diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json index dac9b0ab47d..20fd012faf1 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json @@ -2,7 +2,7 @@ "id": "CVE-2014-125087", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-19T17:15:11.103", - "lastModified": "2023-11-07T02:18:44.827", + "lastModified": "2024-02-08T10:15:08.567", "vulnStatus": "Modified", "descriptions": [ { @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -131,6 +131,10 @@ "Release Notes" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0009/", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.221480", "source": "cna@vuldb.com", diff --git a/CVE-2021/CVE-2021-445xx/CVE-2021-44528.json b/CVE-2021/CVE-2021-445xx/CVE-2021-44528.json index 6c66b441c28..64a0869104d 100644 --- a/CVE-2021/CVE-2021-445xx/CVE-2021-44528.json +++ b/CVE-2021/CVE-2021-445xx/CVE-2021-44528.json @@ -2,7 +2,7 @@ "id": "CVE-2021-44528", "sourceIdentifier": "support@hackerone.com", "published": "2022-01-10T14:10:26.117", - "lastModified": "2023-03-14T08:15:12.297", + "lastModified": "2024-02-08T10:15:08.973", "vulnStatus": "Modified", "descriptions": [ { @@ -121,6 +121,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0003/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5372", "source": "support@hackerone.com" diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42465.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42465.json index d6339d44208..32830ec1ff8 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42465.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42465.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42465", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T16:15:08.057", - "lastModified": "2024-01-28T04:15:07.590", + "lastModified": "2024-02-08T10:15:09.240", "vulnStatus": "Modified", "descriptions": [ { @@ -99,6 +99,10 @@ "url": "https://security.gentoo.org/glsa/202401-29", "source": "cve@mitre.org" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0002/", + "source": "cve@mitre.org" + }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/21/9", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json index 098a7dfb5ef..0b3e1ff095f 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47039", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T06:15:13.737", - "lastModified": "2024-01-08T19:02:03.510", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:09.497", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -132,6 +132,10 @@ "tags": [ "Issue Tracking" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0005/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json index 2f1f4d385d0..5617e8ec256 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6020.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6020", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-16T21:15:09.443", - "lastModified": "2023-12-06T21:15:08.560", + "lastModified": "2024-02-08T10:15:09.797", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023" + "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication." }, { "lang": "es", @@ -35,13 +35,15 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 - }, + } + ], + "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -60,7 +62,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@huntr.dev", "type": "Primary", "description": [ { @@ -70,12 +72,12 @@ ] }, { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-598" + "value": "CWE-862" } ] } diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json index 82ee0616991..0e6bba0b0c0 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6038", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-16T17:15:09.373", - "lastModified": "2023-11-24T23:06:16.283", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:10.703", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -77,7 +77,7 @@ "description": [ { "lang": "en", - "value": "CWE-29" + "value": "CWE-862" } ] } diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6515.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6515.json new file mode 100644 index 00000000000..2f09a7795a1 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6515.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6515", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-02-08T10:15:11.047", + "lastModified": "2024-02-08T10:15:11.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.This issue affects M\u0130A-MED: before 1.0.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0087", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6572.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6572.json index 9c05b6bea4e..e0c97e325b6 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6572.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6572.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6572", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-14T14:15:46.013", - "lastModified": "2023-12-19T18:29:36.817", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:11.630", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main." + "value": "Command Injection in GitHub repository gradio-app/gradio prior to main." }, { "lang": "es", @@ -62,7 +62,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@huntr.dev", "type": "Primary", "description": [ { @@ -72,12 +72,12 @@ ] }, { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-77" } ] } diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json index ff3f2fe4b0f..401362c3726 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6693", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T10:15:08.930", - "lastModified": "2024-01-08T19:04:42.353", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:11.967", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -137,6 +137,10 @@ "Issue Tracking", "Patch" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0004/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6778.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6778.json index 7c376c2ddb0..3e9cd30c958 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6778.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6778.