admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-15T07:00:26.520976+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-15 07:00:30 +00:00
parent fc583edee8
commit 9b16f426f0
97 changed files with 2937 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2021/CVE-2021-296xx/CVE-2021-29633.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29633",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.667",
"lastModified": "2024-02-15T06:15:44.667",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29634.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29634",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.810",
"lastModified": "2024-02-15T06:15:44.810",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29635.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29635",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.853",
"lastModified": "2024-02-15T06:15:44.853",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29636.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29636",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.890",
"lastModified": "2024-02-15T06:15:44.890",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29637.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29637",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.937",
"lastModified": "2024-02-15T06:15:44.937",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29638.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29638",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:44.977",
"lastModified": "2024-02-15T06:15:44.977",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29639.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29639",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.013",
"lastModified": "2024-02-15T06:15:45.013",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

15
CVE-2021/CVE-2021-296xx/CVE-2021-29640.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2021-29640",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.057",
"lastModified": "2024-02-15T06:15:45.057",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
],
"metrics": {},
"references": []
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23084.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23084",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:08.833",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23085.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23085",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.110",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23086.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23086",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.273",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.\n\nUsers with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23087.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23087",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.337",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload (\"TSO\"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.\n\nWhen checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types.\n\nA misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context.\n\nThe bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23088.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23088",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.440",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23089.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23089",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:09.620",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23090.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23090",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.103",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.\n\nAn attacker may cause the reference count to overflow, leading to a use after free (UAF)."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23091.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23091",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.147",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23092.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23092",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.190",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.\n\nThe bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2022/CVE-2022-230xx/CVE-2022-23093.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23093",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T06:15:45.240",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to\u00a0reconstruct the IP header, the ICMP header and if present a \"quoted\u00a0packet,\" which represents the packet that generated an ICMP error. The\u00a0quoted packet again has an IP header and an ICMP header.\n\nThe pr_pack() copies received IP and ICMP headers into stack buffers\u00a0for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.\n\nThe memory safety bugs described above can be triggered by a remote\u00a0host, causing the ping program to crash.\n\nThe ping process runs in a capability mode sandbox on all affected\u00a0versions of FreeBSD and is thus very constrained in how it can interact\u00a0with the rest of the system at the point where the bug can occur."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc",
"source": "secteam@freebsd.org"
}
]
}

4
CVE-2022/CVE-2022-482xx/CVE-2022-48219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48219",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-14T23:15:07.960",
"lastModified": "2024-02-14T23:15:07.960",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-482xx/CVE-2022-48220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48220",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-14T23:15:08.033",
"lastModified": "2024-02-14T23:15:08.033",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-315xx/CVE-2023-31506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T07:15:59.310",
"lastModified": "2024-02-09T14:31:23.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:58.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) en las versiones de Grav 1.7.44 y anteriores permite a atacantes remotos autenticados ejecutar scripts web o HTML arbitrarios a trav\u00e9s del atributo onmouseover de un elemento ISINDEX."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.7.44",
"matchCriteriaId": "913A6557-EDD2-4E21-8382-28991AC3885E"
}
]
}
]
}
],
"references": [
{
"url": "https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

13
CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-46595",
"sourceIdentifier": "security.vulnerabilities@algosec.com",
"published": "2023-11-02T08:15:08.040",
"lastModified": "2024-02-01T02:18:54.220",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-15T06:15:45.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above),\u00a0\n\nA32.50 (b400 and above),\u00a0\n\nA32.60 (b220 and above)\n\n"
"value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor\u00a0allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in\u00a0A32.20 (b570 or above), A32.50 (b390 or above)\n\n"
},
{
"lang": "es",
@ -109,11 +109,8 @@
],
"references": [
{
"url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm",
"source": "security.vulnerabilities@algosec.com",
"tags": [
"Third Party Advisory"
]
"url": "https://cwe.mitre.org/data/definitions/79.html",
"source": "security.vulnerabilities@algosec.com"
}
]
}

55
CVE-2023/CVE-2023-465xx/CVE-2023-46596.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46596",
"sourceIdentifier": "security.vulnerabilities@algosec.com",
"published": "2024-02-15T06:15:45.453",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in\u00a0version A32.20, A32.50, A32.60 allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the code of application. Fixed in version\u00a0A32.20 (b600 and\nabove),\u00a0A32.50 (b430 and\nabove),\u00a0A32.60 (b250 and\nabove)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@algosec.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@algosec.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html",
"source": "security.vulnerabilities@algosec.com"
}
]
}

6
CVE-2023/CVE-2023-46xx/CVE-2023-4625.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4625",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-11-06T05:15:15.187",
"lastModified": "2023-11-14T15:30:36.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-15T06:15:45.757",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login."
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-472xx/CVE-2023-47218.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47218",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-13T03:15:07.700",
"lastModified": "2024-02-13T14:01:40.577",
"lastModified": "2024-02-15T06:15:45.653",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -58,6 +58,10 @@
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57",
"source": "security@qnapsecurity.com.tw"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/",
"source": "security@qnapsecurity.com.tw"
}
]
}

