admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-01T17:00:25.192645+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-01 17:00:28 +00:00
parent 9839b24941
commit 96982f7c5a
39 changed files with 1234 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVE-2019/CVE-2019-250xx/CVE-2019-25078.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2019-25078",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-13T18:15:10.157",
"lastModified": "2023-11-07T03:09:16.987",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:30:16.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en pacparser hasta 1.3.x y clasificada como problem\u00e1tica. La funci\u00f3n pacparser_find_proxy del archivo src/pacparser.c es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL provoca un desbordamiento de b\u00fafer. Atacar localmente es un requisito. La actualizaci\u00f3n a la versi\u00f3n 1.4.0 puede solucionar este problema. El nombre del parche es 853e8f45607cb07b877ffd270c63dbcdd5201ad9. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-215443."
}
],
"metrics": {
@ -33,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +70,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -99,8 +103,7 @@
"url": "https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9",
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
@ -116,8 +119,7 @@
"url": "https://github.com/manugarg/pacparser/releases/tag/v1.4.0",
"source": "cna@vuldb.com",
"tags": [
"Release Notes",
"Third Party Advisory"
"Release Notes"
]
},
{

12
CVE-2021/CVE-2021-454xx/CVE-2021-45479.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2021-45479",
"sourceIdentifier": "cve@usom.gov.tr",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-03-02T09:15:09.297",
"lastModified": "2023-09-03T16:15:09.367",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:35:31.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
@ -97,7 +97,7 @@
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0119",
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory",
"US Government Resource"

29
CVE-2022/CVE-2022-235xx/CVE-2022-23515.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-23515",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T14:15:10.553",
"lastModified": "2023-09-13T17:15:08.497",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:11:55.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1."
},
{
"lang": "es",
"value": "Loofah es una librer\u00eda general para manipular y transformar documentos y fragmentos HTML / XML, construida sobre Nokogiri. Loofah &gt;= 2.1.0, &lt; 2.19.1 es vulnerable a Cross-Site Scripting (XSS) a trav\u00e9s del tipo de medio image/svg+xml en las URI de datos. Este problema est\u00e1 parcheado en la versi\u00f3n 2.19.1."
}
],
"metrics": {
@ -83,6 +87,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -111,7 +130,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

33
CVE-2022/CVE-2022-235xx/CVE-2022-23517.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-23517",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:10.130",
"lastModified": "2023-09-13T17:15:08.803",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:24:41.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer &lt; 1.4.4 utilizan una expresi\u00f3n regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. Esto puede provocar una denegaci\u00f3n de servicio a trav\u00e9s del consumo de recursos de CPU. Este problema se ha corregido en la versi\u00f3n 1.4.4."
}
],
"metrics": {
@ -75,9 +79,24 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:*",
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "0C395888-2086-4AE6-9F41-2A80E43DCB01"
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -110,7 +129,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-235xx/CVE-2022-23518.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-23518",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:10.713",
"lastModified": "2023-09-13T17:15:08.917",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:06:58.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones &gt;= 1.0.3, &lt; 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a trav\u00e9s de URI de datos cuando se usan en combinaci\u00f3n con Loofah &gt;= 2.1.0. Este problema est\u00e1 parcheado en la versi\u00f3n 1.4.4."
}
],
"metrics": {
@ -77,16 +81,42 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loofah_project:loofah:*:*:*:*:*:ruby:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "76857D0B-5247-401D-AC3D-7EB3493F7DBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:*",
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"versionStartIncluding": "1.0.3",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "06C75953-8CF1-40FE-846D-EE8FCA0438C4"
"matchCriteriaId": "B07277FF-73C7-4F2C-8515-8927193955B2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loofah_project:loofah:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.19.1",
"matchCriteriaId": "68F8B0CB-F78F-410C-942F-7FA80481474D"
}
]
}
@ -120,7 +150,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

