428.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4428", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.157", - "lastModified": "2023-10-30T19:41:27.130", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5483", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json index b85266873b7..a88ed8341b3 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4429.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4429", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.227", - "lastModified": "2023-10-30T19:41:10.943", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.200", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5483", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json index cb7cd071bfc..324b94c1e99 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4430.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4430", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.290", - "lastModified": "2023-10-30T19:40:57.993", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5483", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json index 7737d2c13aa..f69ed05c3b5 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4431.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4431", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.353", - "lastModified": "2023-10-13T01:13:53.427", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.343", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -152,6 +152,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5483", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4572.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4572.json index 4fbe04aad38..c376c732dd3 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4572.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4572.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4572", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-29T20:15:10.480", - "lastModified": "2023-10-30T19:38:38.793", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.437", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5487", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47116.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47116.json new file mode 100644 index 00000000000..d94a054fc30 --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47116.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-47116", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T17:15:13.370", + "lastModified": "2024-01-31T17:15:13.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json index f27ed79b1da..c0823b8bd06 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4761", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-05T22:15:09.583", - "lastModified": "2023-12-22T13:15:09.790", + "lastModified": "2024-01-31T17:15:16.553", "vulnStatus": "Modified", "descriptions": [ { @@ -160,6 +160,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5491", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4762.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4762.json index 8d6fa4e952b..44f2c8b9a7e 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4762.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4762.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4762", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-05T22:15:09.677", - "lastModified": "2023-12-22T13:15:09.940", + "lastModified": "2024-01-31T17:15:16.667", "vulnStatus": "Modified", "descriptions": [ { @@ -165,6 +165,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5491", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4763.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4763.json index a3b5be4c589..0aa5927bbf0 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4763.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4763.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4763", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-05T22:15:09.777", - "lastModified": "2023-12-22T13:15:10.020", + "lastModified": "2024-01-31T17:15:16.743", "vulnStatus": "Modified", "descriptions": [ { @@ -124,6 +124,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5491", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4764.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4764.json index 2d42849f981..a6215c95bb9 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4764.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4764.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4764", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-05T22:15:09.883", - "lastModified": "2023-12-22T13:15:10.100", + "lastModified": "2024-01-31T17:15:16.827", "vulnStatus": "Modified", "descriptions": [ { @@ -124,6 +124,10 @@ "url": "https://security.gentoo.org/glsa/202312-07", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5491", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json index 17e9190d96b..a0bf88efaf9 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4900", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.537", - "lastModified": "2023-10-17T20:12:54.150", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.900", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -162,6 +162,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json index 41a2aa4ad9f..f0637366ab2 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4901", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.603", - "lastModified": "2023-10-17T20:13:09.360", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:16.987", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -145,6 +145,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json index ee857154c7d..f0a2e8ed918 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4902", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.657", - "lastModified": "2023-10-17T20:13:29.797", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.070", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json index 906186b9be4..df24d8ce741 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4903", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.717", - "lastModified": "2023-10-17T20:14:02.777", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.143", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -162,6 +162,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json index 7592ae92ae7..08267bc6407 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4904", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.777", - "lastModified": "2023-10-17T19:51:00.467", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json index f1454b6e7e8..44dd0231bad 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4905", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.837", - "lastModified": "2023-10-17T19:54:42.733", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.590", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json index f178f595c16..a04f100b49b 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4906", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.893", - "lastModified": "2023-10-17T20:02:16.117", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.670", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json index e14b1ad6b78..5e57c88d99a 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4907", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:08.950", - "lastModified": "2023-10-17T20:02:45.343", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.750", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -162,6 +162,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json index cd231c71760..557417eed9a 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4908", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:09.010", - "lastModified": "2023-10-17T20:02:51.120", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.827", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json index 0289cd61c82..f15d63845dc 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4909", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T21:15:09.073", - "lastModified": "2023-10-17T20:14:06.793", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.910", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5499", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json new file mode 100644 index 00000000000..0de076ecd6f --- /dev/null +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50165", + "sourceIdentifier": "security@pega.com", + "published": "2024-01-31T18:15:46.320", + "lastModified": "2024-01-31T18:15:46.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pega.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@pega.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-g23-vulnerability-remediation-note", + "source": "security@pega.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json new file mode 100644 index 00000000000..e33a6e311db --- /dev/null +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50166", + "sourceIdentifier": "security@pega.com", + "published": "2024-01-31T18:15:46.513", + "lastModified": "2024-01-31T18:15:46.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pega.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@pega.