4
CVE-2023/CVE-2023-482xx/CVE-2023-48229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48229",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T19:15:08.893",
"lastModified": "2024-02-14T19:15:08.893",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-487xx/CVE-2023-48733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48733",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-02-14T22:15:47.320",
"lastModified": "2024-02-14T22:15:47.320",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-497xx/CVE-2023-49721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49721",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-02-14T22:15:47.530",
"lastModified": "2024-02-14T22:15:47.530",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-500xx/CVE-2023-50061.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-50061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T18:15:08.157",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:02:52.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher()."
},
{
"lang": "es",
"value": "PrestaShop Op'art Easy Redirect &gt;= 1.3.8 y &lt;= 1.3.12 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de Oparteasyredirect::hookActionDispatcher()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:store-opart:op\\'art_easy_redirect:*:*:*:*:*:prestashop:*:*",
"versionStartIncluding": "1.3.8",
"versionEndIncluding": "1.3.12",
"matchCriteriaId": "6111C526-C1D8-48CF-8A4C-A944A957804A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/02/08/oparteasyredirect.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.store-opart.fr/p/39-module-redirection-prestashop.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

10
CVE-2023/CVE-2023-503xx/CVE-2023-50358.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50358",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-13T03:15:07.963",
"lastModified": "2024-02-13T14:01:40.577",
"lastModified": "2024-02-15T06:15:45.960",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,14 @@
}
],
"references": [
{
"url": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/",
"source": "security@qnapsecurity.com.tw"
},
{
"url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032",
"source": "security@qnapsecurity.com.tw"
},
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57",
"source": "security@qnapsecurity.com.tw"

4
CVE-2023/CVE-2023-509xx/CVE-2023-50926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50926",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T20:15:45.163",
"lastModified": "2024-02-14T20:15:45.163",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-509xx/CVE-2023-50927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50927",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T20:15:45.367",
"lastModified": "2024-02-14T20:15:45.367",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-514xx/CVE-2023-51404.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51404",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:07.480",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:06.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en MyAgilePrivacy My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust permite Stored XSS. Este problema afecta a My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust: desde n/a hasta 2.1.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myagileprivacy:my_agile_privacy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.7",
"matchCriteriaId": "D5725469-E6A9-45B8-BCEC-36243B9FD1E0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/myagileprivacy/wordpress-my-agile-privacy-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51415.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51415",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:07.740",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:14.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 3.2.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform permite almacenar XSS. Este problema afecta a GiveWP \u2013 Donation Plugin and Fundraising Platform: desde n/a hasta 3.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "7C6EB3A8-AC8C-49D1-A2F9-2BA7FAFCAFC5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-514xx/CVE-2023-51480.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51480",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:07.990",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:21.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store permiten almacenar XSS. Este problema afecta a Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: desde n/a hasta 1.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,42 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:1.0.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "327A99ED-90FE-4043-903F-B8CE8F5772EF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51485.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51485",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:08.183",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:27.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Hosting Pay with Vipps y MobilePay para WooCommerce permite almacenar XSS. Este problema afecta a Pay with Vipps y MobilePay para WooCommerce: desde n/a hasta 1.14.13 ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-hosting:pay_with_vipps_and_mobilepay_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.14.13",
"matchCriteriaId": "5D4DE4B3-5A8D-404C-9CAF-93D70A6215A7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-vipps/wordpress-pay-with-vipps-for-woocommerce-plugin-1-14-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51488.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51488",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:08.390",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:36.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard \u2013 Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard \u2013 Polls, Surveys & more: from n/a through 3.0.11.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Automattic, Inc. Crowdsignal Dashboard \u2013 Polls, Surveys &amp; more permite XSS Reflejado. Este problema afecta a Crowdsignal Dashboard \u2013 Polls, Surveys &amp; more: de n/a hasta 3.0.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:automattic:crowdsignal_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.11",
"matchCriteriaId": "52043B5E-AC84-44F0-9637-4DDC140EF39B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51492.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51492",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:08.597",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:42.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en If So Plugin If-So Dynamic Content Personalization permite almacenar XSS. Este problema afecta a If-So Dynamic Content Personalization: desde n/a hasta 1.6.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:if-so:dynamic_content_personalization:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.3.1",
"matchCriteriaId": "C5562C2E-47A9-48A9-8C03-B0E9C6CFCB6A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/if-so/wordpress-if-so-dynamic-content-personalization-plugin-1-6-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-514xx/CVE-2023-51493.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51493",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:08.803",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:48.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Howard Ehrenberg Custom Post Carousels with Owl permite almacenar XSS. Este problema afecta a Custom Post Carousels with Owl: desde n/a hasta 1.4.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:howardehrenberg:custom_post_carousels_with_owl:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.6",
"matchCriteriaId": "0885A976-BD5C-4F0C-B2F6-EFAE36FF1298"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dd-post-carousel/wordpress-custom-post-carousels-with-owl-plugin-1-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-517xx/CVE-2023-51787.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51787",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T06:15:46.067",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak."
}
],
"metrics": {},
"references": [
{
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-61xx/CVE-2023-6138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6138",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-14T23:15:08.093",
"lastModified": "2024-02-14T23:15:08.093",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0007",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-02-14T18:15:47.110",
"lastModified": "2024-02-14T18:15:47.110",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0008",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-02-14T18:15:47.310",
"lastModified": "2024-02-14T18:15:47.310",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0009",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-02-14T18:15:47.503",
"lastModified": "2024-02-14T18:15:47.503",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0010",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-02-14T18:15:47.703",
"lastModified": "2024-02-14T18:15:47.703",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0011",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-02-14T18:15:47.897",
"lastModified": "2024-02-14T18:15:47.897",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2024/CVE-2024-01xx/CVE-2024-0169.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0169",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.543",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:24:58.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a los usuarios a descargar y ejecutar software malicioso creado por la caracter\u00edstica de este producto para comprometer sus sistemas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-13xx/CVE-2024-1312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1312",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-08T13:15:09.500",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:16.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +70,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1312",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225569",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-13xx/CVE-2024-1367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1367",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-02-14T22:15:47.753",
"lastModified": "2024-02-14T22:15:47.753",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-14xx/CVE-2024-1471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1471",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-02-14T22:15:47.953",
"lastModified": "2024-02-14T22:15:47.953",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-14xx/CVE-2024-1482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1482",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-02-14T20:15:45.690",
"lastModified": "2024-02-14T20:15:45.690",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-14xx/CVE-2024-1485.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-1485",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-14T00:15:46.783",
"lastModified": "2024-02-14T13:59:35.580",
"lastModified": "2024-02-15T05:15:09.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
"value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
}
],
"metrics": {