45
CVE-2022/CVE-2022-235xx/CVE-2022-23519.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-23519",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T17:15:11.067",
"lastModified": "2023-09-13T17:15:09.017",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:59:04.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n"
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer pod\u00eda permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n hab\u00eda anulado las etiquetas permitidas del sanitizador de cualquiera de las siguientes maneras: permitir ambas \"math \" y \"syle\", o permitir elementos \"svg\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. . Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"math\" o \"svg\" y \"style\" deben actualizar o utilizar el siguiente workaround inmediatamente: eliminar \"style\" de las etiquetas permitidas anuladas, o eliminar \"math\" y \"svg\" de la etiquetas permitidas anuladas."
}
],
"metrics": {
@ -56,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -64,6 +68,16 @@
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
@ -75,9 +89,24 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:*",
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "0C395888-2086-4AE6-9F41-2A80E43DCB01"
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -103,7 +132,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

33
CVE-2022/CVE-2022-235xx/CVE-2022-23520.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-23520",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-14T18:15:17.560",
"lastModified": "2023-09-13T17:15:09.127",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:52:23.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.\n"
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer debido a una soluci\u00f3n incompleta de CVE-2022-32209. Rails::Html::Sanitizer puede permitir que un atacante inyecte contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del sanitizador para permitir elementos de \"select\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"select\" y \"style\" deben actualizar o utilizar el workaround: eliminar \"select\" o \"style\" de las etiquetas permitidas anuladas. NOTA: El c\u00f3digo _no_ se ve afectado si las etiquetas permitidas se anulan usando la opci\u00f3n :tags para el m\u00e9todo auxiliar sanitizador de Action View o la opci\u00f3n :tags para el m\u00e9todo de instancia SafeListSanitizer#sanitize."
}
],
"metrics": {
@ -85,9 +89,24 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:*",
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "0C395888-2086-4AE6-9F41-2A80E43DCB01"
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -113,7 +132,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

18
CVE-2022/CVE-2022-322xx/CVE-2022-32209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-32209",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-06-24T15:15:11.153",
"lastModified": "2023-11-07T03:47:46.367",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:22:15.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -157,11 +157,19 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

13
CVE-2022/CVE-2022-412xx/CVE-2022-41278.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-41278",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:22.100",
"lastModified": "2023-04-11T10:15:16.613",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:53:27.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nJT2Go (Todas las versiones &lt; V14.1.0.6), \nTeamcenter Visualization V13.2 (Todas las versiones &lt; V13.2.0.12), \nTeamcenter Visualization V13.3 (Todas las versiones &lt; V13.3.0. 8), \nTeamcenter Visualization V14.0 (todas las versiones &lt; V14.0.0.4), \nTeamcenter Visualization V14.1 (todas las versiones &lt; V14.1.0.6). \nCGM_NIST_Loader.dll contiene una vulnerabilidad de desreferencia de puntero nulo al analizar archivos CGM especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {
@ -85,8 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A264819D-B571-4E10-98CE-7D1E2C04D312"
"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.0.6",
"matchCriteriaId": "13378FEA-210F-47B1-9971-1201E61D236F"
},
{
"vulnerable": true,

13
CVE-2022/CVE-2022-412xx/CVE-2022-41287.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-41287",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:23.060",
"lastModified": "2023-04-11T10:15:17.300",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:05:14.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nJT2Go (Todas las versiones &lt; V14.1.0.6), \nTeamcenter Visualization V13.2 (Todas las versiones &lt; V13.2.0.12), \nTeamcenter Visualization V13.3 (Todas las versiones &lt; V13.3.0. 8), \nTeamcenter Visualization V14.0 (todas las versiones &lt; V14.0.0.4), \nTeamcenter Visualization V14.1 (todas las versiones &lt; V14.1.0.6). \nCGM_NIST_Loader.dll contiene una vulnerabilidad de divisi\u00f3n por cero al analizar un archivo CGM. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {
@ -85,8 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A264819D-B571-4E10-98CE-7D1E2C04D312"
"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.0.6",
"matchCriteriaId": "13378FEA-210F-47B1-9971-1201E61D236F"
},
{
"vulnerable": true,