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-h23-vulnerability-remediation-note", + "source": "security@pega.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5186.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5186.json index f7fab0f93cc..d07bca46030 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5186.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5186.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5186", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.760", - "lastModified": "2023-10-12T02:46:12.913", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:17.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -153,6 +153,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5508", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5187.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5187.json index 093c35fea37..991ab0b8fad 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5187.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5187.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5187", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.883", - "lastModified": "2023-10-12T02:45:40.760", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.097", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -153,6 +153,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5508", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json index fd39668ab1e..4e4f301d40d 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52355", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T20:15:38.353", - "lastModified": "2024-01-25T21:52:01.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:59:49.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un fallo de falta de memoria en libtiff que podr\u00eda activarse al pasar un archivo tiff dise\u00f1ado a la API TIFFRasterScanlineSize64(). Este fallo permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de una entrada manipulada con un tama\u00f1o inferior a 379 KB." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,18 +80,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-11-11", + "matchCriteriaId": "167987A3-B58C-44D8-8594-C992CB238723" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-52355", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/621", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json index 877df5737a6..4ebe6aec16c 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52356", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T20:15:39.063", - "lastModified": "2024-01-25T21:52:01.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:41:06.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un fallo de falla de segmento (SEGV) en libtiff que podr\u00eda activarse al pasar un archivo tiff dise\u00f1ado a la API TIFFReadRGBATileExt(). Este fallo permite que un atacante remoto provoque un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria, lo que lleva a una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,22 +80,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FFD25C1-A304-486F-A36B-7167EEF33388" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-52356", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/622", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json index 7a850540d40..b2d896a9667 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.980", - "lastModified": "2023-11-17T18:56:01.750", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.173", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-10-02", "cisaActionDue": "2023-10-23", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -584,6 +584,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5218.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5218.json index 8c94cc3c521..8f4a48a5146 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5218.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5218.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5218", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.443", - "lastModified": "2024-01-26T18:06:01.817", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.423", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -154,6 +154,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5346.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5346.json index 1ac5fdbc9a1..901c3faf47e 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5346.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5346.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5346", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-05T18:15:13.270", - "lastModified": "2023-11-16T01:45:40.253", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.533", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -132,6 +132,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5389.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5389.json index 01452c89fe5..a84c8293305 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5389.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5389.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5389", "sourceIdentifier": "psirt@honeywell.com", "published": "2024-01-30T20:15:45.420", - "lastModified": "2024-01-30T20:48:58.267", + "lastModified": "2024-01-31T18:15:46.707", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0" + "value": "\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0" + }, + { + "lang": "es", + "value": "Un atacante podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda modificar archivos en Honeywell Experion VirtualUOC y UOC. Esta explotaci\u00f3n podr\u00eda usarse para escribir un archivo que puede resultar en un comportamiento inesperado basado en cambios de configuraci\u00f3n o actualizaci\u00f3n de archivos que podr\u00edan resultar en la ejecuci\u00f3n posterior de una aplicaci\u00f3n maliciosa si se activa. Honeywell recomienda actualizar a la versi\u00f3n m\u00e1s reciente del producto. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5390.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5390.json new file mode 100644 index 00000000000..ad24f4d7cf8 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5390.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5390", + "sourceIdentifier": "psirt@honeywell.com", + "published": "2024-01-31T18:15:46.780", + "lastModified": "2024-01-31T18:15:46.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-36" + } + ] + } + ], + "references": [ + { + "url": "https://process.honeywell.com", + "source": "psirt@honeywell.com" + }, + { + "url": "https://www.honeywell.com/us/en/product-security", + "source": "psirt@honeywell.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5472.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5472.json index 3c018db2186..0657fcdaa7e 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5472.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5472.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5472", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-25T18:17:43.667", - "lastModified": "2023-11-03T23:15:09.753", + "lastModified": "2024-01-31T17:15:18.640", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5536", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5473.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5473.json index 3ae86748616..47096f4378b 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5473.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5473.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5473", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.503", - "lastModified": "2024-01-26T18:16:23.077", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.730", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5474.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5474.json index b4ac2af9f26..9b42efcd421 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5474.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5474.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5474", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.557", - "lastModified": "2024-01-26T18:16:27.137", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.813", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5475.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5475.json index 42a9f9eba31..816f18c5df1 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5475.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5475.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5475", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.603", - "lastModified": "2024-01-26T18:16:30.307", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:18.947", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -154,6 +154,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json index beadf88ddc1..469419ad54b 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5476", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.650", - "lastModified": "2024-01-26T18:16:33.447", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.147", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json index 7b800a69991..829870e9dca 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5477", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.700", - "lastModified": "2024-01-26T18:46:01.947", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.223", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json index f22c530f82a..56ddd14d655 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5478", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.747", - "lastModified": "2024-01-26T18:46:06.580", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.307", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json index 5d3e894332c..4211c851a52 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5479", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.797", - "lastModified": "2024-01-26T18:48:24.790", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.393", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5480.