59
CVE-2024/CVE-2024-14xx/CVE-2024-1488.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1488",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-15T05:15:10.257",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-15"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1488",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2024/CVE-2024-15xx/CVE-2024-1523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1523",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T02:15:49.960",
"lastModified": "2024-02-15T02:15:49.960",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2024/CVE-2024-222xx/CVE-2024-22223.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22223",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.497",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:07.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo dentro de su utilidad svc_cbr. Un usuario malintencionado autenticado con acceso local podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicaci\u00f3n, con los privilegios de la aplicaci\u00f3n vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22224.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22224",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.713",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:21.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_nas. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, escapar del shell restringido y ejecutar comandos arbitrarios del sistema operativo con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22225.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22225",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.927",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:29.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_supportassist. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22227.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22227",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.333",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:36.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_dc. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que le permitir\u00eda ejecutar comandos con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22228.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22228",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.527",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:45.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_cifssupport. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, escapar del shell restringido y ejecutar comandos arbitrarios del sistema operativo con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22230.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22230",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.717",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:25:53.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de Cross-Site Scripting. Un atacante autenticado podr\u00eda potencialmente explotar esta vulnerabilidad, robando informaci\u00f3n de la sesi\u00f3n, haci\u00e9ndose pasar por el usuario afectado o llevando a cabo cualquier acci\u00f3n que este usuario pudiera realizar, o, en general, controlar el navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-224xx/CVE-2024-22464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22464",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-08T10:15:14.183",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:27.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_appsync:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0.0",
"versionEndExcluding": "4.6.0.2",
"matchCriteriaId": "211F1F23-7FBD-4708-AB79-BE2A94763FC0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-234xx/CVE-2024-23452.json
View File

@ -2,19 +2,42 @@
"id": "CVE-2024-23452",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-08T09:15:46.420",
"lastModified": "2024-02-08T14:15:42.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:36.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description\uff1a\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack\u00a0scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0\n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518 \n\n"
"value": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description?\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack\u00a0scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0\n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518 \n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de contrabando de solicitudes en el servidor HTTP en Apache bRPC 0.9.5~1.7.0 en todas las plataformas permite al atacante contrabandear solicitudes. Descripci\u00f3n de la causa de la vulnerabilidad: http_parser no cumple con la especificaci\u00f3n RFC-7230 HTTP 1.1. Escenario de ataque: si se recibe un mensaje con un campo de encabezado Transfer-Encoding y Content-Length, dicho mensaje podr\u00eda indicar un intento de realizar contrabando de solicitudes o divisi\u00f3n de respuestas. Un escenario de ataque particular es que un bRPC cre\u00f3 un servidor http en el backend que recibe solicitudes en una conexi\u00f3n persistente desde el servidor frontend que usa TE para analizar la solicitud con la l\u00f3gica de que el \"fragmento\" est\u00e1 contenido en el campo TE. En ese caso, un atacante puede introducir de contrabando una solicitud en la conexi\u00f3n con el servidor backend. Soluci\u00f3n: Puede elegir una de las siguientes soluciones: 1. Actualice bRPC a la versi\u00f3n 1.8.0, que soluciona este problema. Enlace de descarga: https://github.com/apache/brpc/releases/tag/1.8.0 2. Aplique este parche: https://github.com/apache/brpc/pull/2518"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,22 +50,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:brpc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.5",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "D85C5E5D-ED1F-4FA9-8DB1-A0E66013AC0D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/apache/brpc/pull/2518",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/apache/brpc/releases/tag/1.8.0",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