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6778", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-18T15:15:10.030", - "lastModified": "2023-12-22T14:54:34.047", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:12.243", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials)." + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0." }, { "lang": "es", @@ -35,26 +35,28 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - }, + } + ], + "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 5.4, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6889.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6889.json index 1b57bcfee51..ef8d0d7c607 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6889.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6889.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6889", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-16T09:15:07.270", - "lastModified": "2023-12-19T13:52:23.363", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:12.730", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n" + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17." }, { "lang": "es", @@ -35,26 +35,28 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - }, + } + ], + "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "LOW", - "baseScore": 6.7, + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.2, - "impactScore": 5.5 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6890.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6890.json index d799a29ad36..5beb652314d 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6890.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6890.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6890", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-16T09:15:07.470", - "lastModified": "2023-12-19T13:50:36.190", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:13.133", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n" + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17." }, { "lang": "es", @@ -35,26 +35,28 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - }, + } + ], + "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "HIGH", - "baseScore": 6.7, + "availabilityImpact": "NONE", + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.2, - "impactScore": 5.5 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7090.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7090.json index a89295d52ff..da3a8bd548a 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7090.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7090.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7090", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-23T23:15:07.560", - "lastModified": "2024-02-03T11:15:14.500", + "lastModified": "2024-02-08T10:15:13.540", "vulnStatus": "Modified", "descriptions": [ { @@ -119,6 +119,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html", "source": "secalert@redhat.com" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0001/", + "source": "secalert@redhat.com" + }, { "url": "https://www.sudo.ws/releases/legacy/#1.8.28", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json index 31ddda66790..0662eb5fb8b 100644 --- a/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0057", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:46.980", - "lastModified": "2024-01-16T18:47:36.267", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:13.717", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -616,6 +616,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0007/", + "source": "secure@microsoft.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0297.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0297.json index b14fc440ea3..508222c220f 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0297.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0297.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0297", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-08T05:15:09.393", - "lastModified": "2024-01-11T16:56:14.950", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T09:15:45.773", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json index 6535e32d4b8..fd61b901bc6 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0727", "sourceIdentifier": "openssl-security@openssl.org", "published": "2024-01-26T09:15:07.637", - "lastModified": "2024-02-02T15:53:24.320", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:13.910", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -131,6 +131,10 @@ "Patch" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0006/", + "source": "openssl-security@openssl.org" + }, { "url": "https://www.openssl.org/news/secadv/20240125.txt", "source": "openssl-security@openssl.org", diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json new file mode 100644 index 00000000000..72b6c13490a --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0965.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0965", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-08T09:15:46.047", + "lastModified": "2024-02-08T09:15:46.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json new file mode 100644 index 00000000000..6f85d2a29c1 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1207.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1207", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-08T09:15:46.253", + "lastModified": "2024-02-08T09:15:46.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WP Booking Calendar para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'calendar_request_params[dates_ddmmyy_csv]' en todas las versiones hasta la 9.9 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json index cd65ca10c9a..52884bdb3b8 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21312", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:55.080", - "lastModified": "2024-01-12T18:46:59.347", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:14.017", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -347,6 +347,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0008/", + "source": "secure@microsoft.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22464.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22464.json new file mode 100644 index 00000000000..2dbb5898e4c --- /dev/null +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22464.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22464", + "sourceIdentifier": "security_alert@emc.com", + "published": "2024-02-08T10:15:14.183", + "lastModified": "2024-02-08T10:15:14.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23452.