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5480.json index 3ec7881d6af..26839efe1c1 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5480.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5480.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5480", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:09.930", - "lastModified": "2024-01-26T17:55:58.877", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.470", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json index ef51e8d5d6d..4d7f2cc3b60 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5481", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.850", - "lastModified": "2024-01-26T18:46:12.113", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.573", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5482.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5482.json index da3b85e8869..d1dbf95ef27 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5482.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5482.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5482", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:09.973", - "lastModified": "2024-01-26T17:56:14.993", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json index 645a8e965ba..187a856a01b 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5483", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.897", - "lastModified": "2024-01-26T18:46:16.543", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json index 5734b88e2dc..07aa6d13508 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5484", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.950", - "lastModified": "2024-01-26T18:46:21.287", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:19.947", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -154,6 +154,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json index 36a7969e005..b68f3609658 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5485", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.007", - "lastModified": "2024-01-26T18:03:12.120", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.080", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json index 9ce82b370aa..64594741677 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5486", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.060", - "lastModified": "2024-01-26T18:46:25.087", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json index 415724338b7..a507ed8aedf 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5487", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.110", - "lastModified": "2024-01-26T17:55:51.737", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -149,6 +149,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5526", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5849.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5849.json index 33e6e9b4254..ff8a61b07b8 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5849.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5849.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5849", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.107", - "lastModified": "2024-01-26T17:59:51.847", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5850.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5850.json index b64a53ad414..a66a29ccb65 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5850.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5850", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.160", - "lastModified": "2024-01-26T17:59:56.317", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.643", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5851.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5851.json index 8f4c7658dd4..304645f0db3 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5851.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5851.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5851", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.207", - "lastModified": "2024-01-26T18:00:00.197", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:20.770", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5852.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5852.json index e2601d49c74..5bdedcb3d0c 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5852.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5852.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5852", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.253", - "lastModified": "2024-01-26T18:00:04.037", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.130", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5853.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5853.json index 84adbbf85cb..25b3a36addd 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5853.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5853.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5853", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.300", - "lastModified": "2024-01-26T18:58:13.703", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.237", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5854.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5854.json index fe7434c3f94..de88a2c556f 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5854.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5854.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5854", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.343", - "lastModified": "2024-01-26T18:58:20.157", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.410", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5855.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5855.json index 6ae499eac6e..2e20cfc7b34 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5855.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5855.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5855", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.387", - "lastModified": "2024-01-26T18:58:23.647", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.557", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5856.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5856.json index cfa25c6ef52..25bbde54f32 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5856.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5856.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5856", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.433", - "lastModified": "2024-01-26T18:58:30.963", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.667", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5857.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5857.json index 55713c99852..e6ad3c97c0d 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5857.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5857.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5857", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.477", - "lastModified": "2024-01-26T18:50:29.147", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:21.953", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5858.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5858.json index c1cd5d7313d..59fe484a725 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5858.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5858", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.517", - "lastModified": "2024-01-26T18:50:35.400", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:22.087", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5859.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5859.json index 6ac7919f1e7..f3c8f612585 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5859.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5859", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-01T18:15:10.563", - "lastModified": "2024-01-26T18:50:38.617", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:22.240", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5546", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5996.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5996.json index 1bf9d06ab4f..e2631ea5fc6 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5996.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5996.