104
CVE-2024/CVE-2024-238xx/CVE-2024-23806.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23806",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-07T17:15:10.713",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:01:56.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.\n\n\n\n"
},
{
"lang": "es",
"value": "Se pueden extraer datos confidenciales de las tarjetas de configuraci\u00f3n del lector HID iCLASS SE. Esto podr\u00eda incluir claves de administrador de dispositivos y credenciales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,14 +80,76 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:omnikey_secure_elements_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC7A2CF-0FC7-43A7-B92A-3C90118A36A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:omnikey_secure_elements_reader_configuration_cards:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4489CAC5-5127-40FA-A134-0F609A64FF90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hidglobal:iclass_se_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28970D60-1C55-4786-AFC2-DCDE2AE646C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hidglobal:iclass_se_reader_configuration_cards:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F892E2E-A44A-4E04-B9C7-E2686A9274EE"
}
]
}
]
}
],
"references": [
{
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.hidglobal.com/support",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
]
}
]
}

4
CVE-2024/CVE-2024-243xx/CVE-2024-24300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24300",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T23:15:08.140",
"lastModified": "2024-02-14T23:15:08.140",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-243xx/CVE-2024-24301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T23:15:08.190",
"lastModified": "2024-02-14T23:15:08.190",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

95
CVE-2024/CVE-2024-243xx/CVE-2024-24321.json
View File

@ -2,31 +2,112 @@
"id": "CVE-2024-24321",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T18:15:08.293",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:02:58.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function."
},
{
"lang": "es",
"value": "Un problema en Dlink DIR-816A2 v.1.10CNB05 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro Wizardstep4_ssid_2 en la funci\u00f3n sub_42DA54."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "6A221E99-E2B0-4C57-9263-9A86EFF8746E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://dir-816a2.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

62
CVE-2024/CVE-2024-245xx/CVE-2024-24563.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24563",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T17:15:10.913",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:02:12.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.\n\nThere are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check."
},
{
"lang": "es",
"value": "Vyper es un lenguaje de contrato inteligente pit\u00f3nico para la m\u00e1quina virtual Ethereum. Las matrices pueden codificarse mediante un entero con signo, mientras que est\u00e1n definidas solo para enteros sin signo. El verificador de tipos no arroja datos al detectar el uso de un `int` como \u00edndice para una matriz. El verificador de tipos permite el uso de n\u00fameros enteros con signo como \u00edndices de matrices. La vulnerabilidad est\u00e1 presente en diferentes formas en todas las versiones, incluida la \"0.3.10\". Para enteros, se utiliza la representaci\u00f3n en complemento a 2. Debido a que la matriz fue declarada muy grande, la verificaci\u00f3n de los l\u00edmites pasar\u00e1. Los valores negativos simplemente se representar\u00e1n como n\u00fameros muy grandes. Al momento de la publicaci\u00f3n, no existe una versi\u00f3n fija. Hay tres clases potenciales de vulnerabilidad: comportamiento impredecible, acceso a elementos inaccesibles y denegaci\u00f3n de servicio. Clase 1: si es posible indexar una matriz con un n\u00famero entero negativo sin revertirla, lo m\u00e1s probable es que el desarrollador no lo anticipe y dichos accesos pueden causar un comportamiento impredecible para el contrato. Clase 2: si un contrato tiene una invariante en la forma \"afirmar \u00edndice = x` son accesibles. Sin embargo, al utilizar \u00edndices negativos, esto se puede evitar. Clase 3: Si el \u00edndice depende del estado del contrato, esto plantea un riesgo de denegaci\u00f3n de servicio. Si el estado del contrato se puede manipular de tal manera que el \u00edndice se vea obligado a ser negativo, el acceso a la matriz siempre se puede revertir (porque lo m\u00e1s probable es que la matriz no se declare extremadamente grande). Sin embargo, todos estos escenarios son muy improbables. El comportamiento m\u00e1s probable es revertir la comprobaci\u00f3n de los l\u00edmites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.3.10",
"matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