26
CVE-2022/CVE-2022-42xx/CVE-2022-4224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4224",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-03-23T12:15:12.990",
"lastModified": "2023-08-09T11:15:10.067",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:11:55.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

36
CVE-2022/CVE-2022-43xx/CVE-2022-4353.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4353",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-08T10:15:11.527",
"lastModified": "2023-11-07T03:57:37.450",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:31:16.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en LinZhaoguan pb-cms 2.0 y clasificada como problem\u00e1tica. La funci\u00f3n IpUtil.getIpAddr es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-215113."
}
],
"metrics": {
@ -17,23 +21,23 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,8 +60,18 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",

12
CVE-2022/CVE-2022-44xx/CVE-2022-4401.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4401",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-11T08:15:09.797",
"lastModified": "2023-11-07T03:57:46.010",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:30:45.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en el sistema de selecci\u00f3n de cursos en l\u00ednea pallidlight. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida es afectada por esta funci\u00f3n. La manipulaci\u00f3n conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. El identificador de esta vulnerabilidad es VDB-215268."
}
],
"metrics": {
@ -33,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +70,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{

12
CVE-2023/CVE-2023-08xx/CVE-2023-0839.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2023-0839",
"sourceIdentifier": "cve@usom.gov.tr",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-03-06T08:15:08.330",
"lastModified": "2023-09-03T16:15:10.543",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:02:08.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
@ -97,7 +97,7 @@
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0127",
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]

12
CVE-2023/CVE-2023-09xx/CVE-2023-0979.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2023-0979",
"sourceIdentifier": "cve@usom.gov.tr",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-03-06T15:15:10.077",
"lastModified": "2023-09-07T08:15:07.413",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:02:36.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
@ -97,7 +97,7 @@
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0129",
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory",
"US Government Resource"

12
CVE-2023/CVE-2023-11xx/CVE-2023-1114.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2023-1114",
"sourceIdentifier": "cve@usom.gov.tr",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-03-01T13:15:10.347",
"lastModified": "2023-09-06T15:15:16.077",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:56:59.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
@ -98,7 +98,7 @@
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0113-2",
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory",
"US Government Resource"

10
CVE-2023/CVE-2023-12xx/CVE-2023-1270.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1270",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-03-08T14:15:09.637",
"lastModified": "2023-03-14T19:08:41.337",
"lastModified": "2024-02-01T15:06:40.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3."
"value": "Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3."
}
],
"metrics": {
@ -58,7 +58,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -68,12 +68,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-79"
}
]
}

4
CVE-2023/CVE-2023-245xx/CVE-2023-24581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24581",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-02-14T11:15:16.387",
"lastModified": "2023-03-14T10:15:28.370",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T16:53:27.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-258xx/CVE-2023-25833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25833",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-10T02:15:08.933",
"lastModified": "2023-05-22T22:15:10.087",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:46:30.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

81
CVE-2023/CVE-2023-260xx/CVE-2023-26049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26049",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-18T21:15:09.043",
"lastModified": "2023-09-30T15:15:09.857",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:36:15.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,67 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"matchCriteriaId": "020C93EF-D94B-43CC-9F92-65F046D7EC19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA"
}
]
}
]
}
],
"references": [
@ -148,15 +209,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5507",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.rfc-editor.org/rfc/rfc2965",