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5996", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-08T20:15:07.637", - "lastModified": "2024-01-26T18:50:41.627", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:22.350", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -151,6 +151,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5551", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json index d49e65ff11d..dab54f78e30 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5997", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-15T18:15:06.873", - "lastModified": "2024-01-26T18:50:47.813", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:22.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -164,6 +164,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5556", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json index 36e296b4efc..843ea020e2a 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6112", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-15T18:15:06.933", - "lastModified": "2024-01-26T18:53:26.207", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:22.707", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -171,6 +171,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5556", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6246.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6246.json index 3ce278ad984..30fe31cf884 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6246.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6246.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6246", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-31T14:15:48.420", - "lastModified": "2024-01-31T14:28:47.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:15:46.970", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,18 +76,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.36", + "versionEndExcluding": "2.39", + "matchCriteriaId": "5618FB1A-596C-4054-8DB6-7A9F189D9AFC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { - "url": "https://access.redhat.com/security/cve/CVE-2023-6246", + "url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html", "source": "secalert@redhat.com" }, + { + "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6246", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2024/01/30/6", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json index e984de0dc64..d5ae3e2827c 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6267", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T19:15:08.260", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:17:53.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un fallo en el payload json. Si se utiliza seguridad basada en anotaciones para proteger un recurso REST, el cuerpo JSON que el recurso puede consumir se procesa (deserializa) antes de que se eval\u00faen y apliquen las restricciones de seguridad. Esto no sucede con la seguridad basada en configuraci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +80,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.13.9", + "matchCriteriaId": "6B27FE57-901A-496C-B2C1-F647C91E7B51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.2.9", + "matchCriteriaId": "BDE831ED-C431-4CCF-AB2D-67BBC88FAE4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quarkus:quarkus:2.13.9:-:*:*:*:*:*:*", + "matchCriteriaId": "AF6EB005-F254-47A9-B963-E1AD508F55FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quarkus:quarkus:3.2.9:-:*:*:*:*:*:*", + "matchCriteriaId": "DCA0123C-E209-4037-A021-A3B95305A453" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6267", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json index 52ecdf34659..8dbc5897e49 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6345.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6345", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.077", - "lastModified": "2023-12-15T20:09:40.917", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:23.017", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-11-30", "cisaActionDue": "2023-12-21", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -160,6 +160,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6346.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6346.json index 7d0d6db13a4..f0fb586a131 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6346.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6346.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6346", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.310", - "lastModified": "2023-12-05T17:15:08.707", + "lastModified": "2024-01-31T17:15:23.213", "vulnStatus": "Modified", "descriptions": [ { @@ -131,6 +131,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6347.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6347.json index 9e5fb2fa865..154d8e72d08 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6347.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6347.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6347", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.357", - "lastModified": "2023-12-05T17:15:08.773", + "lastModified": "2024-01-31T17:15:23.647", "vulnStatus": "Modified", "descriptions": [ { @@ -131,6 +131,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6348.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6348.json index 257a1e54be0..94c8cb4a406 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6348.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6348.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6348", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.403", - "lastModified": "2024-01-03T17:15:11.823", + "lastModified": "2024-01-31T17:15:23.980", "vulnStatus": "Modified", "descriptions": [ { @@ -124,6 +124,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6350.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6350.json index 9676334213c..49c65f4e27c 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6350.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6350.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6350", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.450", - "lastModified": "2023-12-05T17:15:08.897", + "lastModified": "2024-01-31T17:15:24.350", "vulnStatus": "Modified", "descriptions": [ { @@ -131,6 +131,10 @@ "Mailing List" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6351.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6351.json index bb8d6651ca6..00749e13fe5 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6351.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6351", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-29T12:15:07.497", - "lastModified": "2023-12-05T17:15:08.960", + "lastModified": "2024-01-31T17:15:24.673", "vulnStatus": "Modified", "descriptions": [ { @@ -133,6 +133,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5569", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json index f9dd6edfba4..07bbfbfe03a 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6508.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6508", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.297", - "lastModified": "2023-12-11T19:25:11.093", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:24.947", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5573", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json index 6ee35ae3417..be3e9400b53 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6509.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6509", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.343", - "lastModified": "2023-12-11T19:24:12.643", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:25.440", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5573", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json index c3db15149cf..0a45e077229 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6510.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6510", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.390", - "lastModified": "2023-12-11T19:16:22.197", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:25.713", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5573", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json index c2f75d92243..e85b9417d98 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6511.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6511", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.480", - "lastModified": "2023-12-11T19:02:25.903", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:26.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5573", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json index c0409bf2470..5538de25b0a 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6512.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6512", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-06T02:15:07.543", - "lastModified": "2023-12-11T18:53:29.410", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:26.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5573", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json index 9e2f05b3ec8..e1dcaadc9d4 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6702", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.387", - "lastModified": "2023-12-19T14:44:04.613", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:26.693", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json index 8c35c2b27a8..1f0743cc889 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6703.