93
CVE-2024/CVE-2024-247xx/CVE-2024-24771.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24771",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T15:15:08.283",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:01:22.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking."
},
{
"lang": "es",
"value": "Open Forms permite a los usuarios crear y publicar formularios inteligentes. Las versiones anteriores a 2.2.9, 2.3.7, 2.4.5 y 2.5.2 contienen una debilidad de autenticaci\u00f3n multifactor no explotable. Los superusuarios que tienen sus credenciales (nombre de usuario + contrase\u00f1a) comprometidas podr\u00edan pasar por alto la autenticaci\u00f3n de segundo factor si un atacante de alguna manera logra autenticarse en Open Forms. Los mantenedores de Open Forms no creen que sea ni haya sido posible realizar este inicio de sesi\u00f3n. Sin embargo, si esto fuera posible, se podr\u00eda abusar de la cuenta de la v\u00edctima para ver datos de env\u00edo (potencialmente confidenciales) o haber sido utilizada para hacerse pasar por otras cuentas del personal para ver y/o modificar datos. Tres factores atenuantes para ayudar a prevenir la explotaci\u00f3n incluyen: la p\u00e1gina de inicio de sesi\u00f3n habitual (en `/admin/login/`) no inicia la sesi\u00f3n completa del usuario hasta que el segundo factor se proporciona con \u00e9xito; la p\u00e1gina de inicio de sesi\u00f3n adicional no protegida por MFA en `/api/v2/api-authlogin/` estaba mal configurada y no se pod\u00eda usar para iniciar sesi\u00f3n; y no hay formas adicionales de iniciar sesi\u00f3n. Esto tambi\u00e9n requiere que las credenciales de un superusuario est\u00e9n comprometidas para que sean explotables. Las versiones 2.2.9, 2.3.7, 2.4.5 y 2.5.2 contienen los siguientes parches para abordar estas debilidades: Mover y habilitar solo los endpoints de autenticaci\u00f3n API (`/api/v2/api-auth/login/`) con `settings.DEBUG = True`. `settings.DEBUG = True` es inseguro y nunca debe aplicarse en entornos de producci\u00f3n. Adem\u00e1s, aplique una verificaci\u00f3n de permiso personalizada al flujo de secuestro para permitir que solo los superusuarios verificados por un segundo factor realicen el secuestro de usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,26 +78,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maykinmedia:open_forms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "161AEFCB-F079-472E-86A6-07D57D35E2B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maykinmedia:open_forms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "D90A88F3-FA88-43D2-A0CC-CB07C72214B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maykinmedia:open_forms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.5",
"matchCriteriaId": "13ADD1B0-57FD-4991-8B4A-2340EDEAADC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maykinmedia:open_forms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndExcluding": "2.5.2",
"matchCriteriaId": "0BCE6950-BEFB-4D6E-BB5D-99A16A9E0DC8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/open-formulieren/open-forms/releases/tag/2.2.9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-formulieren/open-forms/releases/tag/2.3.7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-formulieren/open-forms/releases/tag/2.4.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-formulieren/open-forms/releases/tag/2.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-formulieren/open-forms/security/advisories/GHSA-64r3-x3gf-vp63",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

81
CVE-2024/CVE-2024-248xx/CVE-2024-24806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T22:15:10.173",
"lastModified": "2024-02-11T21:15:45.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:02:23.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,34 +70,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libuv:libuv:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.24.0",
"versionEndIncluding": "1.48.0",
"matchCriteriaId": "AC41FB55-F981-41EA-A6C0-7E6ECB400BCC"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/11/1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-248xx/CVE-2024-24816.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24816",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T17:15:11.383",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:01:35.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts."
},
{
"lang": "es",
"value": "CKEditor4 es un editor HTML de c\u00f3digo abierto de lo que ves es lo que obtienes. Se descubri\u00f3 una vulnerabilidad de cross-site scripting en versiones anteriores a la 4.24.0-lts en muestras que utilizan la funci\u00f3n \"vista previa\". Todos los integradores que utilicen estos ejemplos en el c\u00f3digo de producci\u00f3n pueden verse afectados. La vulnerabilidad permite a un atacante ejecutar c\u00f3digo JavaScript abusando de la funci\u00f3n de vista previa mal configurada. Afecta a todos los usuarios que utilizan CKEditor 4 en la versi\u00f3n &lt;4.24.0-lts con muestras afectadas utilizadas en un entorno de producci\u00f3n. Hay una soluci\u00f3n disponible en la versi\u00f3n 4.24.0-lts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.24.0",
"matchCriteriaId": "B6B9E14F-3103-4A78-A337-47786B2B06ED"
}
]
}
]
}
],
"references": [
{
"url": "https://ckeditor.com/cke4/addon/preview",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-248xx/CVE-2024-24886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24886",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T11:15:08.207",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:32.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acowebs:product_labels_for_woocommerce_\\(sale_badges\\):*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.4",
"matchCriteriaId": "DEEA8EC6-382F-44FF-AA44-68607B0F660D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-251xx/CVE-2024-25165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25165",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T20:15:46.057",
"lastModified": "2024-02-14T20:15:46.057",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2024/CVE-2024-251xx/CVE-2024-25189.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:10.960",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:02:33.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel."
},
{
"lang": "es",
"value": "libjwt 1.15.3 usa strcmp (que no es un tiempo constante) para verificar la autenticaci\u00f3n, lo que facilita eludir la autenticaci\u00f3n a trav\u00e9s de un canal lateral de temporizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bencollins:jwt_c_library:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "110D1B50-016F-4346-9FA9-506FFE08D37C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-251xx/CVE-2024-25190.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25190",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:11.013",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:08.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel."
},
{
"lang": "es",
"value": "l8w8jwt 2.2.1 usa memcmp (que no es un tiempo constante) para verificar la autenticaci\u00f3n, lo que facilita eludir la autenticaci\u00f3n a trav\u00e9s de un canal lateral de temporizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glitchedpolygons:l8w8jwt:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F66D4B-2520-4DEA-83BD-28C996E2863E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/GlitchedPolygons%3Al8w8jwt.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-251xx/CVE-2024-25191.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25191",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:11.067",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T05:03:05.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel."
},
{
"lang": "es",
"value": "php-jwt 1.0.0 usa strcmp (que no es un tiempo constante) para verificar la autenticaci\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil omitir la autenticaci\u00f3n a trav\u00e9s de un canal lateral de sincronizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zihanggao:php-jwt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E425AC-100E-4EEC-B7A1-9AFF908FB9BF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/cdoco%3Aphp-jwt.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25207.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25207",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:08.803",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:26:56.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:barangay_management_system_project:barangay_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8125B9F7-64F4-47FA-A1AC-EFE28424352F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