34
CVE-2023/CVE-2023-262xx/CVE-2023-26293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26293",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:18.157",
"lastModified": "2023-05-09T13:15:16.537",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:19:36.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -95,8 +95,33 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:*:*:*:*:*:*:*",
"matchCriteriaId": "79F2E078-149A-49ED-B006-74A01DB077D4"
"criteria": "cpe:2.3:a:siemens:tia_portal:17:-:*:*:*:*:*:*",
"matchCriteriaId": "85EDE398-4E18-4F39-9F00-66E9EDB17AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:update1:*:*:*:*:*:*",
"matchCriteriaId": "7C4DFB46-947A-4156-B760-5754D3A502B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:update2:*:*:*:*:*:*",
"matchCriteriaId": "4A46017D-5AF4-4063-92E8-83228CCDEB45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:update3:*:*:*:*:*:*",
"matchCriteriaId": "903EA460-9F1F-4BB1-AAF4-9B17A864892A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:update4:*:*:*:*:*:*",
"matchCriteriaId": "D63A193B-18EB-4399-8528-BC58C88CB19C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tia_portal:17:update5:*:*:*:*:*:*",
"matchCriteriaId": "931BB5EB-D243-4E06-844B-567B899905F2"
},
{
"vulnerable": true,
@ -113,6 +138,7 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf",
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}

59
CVE-2023/CVE-2023-284xx/CVE-2023-28447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28447",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-03-28T21:15:11.127",
"lastModified": "2023-04-15T04:16:06.607",
"vulnStatus": "Modified",
"lastModified": "2024-02-01T15:19:18.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -64,6 +64,16 @@
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
@ -89,6 +99,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
@ -108,15 +143,27 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-290xx/CVE-2023-29007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29007",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T21:15:10.403",
"lastModified": "2023-12-27T10:15:38.680",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-01T15:37:02.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -157,6 +157,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@ -204,7 +209,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/",
@ -216,7 +225,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202312-15",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-456xx/CVE-2023-45629.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45629",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-16T09:15:10.957",
"lastModified": "2023-10-18T22:46:36.583",
"lastModified": "2024-02-01T16:02:06.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,9 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:total-soft:portfolio_gallery_responsive_image_gallery:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:wpdevart:gallery_-_image_and_video_gallery_with_thumbnails:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "CE0CDD5C-3BF7-4C40-AC3E-606A2C142B86"
"matchCriteriaId": "36F87DD9-A3E2-4C42-A5AA-7E8E9487284E"
}
]
}

80
CVE-2023/CVE-2023-471xx/CVE-2023-47115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47115",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T23:15:08.100",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T15:48:10.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,28 +68,72 @@
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.2",
"matchCriteriaId": "326DCEFD-7346-4651-80AD-728FE9E4BD87"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.djangoproject.com/en/4.2/ref/views/#serving-files-in-development",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/functions.py#L18-L49",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/urls.py#L25-L26",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/commit/a7a71e594f32ec4af8f3f800d5ccb8662e275da3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-47xx/CVE-2023-4738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4738",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-02T20:15:07.413",
"lastModified": "2023-12-22T18:03:42.723",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-01T16:16:44.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -107,9 +107,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1",
"matchCriteriaId": "2BB2BFC1-74A1-4178-8488-69EC5A60B34F"
"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2"
}
]
}

15
CVE-2024/CVE-2024-07xx/CVE-2024-0704.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-0704",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-01T15:15:08.080",
"lastModified": "2024-02-01T15:15:08.080",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: very low impact - impractical to correct"
}
],
"metrics": {},
"references": []
}

4
CVE-2024/CVE-2024-08xx/CVE-2024-0831.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0831",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-02-01T02:15:46.330",
"lastModified": "2024-02-01T03:18:21.737",
"lastModified": "2024-02-01T16:17:14.320",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -52,7 +52,7 @@
"source": "security@hashicorp.com"
},
{
"url": "https://link-to-discuss",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311",
"source": "security@hashicorp.com"
}
]

77
CVE-2024/CVE-2024-09xx/CVE-2024-0936.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0936",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T17:15:11.853",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T16:27:09.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en van_der_Schaar LAB TemporAI 0.0.3 y clasificada como cr\u00edtica. La funci\u00f3n load_from_file del componente PKL File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252181. NOTA: Se contact\u00f3 al proveedor con anticipaci\u00f3n y confirm\u00f3 de inmediato la existencia del problema. Est\u00e1 previsto lanzar un parche en febrero de 2024."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +93,63 @@
"value": "CWE-502"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vanderschaarlab:temporai:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E97BB02-CFF8-4FB8-9F83-0002D94E5E63"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bayuncao/vul-cve-5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