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23452.json new file mode 100644 index 00000000000..c7042597774 --- /dev/null +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23452.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-23452", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-08T09:15:46.420", + "lastModified": "2024-02-08T09:15:46.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description\uff1a\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack\u00a0scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0\n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518 \n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de contrabando de solicitudes en el servidor HTTP en Apache bRPC 0.9.5~1.7.0 en todas las plataformas permite al atacante contrabandear solicitudes. Descripci\u00f3n de la causa de la vulnerabilidad: http_parser no cumple con la especificaci\u00f3n RFC-7230 HTTP 1.1. Escenario de ataque: si se recibe un mensaje con un campo de encabezado Transfer-Encoding y Content-Length, dicho mensaje podr\u00eda indicar un intento de realizar contrabando de solicitudes o divisi\u00f3n de respuestas. Un escenario de ataque particular es que un bRPC cre\u00f3 un servidor http en el backend que recibe solicitudes en una conexi\u00f3n persistente desde el servidor frontend que usa TE para analizar la solicitud con la l\u00f3gica de que el \"fragmento\" est\u00e1 contenido en el campo TE. En ese caso, un atacante puede introducir de contrabando una solicitud en la conexi\u00f3n con el servidor backend. Soluci\u00f3n: Puede elegir una de las siguientes soluciones: 1. Actualice bRPC a la versi\u00f3n 1.8.0, que soluciona este problema. Enlace de descarga: https://github.com/apache/brpc/releases/tag/1.8.0 2. Aplique este parche: https://github.com/apache/brpc/pull/2518" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-444" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/brpc/pull/2518", + "source": "security@apache.org" + }, + { + "url": "https://github.com/apache/brpc/releases/tag/1.8.0", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23638.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23638.json index e84d0ef124a..5eba55e2a92 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23638.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23638.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23638", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-24T00:15:08.573", - "lastModified": "2024-01-30T23:05:12.243", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-08T10:15:14.500", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "tags": [ "Exploit" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240208-0010/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24034.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24034.json new file mode 100644 index 00000000000..1704f8664c4 --- /dev/null +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24034.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24034", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-08T09:15:46.537", + "lastModified": "2024-02-08T09:15:46.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Setor Informatica S.I.L versi\u00f3n 3.0 es vulnerable a Open Redirect a trav\u00e9s del par\u00e1metro hprinter, permite a atacantes remotos ejecutar c\u00f3digo arbitrario." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ELIZEUOPAIN/CVE-2024-24034/tree/main", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ef84bf598b4..ecc610cb9a9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-08T07:00:24.311866+00:00 +2024-02-08T11:04:28.685963+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-08T06:15:51.750000+00:00 +2024-02-08T10:15:14.500000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237924 +237930 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `6` -* [CVE-2024-24202](CVE-2024/CVE-2024-242xx/CVE-2024-24202.json) (`2024-02-08T05:15:08.593`) -* [CVE-2024-0511](CVE-2024/CVE-2024-05xx/CVE-2024-0511.json) (`2024-02-08T06:15:51.423`) -* [CVE-2024-24091](CVE-2024/CVE-2024-240xx/CVE-2024-24091.json) (`2024-02-08T06:15:51.690`) -* [CVE-2024-24216](CVE-2024/CVE-2024-242xx/CVE-2024-24216.json) (`2024-02-08T06:15:51.750`) +* [CVE-2023-6515](CVE-2023/CVE-2023-65xx/CVE-2023-6515.json) (`2024-02-08T10:15:11.047`) +* [CVE-2024-0965](CVE-2024/CVE-2024-09xx/CVE-2024-0965.json) (`2024-02-08T09:15:46.047`) +* [CVE-2024-1207](CVE-2024/CVE-2024-12xx/CVE-2024-1207.json) (`2024-02-08T09:15:46.253`) +* [CVE-2024-23452](CVE-2024/CVE-2024-234xx/CVE-2024-23452.json) (`2024-02-08T09:15:46.420`) +* [CVE-2024-24034](CVE-2024/CVE-2024-240xx/CVE-2024-24034.json) (`2024-02-08T09:15:46.537`) +* [CVE-2024-22464](CVE-2024/CVE-2024-224xx/CVE-2024-22464.json) (`2024-02-08T10:15:14.183`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `17` +* [CVE-2014-125087](CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json) (`2024-02-08T10:15:08.567`) +* [CVE-2021-44528](CVE-2021/CVE-2021-445xx/CVE-2021-44528.json) (`2024-02-08T10:15:08.973`) +* [CVE-2023-42465](CVE-2023/CVE-2023-424xx/CVE-2023-42465.json) (`2024-02-08T10:15:09.240`) +* [CVE-2023-47039](CVE-2023/CVE-2023-470xx/CVE-2023-47039.json) (`2024-02-08T10:15:09.497`) +* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2024-02-08T10:15:09.797`) +* [CVE-2023-6038](CVE-2023/CVE-2023-60xx/CVE-2023-6038.json) (`2024-02-08T10:15:10.703`) +* [CVE-2023-6572](CVE-2023/CVE-2023-65xx/CVE-2023-6572.json) (`2024-02-08T10:15:11.630`) +* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-08T10:15:11.967`) +* [CVE-2023-6778](CVE-2023/CVE-2023-67xx/CVE-2023-6778.json) (`2024-02-08T10:15:12.243`) +* [CVE-2023-6889](CVE-2023/CVE-2023-68xx/CVE-2023-6889.json) (`2024-02-08T10:15:12.730`) +* [CVE-2023-6890](CVE-2023/CVE-2023-68xx/CVE-2023-6890.json) (`2024-02-08T10:15:13.133`) +* [CVE-2023-7090](CVE-2023/CVE-2023-70xx/CVE-2023-7090.json) (`2024-02-08T10:15:13.540`) +* [CVE-2024-0297](CVE-2024/CVE-2024-02xx/CVE-2024-0297.json) (`2024-02-08T09:15:45.773`) +* [CVE-2024-0057](CVE-2024/CVE-2024-00xx/CVE-2024-0057.json) (`2024-02-08T10:15:13.717`) +* [CVE-2024-0727](CVE-2024/CVE-2024-07xx/CVE-2024-0727.json) (`2024-02-08T10:15:13.910`) +* [CVE-2024-21312](CVE-2024/CVE-2024-213xx/CVE-2024-21312.json) (`2024-02-08T10:15:14.017`) +* [CVE-2024-23638](CVE-2024/CVE-2024-236xx/CVE-2024-23638.json) (`2024-02-08T10:15:14.500`) ## Download and Usage