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6703", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.437", - "lastModified": "2023-12-16T02:15:07.857", + "lastModified": "2024-01-31T17:15:27.123", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json index 6b9648630e5..44361ca65a9 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6704.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6704", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.487", - "lastModified": "2023-12-16T02:15:08.073", + "lastModified": "2024-01-31T17:15:27.477", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json index d06c4f9016f..340d75e15c5 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6705.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6705", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.533", - "lastModified": "2023-12-16T02:15:08.133", + "lastModified": "2024-01-31T17:15:27.870", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json index 59f0dbbad23..f03f66567a5 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6706.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6706", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.587", - "lastModified": "2023-12-16T02:15:08.197", + "lastModified": "2024-01-31T17:15:28.193", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json index bd875ddcfcb..15ac87571a2 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6707.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6707", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-14T22:15:44.637", - "lastModified": "2023-12-16T02:15:08.263", + "lastModified": "2024-01-31T17:15:28.553", "vulnStatus": "Modified", "descriptions": [ { @@ -87,6 +87,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6779.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6779.json index 9cab0c28382..544bd87e8c5 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6779.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6779.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6779", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-31T14:15:48.700", - "lastModified": "2024-01-31T14:28:47.077", + "lastModified": "2024-01-31T18:15:47.067", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6779", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json index 01ce3560cd3..076c17b20a4 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6780", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-31T14:15:48.917", - "lastModified": "2024-01-31T14:28:47.077", + "lastModified": "2024-01-31T18:15:47.143", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6780", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json index 7e1038b210d..23bfe420bd0 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7024", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-12-21T23:15:11.213", - "lastModified": "2024-01-03T02:00:01.237", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:29.043", + "vulnStatus": "Modified", "cisaExploitAdd": "2024-01-02", "cisaActionDue": "2024-01-23", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -144,6 +144,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5585", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json index d1b2810fdd1..a72dc71ba5d 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7227", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-25T19:15:08.477", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:46:00.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nSystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "SystemK NVR 504/508/516 versiones 2.3.5SK.30084998 y anteriores son vulnerables a una vulnerabilidad de inyecci\u00f3n de comandos en la configuraci\u00f3n del sistema de nombres de dominio din\u00e1mico (DDNS) que podr\u00eda permitir a un atacante ejecutar comandos arbitrarios con privilegios de root." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:systemk-corp:nvr_504_firmware:2.3.5sk.30084998:*:*:*:*:*:*:*", + "matchCriteriaId": "B86786E5-EF6C-424A-AEC9-0CDC23BADB18" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:systemk-corp:nvr_504:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E8195854-C89D-4EEA-A0AA-37D310930E12" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:systemk-corp:nvr_508_firmware:2.3.5sk.30084998:*:*:*:*:*:*:*", + "matchCriteriaId": "C1EED11C-CA1F-443E-8F2C-9150D6D488CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:systemk-corp:nvr_508:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C883C57D-A648-42E9-8853-C5E04231C8BE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:systemk-corp:nvr_516_firmware:2.3.5sk.30084998:*:*:*:*:*:*:*", + "matchCriteriaId": "24269B88-52D3-4196-8EEB-899D61850612" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:systemk-corp:nvr_516:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F9EDBA4-F6C7-4C6D-9FA2-2F7C202F75E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-02", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json index e52940fded0..5e38392ddde 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0219", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:45.290", - "lastModified": "2024-01-31T16:15:45.290", + "lastModified": "2024-01-31T17:15:29.633", "vulnStatus": "Received", "descriptions": [ { @@ -52,7 +52,7 @@ "source": "security@progress.com" }, { - "url": "https://www.telerik.com/devcraft", + "url": "https://www.telerik.com/products/decompiler.aspx", "source": "security@progress.com" } ] diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json index e4861016d35..56d5f6b6118 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0222", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:28.933", - "lastModified": "2024-01-08T19:43:37.003", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:29.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -120,6 +120,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json index 2aa5ec605df..3a389df87fc 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0223", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:28.987", - "lastModified": "2024-01-08T19:43:03.690", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:30.487", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json index af18d3dba34..ed11e42d96f 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0224", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:29.033", - "lastModified": "2024-01-08T19:42:29.143", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:30.873", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json index 5fda72bebb9..5c39c948f4d 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0225", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:29.080", - "lastModified": "2024-01-08T19:41:43.560", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:31.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.gentoo.org/glsa/202401-34", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json index 35bdd8ec25e..1761d5cc43f 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0402", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T01:15:08.920", - "lastModified": "2024-01-26T13:51:45.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:34:47.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -50,14 +80,84 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.5.8", + "matchCriteriaId": "2D6B2329-5500-4D95-8270-2CCB839C226F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.5.8", + "matchCriteriaId": "3732A61E-AFE9-4A84-B3A8-C34F0F79C5A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.6.0", + "versionEndExcluding": "16.6.6", + "matchCriteriaId": "8429A44F-1788-421A-99A9-1E650735BBDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.6.0", + "versionEndExcluding": "16.6.6", + "matchCriteriaId": "3D66D64A-B883-4A2C-B114-3A54F326BA8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.7.0", + "versionEndExcluding": "16.7.4", + "matchCriteriaId": "0F871342-EDE9-49F2-8081-04651A16CD6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.7.0", + "versionEndExcluding": "16.7.4", + "matchCriteriaId": "9A9ED476-FBE7-4022-AE16-18386E73AA59" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:*", + "matchCriteriaId": "246D6584-64A7-44AC-A279-ECA58E5ED1FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "E591D495-7397-4DA2-A643-477B2E35A915" + } + ] + } + ] + } + ], "references": [ { "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json index 9a9eff9efdd..09703c3f15a 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0832", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:46.287", - "lastModified": "2024-01-31T16:15:46.287", + "lastModified": "2024-01-31T17:15:31.790", "vulnStatus": "Received", "descriptions": [ { @@ -52,7 +52,7 @@ "source": "security@progress.com" }, { - "url": "https://www.telerik.com/devcraft", + "url": "https://www.telerik.com/products/reporting.aspx", "source": "security@progress.com" } ] diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json index 2c6dbf9fe40..ba1a26b444c 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0833", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:46.600", - "lastModified": "2024-01-31T16:15:46.600", + "lastModified": "2024-01-31T17:15:32.147", "vulnStatus": "Received", "descriptions": [ { @@ -52,7 +52,7 @@ "source": "security@progress.com" }, { - "url": "https://www.telerik.com/devcraft", + "url": "https://www.telerik.com/teststudio", "source": "security@progress.com" } ] diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json index 22b4758b68c..28afdd1e17e 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0880", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T18:15:09.027", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:01:46.