77
CVE-2024/CVE-2024-09xx/CVE-2024-0937.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0937",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T18:15:10.487",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T15:50:38.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en van_der_Schaar LAB synthcity 0.2.9 y clasificada como cr\u00edtica. La funci\u00f3n load_from_file del componente PKL File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252182 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor con anticipaci\u00f3n y confirm\u00f3 de inmediato la existencia del problema. Est\u00e1 previsto lanzar un parche en febrero de 2024."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +93,63 @@
"value": "CWE-502"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vanderschaarlab:temporai:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A165D3F-3373-4D67-B640-F3D772D411A7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bayuncao/vul-cve-6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252182",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252182",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

64
CVE-2024/CVE-2024-09xx/CVE-2024-0938.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0938",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T18:15:10.720",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T16:24:33.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA 2017 hasta 11.9 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /general/email/inbox/delete_webmail.php. La manipulaci\u00f3n del argumento WEBBODY_ID_STR conduce a la inyecci\u00f3n SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-252183. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere_2017:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17911529-03FD-4D27-A519-BD155847BCEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252183",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252183",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-11xx/CVE-2024-1141.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1141",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-01T15:15:08.547",
"lastModified": "2024-02-01T15:15:08.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-779"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1141",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836",
"source": "secalert@redhat.com"
}
]
}