65
CVE-2024/CVE-2024-252xx/CVE-2024-25208.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2024-25208",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:08.863",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:02.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:barangay_management_system_project:barangay_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8125B9F7-64F4-47FA-A1AC-EFE28424352F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25212.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25212",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:09.063",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:12.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sherlock:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D547B4A1-596B-42B6-AE3E-1BEE246CA278"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%204.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25213.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:09.117",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:20.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sherlock:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D547B4A1-596B-42B6-AE3E-1BEE246CA278"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%203.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25214.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25214",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:09.167",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:33.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sherlock:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D547B4A1-596B-42B6-AE3E-1BEE246CA278"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20Authentication%20Bypass.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25215.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25215",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:09.223",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:41.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sherlock:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D547B4A1-596B-42B6-AE3E-1BEE246CA278"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%202.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-252xx/CVE-2024-25216.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2024-25216",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T15:15:09.273",
"lastModified": "2024-02-14T16:13:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T06:27:52.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sherlock:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D547B4A1-596B-42B6-AE3E-1BEE246CA278"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%201.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-253xx/CVE-2024-25300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25300",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T19:15:10.213",
"lastModified": "2024-02-14T19:15:10.213",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-253xx/CVE-2024-25301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T19:15:10.277",
"lastModified": "2024-02-14T19:15:10.277",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2024/CVE-2024-255xx/CVE-2024-25559.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25559",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-15T05:15:10.870",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log."
}
],
"metrics": {},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN48966481/",
"source": "vultures@jpcert.or.jp"
}
]
}

4
CVE-2024/CVE-2024-256xx/CVE-2024-25617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25617",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T21:15:08.197",
"lastModified": "2024-02-14T21:15:08.197",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-256xx/CVE-2024-25618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25618",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T21:15:08.410",
"lastModified": "2024-02-14T21:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-256xx/CVE-2024-25619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-14T21:15:08.620",
"lastModified": "2024-02-14T21:15:08.620",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-256xx/CVE-2024-25620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25620",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-15T00:15:45.347",
"lastModified": "2024-02-15T00:15:45.347",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-259xx/CVE-2024-25940.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25940",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:11.100",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to.\u00a0In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc",
"source": "secteam@freebsd.org"
}
]
}

20
CVE-2024/CVE-2024-259xx/CVE-2024-25941.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25941",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:11.200",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.\n\nAttacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by \"pstat -t\" may be leaked."
}
],
"metrics": {},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc",
"source": "secteam@freebsd.org"
}
]
}