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Qidianbang qdbcrm 1.1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/edit?id=2 del componente Password Reset es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross-site request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252032. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:100296:qdbcrm:1.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CF8D604B-66D8-461F-8F3A-141DF52839BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252032", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252032", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json index cf388aae86f..dd2a8b4ce78 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0882", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T19:15:08.687", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:32:28.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en qwdigital LinkWechat 5.1.0. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del archivo /linkwechat-api/common/download/resource del componente Universal Download Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name con la entrada /profile/../../../../../etc/passwd conduce a path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252033. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linkwechat:linkwechat:5.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "93DC37E7-412A-42FA-9CAA-B34D4172E674" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.252033", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252033", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json index 62b375ae203..1f8000675df 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0883", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T19:15:08.940", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:51:07.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Online Tours & Travels Management System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta la funci\u00f3n de preparaci\u00f3n del archivo admin/pay.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252034 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:online_tours_\\&_travels_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "034678D5-42ED-4076-964F-D89620540E75" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.csdn.net/weixin_56393356/article/details/135756616", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.252034", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252034", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json index 87bf8a38007..09288ed064e 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20918", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:39.510", - "lastModified": "2024-01-23T19:41:57.467", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:32.580", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -128,6 +128,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20926.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20926.json index cdda5970316..689aa800f7b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20926.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20926.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20926", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:40.207", - "lastModified": "2024-01-23T19:41:44.100", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:33.247", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20952.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20952.json index 922ed6285ce..2a899590568 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20952.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20952.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20952", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:42.477", - "lastModified": "2024-01-23T19:42:52.877", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-31T17:15:33.773", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21888.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21888.json new file mode 100644 index 00000000000..dd2dfae3eee --- /dev/null +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21888.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21888", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-01-31T18:15:47.260", + "lastModified": "2024-01-31T18:23:48.133", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. " + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21893.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21893.json new file mode 100644 index 00000000000..276e869932d --- /dev/null +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21893.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21893", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-01-31T18:15:47.437", + "lastModified": "2024-01-31T18:23:50.397", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22160.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22160.json new file mode 100644 index 00000000000..011afafd8ce --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22160.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22160", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:47.590", + "lastModified": "2024-01-31T18:15:47.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Dalina Image Tag Manager allows Reflected XSS.This issue affects Image Tag Manager: from n/a through 1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/image-tag-manager/wordpress-image-tag-manager-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22161.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22161.json new file mode 100644 index 00000000000..c8bf8c7cc90 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22161.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22161", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:47.773", + "lastModified": "2024-01-31T18:15:47.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/hd-quiz/wordpress-hd-quiz-plugin-1-8-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22162.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22162.json new file mode 100644 index 00000000000..0ae5a02e432 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22162.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22162", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:47.953", + "lastModified": "2024-01-31T18:15:47.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpzoom-shortcodes/wordpress-wpzoom-shortcodes-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22163.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22163.json new file mode 100644 index 00000000000..777a594d14e --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22163.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22163", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:48.140", + "lastModified": "2024-01-31T18:15:48.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security: from n/a through 18.5.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-simple-firewall/wordpress-shield-security-plugin-18-5-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json new file mode 100644 index 00000000000..807933fb52d --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22282", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:48.423", + "lastModified": "2024-01-31T18:15:48.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simplemap/wordpress-simplemap-store-locator-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json new file mode 100644 index 00000000000..32669f38c74 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22286", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:48.663", + "lastModified": "2024-01-31T18:15:48.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus \u2013 Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus \u2013 Before & After Image Slider FREE: from n/a through 1.0.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ba-plus-before-after-image-slider-free/wordpress-ba-plus-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json new file mode 100644 index 00000000000..e3691e65d9c --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22289", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:48.863", + "lastModified": "2024-01-31T18:15:48.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json new file mode 100644 index 00000000000..3e45a2d8285 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22292", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:49.053", + "lastModified": "2024-01-31T18:15:49.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json new file mode 100644 index 00000000000..cbbd3f86e6d --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22293", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:49.250", + "lastModified": "2024-01-31T18:15:49.