80
CVE-2024/CVE-2024-227xx/CVE-2024-22729.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-22729",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T15:15:08.133",
"lastModified": "2024-01-25T19:28:53.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T15:15:34.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NETIS SYSTEMS MW5360 V1.0.1.3031 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro password en la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:mw5360_firmware:1.0.1.3031:*:*:*:*:*:*:*",
"matchCriteriaId": "50AE236C-71A2-40A6-AEB8-AC67A126E0D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:mw5360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81419F13-16A4-403A-8797-2DE806B220BE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_MW5360/blind%20command%20injection%20in%20password%20parameter%20in%20initial%20settings.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-236xx/CVE-2024-23633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T00:15:08.373",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T15:47:45.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.1",
"matchCriteriaId": "0851F09C-7B83-47B1-8217-1394F68D0B13"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py#L595C1-L616C62",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-238xx/CVE-2024-23820.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23820",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-26T17:15:13.287",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T16:30:14.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue."
},
{
"lang": "es",
"value": "OpenFGA, un motor de autorizaci\u00f3n/permisos, es vulnerable a un ataque de denegaci\u00f3n de servicio en versiones anteriores a la 1.4.3. En algunos escenarios que dependen del modelo y las tuplas utilizadas, es posible que una llamada a `ListObjects` no libere memoria correctamente. Entonces, cuando se ejecuta una cantidad suficientemente alta de esas llamadas, el servidor OpenFGA puede crear un error de \"memoria insuficiente\" y finalizar. La versi\u00f3n 1.4.3 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.3",
"matchCriteriaId": "C2F9E0AB-95A2-438B-ABA0-67EECF03D0C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openfga/openfga/commit/908ac85c8b7769c8042cca31886df8db01976c39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openfga/openfga/releases/tag/v1.4.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-rxpw-85vw-fx87",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24752.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24752",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.487",
"lastModified": "2024-02-01T16:17:14.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24753.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24753",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.690",
"lastModified": "2024-02-01T16:17:14.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24754.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24754",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.877",
"lastModified": "2024-02-01T16:17:14.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w",
"source": "security-advisories@github.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-01T15:00:24.902229+00:00
2024-02-01T17:00:25.192645+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-01T14:55:46.047000+00:00
2024-02-01T16:56:59.573000+00:00
```
### Last Data Feed Release
@ -29,50 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237303
237308
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `5`
* [CVE-2023-6078](CVE-2023/CVE-2023-60xx/CVE-2023-6078.json) (`2024-02-01T14:15:55.810`)
* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-01T14:15:56.040`)
* [CVE-2024-24059](CVE-2024/CVE-2024-240xx/CVE-2024-24059.json) (`2024-02-01T14:15:56.230`)
* [CVE-2024-24060](CVE-2024/CVE-2024-240xx/CVE-2024-24060.json) (`2024-02-01T14:15:56.283`)
* [CVE-2024-24061](CVE-2024/CVE-2024-240xx/CVE-2024-24061.json) (`2024-02-01T14:15:56.333`)
* [CVE-2024-24062](CVE-2024/CVE-2024-240xx/CVE-2024-24062.json) (`2024-02-01T14:15:56.380`)
* [CVE-2024-0704](CVE-2024/CVE-2024-07xx/CVE-2024-0704.json) (`2024-02-01T15:15:08.080`)
* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-01T15:15:08.547`)
* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T16:17:14.487`)
* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T16:17:14.690`)
* [CVE-2024-24754](CVE-2024/CVE-2024-247xx/CVE-2024-24754.json) (`2024-02-01T16:17:14.877`)