4
CVE-2024/CVE-2024-262xx/CVE-2024-26260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26260",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:34.833",
"lastModified": "2024-02-15T03:15:34.833",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26261",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.083",
"lastModified": "2024-02-15T03:15:35.083",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26262.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26262",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.313",
"lastModified": "2024-02-15T03:15:35.313",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26263",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.530",
"lastModified": "2024-02-15T03:15:35.530",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26264.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26264",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.840",
"lastModified": "2024-02-15T03:15:35.840",
"vulnStatus": "Received",
"lastModified": "2024-02-15T06:23:39.303",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-15T05:00:24.770341+00:00
2024-02-15T07:00:26.520976+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-15T04:53:10.967000+00:00
2024-02-15T06:27:52.447000+00:00
```
### Last Data Feed Release
@ -29,49 +29,68 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238611
238635
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `24`
* [CVE-2024-26260](CVE-2024/CVE-2024-262xx/CVE-2024-26260.json) (`2024-02-15T03:15:34.833`)
* [CVE-2024-26261](CVE-2024/CVE-2024-262xx/CVE-2024-26261.json) (`2024-02-15T03:15:35.083`)
* [CVE-2024-26262](CVE-2024/CVE-2024-262xx/CVE-2024-26262.json) (`2024-02-15T03:15:35.313`)
* [CVE-2024-26263](CVE-2024/CVE-2024-262xx/CVE-2024-26263.json) (`2024-02-15T03:15:35.530`)
* [CVE-2024-26264](CVE-2024/CVE-2024-262xx/CVE-2024-26264.json) (`2024-02-15T03:15:35.840`)
* [CVE-2021-29633](CVE-2021/CVE-2021-296xx/CVE-2021-29633.json) (`2024-02-15T06:15:44.667`)
* [CVE-2021-29634](CVE-2021/CVE-2021-296xx/CVE-2021-29634.json) (`2024-02-15T06:15:44.810`)
* [CVE-2021-29635](CVE-2021/CVE-2021-296xx/CVE-2021-29635.json) (`2024-02-15T06:15:44.853`)
* [CVE-2021-29636](CVE-2021/CVE-2021-296xx/CVE-2021-29636.json) (`2024-02-15T06:15:44.890`)
* [CVE-2021-29637](CVE-2021/CVE-2021-296xx/CVE-2021-29637.json) (`2024-02-15T06:15:44.937`)
* [CVE-2021-29638](CVE-2021/CVE-2021-296xx/CVE-2021-29638.json) (`2024-02-15T06:15:44.977`)
* [CVE-2021-29639](CVE-2021/CVE-2021-296xx/CVE-2021-29639.json) (`2024-02-15T06:15:45.013`)
* [CVE-2021-29640](CVE-2021/CVE-2021-296xx/CVE-2021-29640.json) (`2024-02-15T06:15:45.057`)
* [CVE-2022-23084](CVE-2022/CVE-2022-230xx/CVE-2022-23084.json) (`2024-02-15T05:15:08.833`)
* [CVE-2022-23085](CVE-2022/CVE-2022-230xx/CVE-2022-23085.json) (`2024-02-15T05:15:09.110`)
* [CVE-2022-23086](CVE-2022/CVE-2022-230xx/CVE-2022-23086.json) (`2024-02-15T05:15:09.273`)
* [CVE-2022-23087](CVE-2022/CVE-2022-230xx/CVE-2022-23087.json) (`2024-02-15T05:15:09.337`)
* [CVE-2022-23088](CVE-2022/CVE-2022-230xx/CVE-2022-23088.json) (`2024-02-15T05:15:09.440`)
* [CVE-2022-23089](CVE-2022/CVE-2022-230xx/CVE-2022-23089.json) (`2024-02-15T05:15:09.620`)
* [CVE-2022-23090](CVE-2022/CVE-2022-230xx/CVE-2022-23090.json) (`2024-02-15T06:15:45.103`)
* [CVE-2022-23091](CVE-2022/CVE-2022-230xx/CVE-2022-23091.json) (`2024-02-15T06:15:45.147`)
* [CVE-2022-23092](CVE-2022/CVE-2022-230xx/CVE-2022-23092.json) (`2024-02-15T06:15:45.190`)
* [CVE-2022-23093](CVE-2022/CVE-2022-230xx/CVE-2022-23093.json) (`2024-02-15T06:15:45.240`)
* [CVE-2023-46596](CVE-2023/CVE-2023-465xx/CVE-2023-46596.json) (`2024-02-15T06:15:45.453`)
* [CVE-2023-51787](CVE-2023/CVE-2023-517xx/CVE-2023-51787.json) (`2024-02-15T06:15:46.067`)
* [CVE-2024-1488](CVE-2024/CVE-2024-14xx/CVE-2024-1488.json) (`2024-02-15T05:15:10.257`)
* [CVE-2024-25559](CVE-2024/CVE-2024-255xx/CVE-2024-25559.json) (`2024-02-15T05:15:10.870`)
* [CVE-2024-25940](CVE-2024/CVE-2024-259xx/CVE-2024-25940.json) (`2024-02-15T05:15:11.100`)
* [CVE-2024-25941](CVE-2024/CVE-2024-259xx/CVE-2024-25941.json) (`2024-02-15T05:15:11.200`)
### CVEs modified in the last Commit
Recently modified CVEs: `63`
Recently modified CVEs: `72`
* [CVE-2024-25144](CVE-2024/CVE-2024-251xx/CVE-2024-25144.json) (`2024-02-15T04:36:24.350`)