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bp-profile-search/wordpress-bp-profile-search-plugin-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json new file mode 100644 index 00000000000..f58d325ffcd --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22295", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:49.443", + "lastModified": "2024-01-31T18:15:49.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json new file mode 100644 index 00000000000..8b0d40bd5ef --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22297", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T18:15:49.627", + "lastModified": "2024-01-31T18:15:49.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json new file mode 100644 index 00000000000..f9ed24e7b94 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22302", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T17:15:34.247", + "lastModified": "2024-01-31T17:15:34.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json new file mode 100644 index 00000000000..f53862129b9 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22306", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T17:15:35.560", + "lastModified": "2024-01-31T17:15:35.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json new file mode 100644 index 00000000000..1b442238a01 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22307", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T17:15:36.710", + "lastModified": "2024-01-31T17:15:36.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json new file mode 100644 index 00000000000..87622a0bd62 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22310", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-31T17:15:38.113", + "lastModified": "2024-01-31T17:15:38.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json index 43da02ddc75..f24406e59a3 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json @@ -2,19 +2,91 @@ "id": "CVE-2024-22529", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T16:15:08.960", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:42:44.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa." + }, + { + "lang": "es", + "value": "TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 tiene una vulnerabilidad de inyecci\u00f3n de comando en el sub_449040 (funci\u00f3n de manejo de formUploadFile) de /bin/boa." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x2000r_firmware:2.0.0-b20230727.10434:*:*:*:*:*:*:*", + "matchCriteriaId": "2DC1EF3D-D4D0-4793-9418-0C12884718CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x2000r:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "E04390BE-A47B-4821-8552-42035775A2FB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/unpWn4bL3/iot-security/blob/main/29.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json index d7e34da33b6..eb4152d2844 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json @@ -2,23 +2,88 @@ "id": "CVE-2024-22749", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T16:15:09.010", - "lastModified": "2024-01-25T19:28:53.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:01:59.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577" + }, + { + "lang": "es", + "value": "Se detect\u00f3 que GPAC v2.3 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s de la funci\u00f3n gf_isom_new_generic_sample_description en isomedia/isom_write.c:4577" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "58C43523-0CB3-474F-B88B-6ACA538645FF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/issues/2713", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23637.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23637.json new file mode 100644 index 00000000000..ca4a4cea74d --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23637.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-23637", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T18:15:49.810", + "lastModified": "2024-01-31T18:15:49.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + }, + { + "lang": "en", + "value": "CWE-620" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23897.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23897.json index b496a1195d3..0882a24c9f5 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23897.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23897.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23897", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.370", - "lastModified": "2024-01-29T18:15:08.037", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-31T17:13:39.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,88 @@ "value": "Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una funci\u00f3n de su analizador de comandos CLI que reemplaza un car\u00e1cter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndIncluding": "2.426.2", + "matchCriteriaId": "6007B374-F6EF-48E5-B63B-B5DDDC41B706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndIncluding": "2.441", + "matchCriteriaId": "F32E6FB9-B0D3-47A8-A060-D8F85ED38AB7" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23899.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23899.json index 9eca420b2ff..f203942ad6b 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23899.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23899.json @@ -2,23 +2,87 @@ "id": "CVE-2024-23899", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.467", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:43:39.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system." + }, + { + "lang": "es", + "value": "El complemento del servidor Jenkins Git 99.va_0826a_b_cdfa_d y versiones anteriores no desactiva una funci\u00f3n de su analizador de comandos que reemplaza un car\u00e1cter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes con permiso general/lectura leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "99.va_0826a_b_cdfa_d", + "matchCriteriaId": "683B2B65-ECBB-4DE9-9680-8ECC929F74B7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23900.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23900.json index 454e176e284..94ff170c555 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23900.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23900.json @@ -2,23 +2,87 @@ "id": "CVE-2024-23900", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.523", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:20:14.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers." + }, + { + "lang": "es", + "value": "El complemento Jenkins Matrix Project 822.v01b_8c85d16d2 y versiones anteriores no sanitiza los nombres de eje definidos por el usuario de proyectos de configuraci\u00f3n m\u00faltiple, lo que permite a los atacantes con permiso Elemento/Configurar crear o reemplazar cualquier archivo config.xml en el sistema de archivos del controlador Jenkins con contenido no controlable por los atacantes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:matrix_project:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "822.v01b_8c85d16d2", + "matchCriteriaId": "BABBCE8F-8671-4654-8438-34B627E3D33A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23901.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23901.json index 432aaab8fa7..2167adebc62 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23901.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23901.json @@ -2,23 +2,86 @@ "id": "CVE-2024-23901", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.563", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T17:21:55.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group." + }, + { + "lang": "es", + "value": "El complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y anteriores descubre incondicionalmente proyectos que se comparten con el grupo propietario configurado, lo que permite a los atacantes configurar y compartir un proyecto, lo que da como resultado que Jenkins cree una canalizaci\u00f3n manipulada durante el siguiente an\u00e1lisis del grupo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "684.vea_fa_7c1e2fe3", + "matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23902.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23902.json index 6a2f12059f2..9a5559ca1bd 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23902.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23902.json @@ -2,23 +2,86 @@ "id": "CVE-2024-23902", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.610", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:37:37.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site request forgery (CSRF) en el complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y versiones anteriores permite a los atacantes conectarse a una URL especificada por el atacante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "684.vea_fa_7c1e2fe3", + "matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23903.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23903.json index 9a50a31cba8..5e2aa05db1f 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23903.