### CVEs modified in the last Commit
Recently modified CVEs: `56`
Recently modified CVEs: `33`
* [CVE-2023-51514](CVE-2023/CVE-2023-515xx/CVE-2023-51514.json) (`2024-02-01T13:41:44.257`)
* [CVE-2023-51520](CVE-2023/CVE-2023-515xx/CVE-2023-51520.json) (`2024-02-01T13:41:44.257`)
* [CVE-2023-37903](CVE-2023/CVE-2023-379xx/CVE-2023-37903.json) (`2024-02-01T13:46:33.280`)
* [CVE-2023-37283](CVE-2023/CVE-2023-372xx/CVE-2023-37283.json) (`2024-02-01T13:48:57.980`)
* [CVE-2023-39219](CVE-2023/CVE-2023-392xx/CVE-2023-39219.json) (`2024-02-01T13:57:07.213`)
* [CVE-2023-37466](CVE-2023/CVE-2023-374xx/CVE-2023-37466.json) (`2024-02-01T14:05:45.750`)
* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2024-02-01T14:06:55.693`)
* [CVE-2023-35936](CVE-2023/CVE-2023-359xx/CVE-2023-35936.json) (`2024-02-01T14:08:22.863`)
* [CVE-2023-27559](CVE-2023/CVE-2023-275xx/CVE-2023-27559.json) (`2024-02-01T14:09:30.907`)
* [CVE-2023-34455](CVE-2023/CVE-2023-344xx/CVE-2023-34455.json) (`2024-02-01T14:17:17.223`)
* [CVE-2023-30631](CVE-2023/CVE-2023-306xx/CVE-2023-30631.json) (`2024-02-01T14:50:25.267`)
* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2024-02-01T14:55:46.047`)
* [CVE-2024-23941](CVE-2024/CVE-2024-239xx/CVE-2024-23941.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-24548](CVE-2024/CVE-2024-245xx/CVE-2024-24548.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-21750](CVE-2024/CVE-2024-217xx/CVE-2024-21750.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-22148](CVE-2024/CVE-2024-221xx/CVE-2024-22148.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-22430](CVE-2024/CVE-2024-224xx/CVE-2024-22430.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-22449](CVE-2024/CVE-2024-224xx/CVE-2024-22449.json) (`2024-02-01T13:41:44.257`)
* [CVE-2024-0932](CVE-2024/CVE-2024-09xx/CVE-2024-0932.json) (`2024-02-01T14:08:37.997`)
* [CVE-2024-0931](CVE-2024/CVE-2024-09xx/CVE-2024-0931.json) (`2024-02-01T14:19:37.457`)
* [CVE-2024-0933](CVE-2024/CVE-2024-09xx/CVE-2024-0933.json) (`2024-02-01T14:21:18.320`)
* [CVE-2024-0930](CVE-2024/CVE-2024-09xx/CVE-2024-0930.json) (`2024-02-01T14:24:36.343`)
* [CVE-2024-0929](CVE-2024/CVE-2024-09xx/CVE-2024-0929.json) (`2024-02-01T14:25:45.113`)
* [CVE-2024-0928](CVE-2024/CVE-2024-09xx/CVE-2024-0928.json) (`2024-02-01T14:33:39.600`)
* [CVE-2022-23518](CVE-2022/CVE-2022-235xx/CVE-2022-23518.json) (`2024-02-01T16:06:58.297`)
* [CVE-2022-23515](CVE-2022/CVE-2022-235xx/CVE-2022-23515.json) (`2024-02-01T16:11:55.370`)
* [CVE-2022-32209](CVE-2022/CVE-2022-322xx/CVE-2022-32209.json) (`2024-02-01T16:22:15.683`)
* [CVE-2022-23517](CVE-2022/CVE-2022-235xx/CVE-2022-23517.json) (`2024-02-01T16:24:41.460`)
* [CVE-2022-23520](CVE-2022/CVE-2022-235xx/CVE-2022-23520.json) (`2024-02-01T16:52:23.247`)
* [CVE-2023-0839](CVE-2023/CVE-2023-08xx/CVE-2023-0839.json) (`2024-02-01T15:02:08.387`)
* [CVE-2023-0979](CVE-2023/CVE-2023-09xx/CVE-2023-0979.json) (`2024-02-01T15:02:36.347`)
* [CVE-2023-1270](CVE-2023/CVE-2023-12xx/CVE-2023-1270.json) (`2024-02-01T15:06:40.197`)
* [CVE-2023-28447](CVE-2023/CVE-2023-284xx/CVE-2023-28447.json) (`2024-02-01T15:19:18.570`)
* [CVE-2023-26293](CVE-2023/CVE-2023-262xx/CVE-2023-26293.json) (`2024-02-01T15:19:36.830`)
* [CVE-2023-26049](CVE-2023/CVE-2023-260xx/CVE-2023-26049.json) (`2024-02-01T15:36:15.433`)
* [CVE-2023-29007](CVE-2023/CVE-2023-290xx/CVE-2023-29007.json) (`2024-02-01T15:37:02.590`)
* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2024-02-01T15:46:30.307`)
* [CVE-2023-47115](CVE-2023/CVE-2023-471xx/CVE-2023-47115.json) (`2024-02-01T15:48:10.727`)
* [CVE-2023-45629](CVE-2023/CVE-2023-456xx/CVE-2023-45629.json) (`2024-02-01T16:02:06.650`)
* [CVE-2023-4738](CVE-2023/CVE-2023-47xx/CVE-2023-4738.json) (`2024-02-01T16:16:44.740`)
* [CVE-2023-24581](CVE-2023/CVE-2023-245xx/CVE-2023-24581.json) (`2024-02-01T16:53:27.870`)
* [CVE-2023-1114](CVE-2023/CVE-2023-11xx/CVE-2023-1114.json) (`2024-02-01T16:56:59.573`)
* [CVE-2024-22729](CVE-2024/CVE-2024-227xx/CVE-2024-22729.json) (`2024-02-01T15:15:34.173`)
* [CVE-2024-23633](CVE-2024/CVE-2024-236xx/CVE-2024-23633.json) (`2024-02-01T15:47:45.103`)
* [CVE-2024-0937](CVE-2024/CVE-2024-09xx/CVE-2024-0937.json) (`2024-02-01T15:50:38.727`)
* [CVE-2024-0831](CVE-2024/CVE-2024-08xx/CVE-2024-0831.json) (`2024-02-01T16:17:14.320`)
* [CVE-2024-0938](CVE-2024/CVE-2024-09xx/CVE-2024-0938.json) (`2024-02-01T16:24:33.887`)
* [CVE-2024-0936](CVE-2024/CVE-2024-09xx/CVE-2024-0936.json) (`2024-02-01T16:27:09.447`)
* [CVE-2024-23820](CVE-2024/CVE-2024-238xx/CVE-2024-23820.json) (`2024-02-01T16:30:14.907`)
## Download and Usage