* [CVE-2024-25146](CVE-2024/CVE-2024-251xx/CVE-2024-25146.json) (`2024-02-15T04:37:12.337`)
* [CVE-2024-25148](CVE-2024/CVE-2024-251xx/CVE-2024-25148.json) (`2024-02-15T04:37:31.957`)
* [CVE-2024-22312](CVE-2024/CVE-2024-223xx/CVE-2024-22312.json) (`2024-02-15T04:38:23.153`)
* [CVE-2024-22313](CVE-2024/CVE-2024-223xx/CVE-2024-22313.json) (`2024-02-15T04:38:32.877`)
* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-15T04:38:50.543`)
* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-15T04:38:59.973`)
* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-15T04:39:16.863`)
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-15T04:42:32.853`)
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-15T04:43:34.673`)
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-15T04:43:42.573`)
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-15T04:43:50.137`)
* [CVE-2024-1247](CVE-2024/CVE-2024-12xx/CVE-2024-1247.json) (`2024-02-15T04:44:09.247`)
* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-15T04:44:27.987`)
* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-15T04:44:35.470`)
* [CVE-2024-23327](CVE-2024/CVE-2024-233xx/CVE-2024-23327.json) (`2024-02-15T04:45:57.207`)
* [CVE-2024-23325](CVE-2024/CVE-2024-233xx/CVE-2024-23325.json) (`2024-02-15T04:46:07.523`)
* [CVE-2024-23324](CVE-2024/CVE-2024-233xx/CVE-2024-23324.json) (`2024-02-15T04:46:33.747`)
* [CVE-2024-23323](CVE-2024/CVE-2024-233xx/CVE-2024-23323.json) (`2024-02-15T04:48:09.937`)
* [CVE-2024-23322](CVE-2024/CVE-2024-233xx/CVE-2024-23322.json) (`2024-02-15T04:48:20.247`)
* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-15T04:49:02.133`)
* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-15T04:49:31.847`)
* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-15T04:49:36.837`)
* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-15T04:49:42.123`)
* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-15T04:49:47.153`)
* [CVE-2024-1367](CVE-2024/CVE-2024-13xx/CVE-2024-1367.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-1471](CVE-2024/CVE-2024-14xx/CVE-2024-1471.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-24300](CVE-2024/CVE-2024-243xx/CVE-2024-24300.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-24301](CVE-2024/CVE-2024-243xx/CVE-2024-24301.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-25620](CVE-2024/CVE-2024-256xx/CVE-2024-25620.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-1523](CVE-2024/CVE-2024-15xx/CVE-2024-1523.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-26260](CVE-2024/CVE-2024-262xx/CVE-2024-26260.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-26261](CVE-2024/CVE-2024-262xx/CVE-2024-26261.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-26262](CVE-2024/CVE-2024-262xx/CVE-2024-26262.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-26263](CVE-2024/CVE-2024-262xx/CVE-2024-26263.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-26264](CVE-2024/CVE-2024-262xx/CVE-2024-26264.json) (`2024-02-15T06:23:39.303`)
* [CVE-2024-0169](CVE-2024/CVE-2024-01xx/CVE-2024-0169.json) (`2024-02-15T06:24:58.003`)
* [CVE-2024-22223](CVE-2024/CVE-2024-222xx/CVE-2024-22223.json) (`2024-02-15T06:25:07.800`)
* [CVE-2024-22224](CVE-2024/CVE-2024-222xx/CVE-2024-22224.json) (`2024-02-15T06:25:21.423`)
* [CVE-2024-22225](CVE-2024/CVE-2024-222xx/CVE-2024-22225.json) (`2024-02-15T06:25:29.100`)
* [CVE-2024-22227](CVE-2024/CVE-2024-222xx/CVE-2024-22227.json) (`2024-02-15T06:25:36.360`)
* [CVE-2024-22228](CVE-2024/CVE-2024-222xx/CVE-2024-22228.json) (`2024-02-15T06:25:45.463`)
* [CVE-2024-22230](CVE-2024/CVE-2024-222xx/CVE-2024-22230.json) (`2024-02-15T06:25:53.660`)
* [CVE-2024-25207](CVE-2024/CVE-2024-252xx/CVE-2024-25207.json) (`2024-02-15T06:26:56.397`)
* [CVE-2024-25208](CVE-2024/CVE-2024-252xx/CVE-2024-25208.json) (`2024-02-15T06:27:02.687`)
* [CVE-2024-25212](CVE-2024/CVE-2024-252xx/CVE-2024-25212.json) (`2024-02-15T06:27:12.610`)
* [CVE-2024-25213](CVE-2024/CVE-2024-252xx/CVE-2024-25213.json) (`2024-02-15T06:27:20.520`)
* [CVE-2024-25214](CVE-2024/CVE-2024-252xx/CVE-2024-25214.json) (`2024-02-15T06:27:33.513`)
* [CVE-2024-25215](CVE-2024/CVE-2024-252xx/CVE-2024-25215.json) (`2024-02-15T06:27:41.287`)
* [CVE-2024-25216](CVE-2024/CVE-2024-252xx/CVE-2024-25216.json) (`2024-02-15T06:27:52.447`)
## Download and Usage