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23903.json @@ -2,23 +2,86 @@ "id": "CVE-2024-23903", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.653", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-31T18:13:14.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token." + }, + { + "lang": "es", + "value": "El complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y versiones anteriores utiliza una funci\u00f3n de comparaci\u00f3n de tiempo no constante al verificar si el token de webhook proporcionado y el esperado son iguales, lo que potencialmente permite a los atacantes usar m\u00e9todos estad\u00edsticos para obtener un token de webhook v\u00e1lido." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "684.vea_fa_7c1e2fe3", + "matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24566.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24566.json new file mode 100644 index 00000000000..cc1a29bd60a --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24566.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24566", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T17:15:39.173", + "lastModified": "2024-01-31T17:15:39.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24579.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24579.json new file mode 100644 index 00000000000..cfe84c3049b --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24579.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24579", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-31T17:15:40.170", + "lastModified": "2024-01-31T17:15:40.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7b9cb311d3e..4695aef8297 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-31T17:00:25.196490+00:00 +2024-01-31T19:00:25.051961+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-31T16:57:18.603000+00:00 +2024-01-31T18:56:08.913000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,68 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237208 +237232 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `24` -* [CVE-2024-1103](CVE-2024/CVE-2024-11xx/CVE-2024-1103.json) (`2024-01-31T15:15:10.863`) -* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-01-31T16:15:45.290`) -* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-01-31T16:15:46.287`) -* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-01-31T16:15:46.600`) -* [CVE-2024-23502](CVE-2024/CVE-2024-235xx/CVE-2024-23502.json) (`2024-01-31T16:15:46.890`) -* [CVE-2024-23505](CVE-2024/CVE-2024-235xx/CVE-2024-23505.json) (`2024-01-31T16:15:47.163`) -* [CVE-2024-23508](CVE-2024/CVE-2024-235xx/CVE-2024-23508.json) (`2024-01-31T16:15:47.407`) +* [CVE-2023-47116](CVE-2023/CVE-2023-471xx/CVE-2023-47116.json) (`2024-01-31T17:15:13.370`) +* [CVE-2023-50165](CVE-2023/CVE-2023-501xx/CVE-2023-50165.json) (`2024-01-31T18:15:46.320`) +* [CVE-2023-50166](CVE-2023/CVE-2023-501xx/CVE-2023-50166.json) (`2024-01-31T18:15:46.513`) +* [CVE-2023-5390](CVE-2023/CVE-2023-53xx/CVE-2023-5390.json) (`2024-01-31T18:15:46.780`) +* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-01-31T17:15:34.247`) +* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-01-31T17:15:35.560`) +* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-01-31T17:15:36.710`) +* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-01-31T17:15:38.113`) +* [CVE-2024-24566](CVE-2024/CVE-2024-245xx/CVE-2024-24566.json) (`2024-01-31T17:15:39.173`) +* [CVE-2024-24579](CVE-2024/CVE-2024-245xx/CVE-2024-24579.json) (`2024-01-31T17:15:40.170`) +* [CVE-2024-22160](CVE-2024/CVE-2024-221xx/CVE-2024-22160.json) (`2024-01-31T18:15:47.590`) +* [CVE-2024-22161](CVE-2024/CVE-2024-221xx/CVE-2024-22161.json) (`2024-01-31T18:15:47.773`) +* [CVE-2024-22162](CVE-2024/CVE-2024-221xx/CVE-2024-22162.json) (`2024-01-31T18:15:47.953`) +* [CVE-2024-22163](CVE-2024/CVE-2024-221xx/CVE-2024-22163.json) (`2024-01-31T18:15:48.140`) +* [CVE-2024-22282](CVE-2024/CVE-2024-222xx/CVE-2024-22282.json) (`2024-01-31T18:15:48.423`) +* [CVE-2024-22286](CVE-2024/CVE-2024-222xx/CVE-2024-22286.json) (`2024-01-31T18:15:48.663`) +* [CVE-2024-22289](CVE-2024/CVE-2024-222xx/CVE-2024-22289.json) (`2024-01-31T18:15:48.863`) +* [CVE-2024-22292](CVE-2024/CVE-2024-222xx/CVE-2024-22292.json) (`2024-01-31T18:15:49.053`) +* [CVE-2024-22293](CVE-2024/CVE-2024-222xx/CVE-2024-22293.json) (`2024-01-31T18:15:49.250`) +* [CVE-2024-22295](CVE-2024/CVE-2024-222xx/CVE-2024-22295.json) (`2024-01-31T18:15:49.443`) +* [CVE-2024-22297](CVE-2024/CVE-2024-222xx/CVE-2024-22297.json) (`2024-01-31T18:15:49.627`) +* [CVE-2024-23637](CVE-2024/CVE-2024-236xx/CVE-2024-23637.json) (`2024-01-31T18:15:49.810`) +* [CVE-2024-21888](CVE-2024/CVE-2024-218xx/CVE-2024-21888.json) (`2024-01-31T18:15:47.260`) +* [CVE-2024-21893](CVE-2024/CVE-2024-218xx/CVE-2024-21893.json) (`2024-01-31T18:15:47.437`) ### CVEs modified in the last Commit -Recently modified CVEs: `38` +Recently modified CVEs: `177` -* [CVE-2023-39434](CVE-2023/CVE-2023-394xx/CVE-2023-39434.json) (`2024-01-31T15:15:09.663`) -* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2024-01-31T15:15:09.790`) -* [CVE-2023-40451](CVE-2023/CVE-2023-404xx/CVE-2023-40451.json) (`2024-01-31T15:15:09.977`) -* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2024-01-31T15:15:10.067`) -* [CVE-2023-41983](CVE-2023/CVE-2023-419xx/CVE-2023-41983.json) (`2024-01-31T15:15:10.187`) -* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-31T15:15:10.337`) -* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2024-01-31T15:15:10.463`) -* [CVE-2023-42890](CVE-2023/CVE-2023-428xx/CVE-2023-42890.json) (`2024-01-31T15:15:10.633`) -* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-31T16:15:45.150`) -* [CVE-2023-31654](CVE-2023/CVE-2023-316xx/CVE-2023-31654.json) (`2024-01-31T16:26:12.397`) -* [CVE-2023-46889](CVE-2023/CVE-2023-468xx/CVE-2023-46889.json) (`2024-01-31T16:36:18.020`) -* [CVE-2023-36177](CVE-2023/CVE-2023-361xx/CVE-2023-36177.json) (`2024-01-31T16:45:19.120`) -* [CVE-2023-42144](CVE-2023/CVE-2023-421xx/CVE-2023-42144.json) (`2024-01-31T16:48:30.507`) -* [CVE-2023-42143](CVE-2023/CVE-2023-421xx/CVE-2023-42143.json) (`2024-01-31T16:57:18.603`) -* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-31T16:15:45.513`) -* [CVE-2024-0741](CVE-2024/CVE-2024-07xx/CVE-2024-0741.json) (`2024-01-31T16:15:45.613`) -* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-01-31T16:15:45.700`) -* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-31T16:15:45.770`) -* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-31T16:15:45.850`) -* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-31T16:15:45.923`) -* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-31T16:15:46.000`) -* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-31T16:15:46.070`) -* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-31T16:15:46.140`) -* [CVE-2024-0755](CVE-2024/CVE-2024-07xx/CVE-2024-0755.json) (`2024-01-31T16:15:46.210`) -* [CVE-2024-23898](CVE-2024/CVE-2024-238xx/CVE-2024-23898.json) (`2024-01-31T16:49:06.600`) +* [CVE-2023-35836](CVE-2023/CVE-2023-358xx/CVE-2023-35836.json) (`2024-01-31T18:38:16.887`) +* [CVE-2023-7227](CVE-2023/CVE-2023-72xx/CVE-2023-7227.json) (`2024-01-31T18:46:00.220`) +* [CVE-2023-41474](CVE-2023/CVE-2023-414xx/CVE-2023-41474.json) (`2024-01-31T18:54:51.777`) +* [CVE-2024-0880](CVE-2024/CVE-2024-08xx/CVE-2024-0880.json) (`2024-01-31T17:01:46.297`) +* [CVE-2024-23897](CVE-2024/CVE-2024-238xx/CVE-2024-23897.json) (`2024-01-31T17:13:39.360`) +* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-01-31T17:15:29.633`) +* [CVE-2024-0222](CVE-2024/CVE-2024-02xx/CVE-2024-0222.json) (`2024-01-31T17:15:29.990`) +* [CVE-2024-0223](CVE-2024/CVE-2024-02xx/CVE-2024-0223.json) (`2024-01-31T17:15:30.487`) +* [CVE-2024-0224](CVE-2024/CVE-2024-02xx/CVE-2024-0224.json) (`2024-01-31T17:15:30.873`) +* [CVE-2024-0225](CVE-2024/CVE-2024-02xx/CVE-2024-0225.json) (`2024-01-31T17:15:31.230`) +* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-01-31T17:15:31.790`) +* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-01-31T17:15:32.147`) +* [CVE-2024-20918](CVE-2024/CVE-2024-209xx/CVE-2024-20918.json) (`2024-01-31T17:15:32.580`) +* [CVE-2024-20926](CVE-2024/CVE-2024-209xx/CVE-2024-20926.json) (`2024-01-31T17:15:33.247`) +* [CVE-2024-20952](CVE-2024/CVE-2024-209xx/CVE-2024-20952.json) (`2024-01-31T17:15:33.773`) +* [CVE-2024-23900](CVE-2024/CVE-2024-239xx/CVE-2024-23900.json) (`2024-01-31T17:20:14.777`) +* [CVE-2024-23901](CVE-2024/CVE-2024-239xx/CVE-2024-23901.json) (`2024-01-31T17:21:55.750`) +* [CVE-2024-0882](CVE-2024/CVE-2024-08xx/CVE-2024-0882.json) (`2024-01-31T17:32:28.080`) +* [CVE-2024-22749](CVE-2024/CVE-2024-227xx/CVE-2024-22749.json) (`2024-01-31T18:01:59.017`) +* [CVE-2024-23903](CVE-2024/CVE-2024-239xx/CVE-2024-23903.json) (`2024-01-31T18:13:14.563`) +* [CVE-2024-0402](CVE-2024/CVE-2024-04xx/CVE-2024-0402.json) (`2024-01-31T18:34:47.867`) +* [CVE-2024-23902](CVE-2024/CVE-2024-239xx/CVE-2024-23902.json) (`2024-01-31T18:37:37.253`) +* [CVE-2024-22529](CVE-2024/CVE-2024-225xx/CVE-2024-22529.json) (`2024-01-31T18:42:44.573`) +* [CVE-2024-23899](CVE-2024/CVE-2024-238xx/CVE-2024-23899.json) (`2024-01-31T18:43:39.183`) +* [CVE-2024-0883](CVE-2024/CVE-2024-08xx/CVE-2024-0883.json) (`2024-01-31T18:51:07.787`) ## Download and Usage