diff --git a/CVE-2022/CVE-2022-265xx/CVE-2022-26531.json b/CVE-2022/CVE-2022-265xx/CVE-2022-26531.json index 9a39b634b30..21b500caf77 100644 --- a/CVE-2022/CVE-2022-265xx/CVE-2022-26531.json +++ b/CVE-2022/CVE-2022-265xx/CVE-2022-26531.json @@ -2,7 +2,7 @@ "id": "CVE-2022-26531", "sourceIdentifier": "security@zyxel.com.tw", "published": "2022-05-24T06:15:09.297", - "lastModified": "2022-06-19T19:15:07.993", + "lastModified": "2024-02-09T18:15:07.930", "vulnStatus": "Modified", "descriptions": [ { @@ -2042,6 +2042,10 @@ "url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", "source": "security@zyxel.com.tw" }, + { + "url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", + "source": "security@zyxel.com.tw" + }, { "url": "http://seclists.org/fulldisclosure/2022/Jun/15", "source": "security@zyxel.com.tw" diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json index 5714280ed13..b9e58e61d49 100644 --- a/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47072.json @@ -2,19 +2,79 @@ "id": "CVE-2022-47072", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T21:15:08.440", - "lastModified": "2024-02-01T03:18:21.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:30:53.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Enterprise Architect 16.0.1605 de 32 bits permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro Find en el cuadro de di\u00e1logo Select Classifier." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sparxsystems:enterprise_architect:16.0.1605:*:*:*:*:*:x86:*", + "matchCriteriaId": "70FFDA85-667E-44CE-97E3-9DC10792F118" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/DojoSecurity/Enterprise-Architect-SQL-Injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38020.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38020.json index d91f54ce006..b1d0ef110fe 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38020.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38020.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38020", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-02T04:15:08.147", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T18:44:32.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576." + }, + { + "lang": "es", + "value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260576", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7111679", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38263.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38263.json index ce292ab5bef..137c6bb5fe9 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38263.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38263.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38263", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-02T04:15:08.360", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T18:50:58.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577." + }, + { + "lang": "es", + "value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260577", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7111679", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39611.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39611.json index 1fe4c3512c7..242dfa6c8ec 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39611.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39611.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39611", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T10:15:08.153", - "lastModified": "2024-02-02T13:36:23.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T18:21:06.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en Software FX Chart FX 7 versi\u00f3n 7.0.4962.20829 permite a los atacantes enumerar y leer archivos del sistema de archivos local mediante el env\u00edo de solicitudes web manipuladas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:softwarefx:chart_fx:7.0.4962.20829:*:*:*:*:*:*:*", + "matchCriteriaId": "8F2FF298-DE83-430D-918E-242568BC19B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/%40arielbreisacher/my-chart-fx-7-software-investigation-journey-leading-to-a-directory-traversal-vulnerability-067cdcd3f2e9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50291.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50291.json new file mode 100644 index 00000000000..dcd966f239b --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50291.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-50291", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-09T18:15:08.240", + "lastModified": "2024-02-09T18:15:08.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficiently Protected Credentials vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.\nOne of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.\nThere are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.\nThis endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.\n\nThis /admin/info/properties endpoint is protected under the \"config-read\" permission.\nTherefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.\nA single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".\nBy default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".\n\nUsers who cannot upgrade can also use the following Java system property to fix the issue:\n\u00a0 '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50292.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50292.json new file mode 100644 index 00000000000..2a0d1a9c5d5 --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50292.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-50292", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-09T18:15:08.363", + "lastModified": "2024-02-09T18:15:08.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.\n\nThe Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.\nHowever, when the feature was created, the \"trust\" (authentication) of these configSets was not considered.\nExternal library loading is only available to configSets that are \"trusted\" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.\nSince the Schema Designer loaded configSets without taking their \"trust\" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.\n\nUsers are recommended to upgrade to version 9.3.0, which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50298.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50298.json new file mode 100644 index 00000000000..e62330b48b4 --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50298.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-50298", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-09T18:15:08.457", + "lastModified": "2024-02-09T18:15:08.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nSolr Streaming Expressions allows users to extract data from other Solr Clouds, using a \"zkHost\" parameter.\nWhen original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever \"zkHost\" the user provides.\nAn attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information,\nthen send a streaming expression using the mock server's address in \"zkHost\".\nStreaming Expressions are exposed via the \"/streaming\" handler, with \"read\" permissions.\n\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nFrom these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50386.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50386.json new file mode 100644 index 00000000000..85c792058a4 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50386.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-50386", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-09T18:15:08.540", + "lastModified": "2024-02-09T18:15:08.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n * The Backup API restricts saving backups to directories that are used in the ClassLoader.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + }, + { + "lang": "en", + "value": "CWE-913" + } + ] + } + ], + "references": [ + { + "url": "https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6701.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6701.json index 8cbcdebb7e8..6bce0c6357b 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6701.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6701.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6701", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:56.357", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:08:07.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Advanced Custom Fields (ACF) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de un campo de texto personalizado en todas las versiones hasta la 6.2.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*", + "versionEndIncluding": "6.2.4", + "matchCriteriaId": "544C327C-BC71-444B-92FD-50878E602BAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3022469/advanced-custom-fields", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6884.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6884.json index dd3fb33a226..bd32219a333 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6884.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6884.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6884", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:57.057", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:00:31.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Este complemento para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado del complemento en todas las versiones hasta la 3.1 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en el atributo 'place_id'. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,22 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:richplugins:plugin_for_google_reviews:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "89A8E0CF-D7C2-4607-B720-DFBE7A477034" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisory.abay.sh/cve-2023-6884", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.svn.wordpress.org/widget-google-reviews/tags/3.1/includes/class-feed-shortcode.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018964%40widget-google-reviews&new=3018964%40widget-google-reviews&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8971d54-b54e-4e62-9db2-fa87d2564599?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json index cb92b60519a..d76c94638de 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0219.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0219", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:45.290", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:15:31.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + }, + { + "lang": "es", + "value": "En las versiones de Telerik JustDecompile anteriores a 2024 R1, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik JustDecompile, un usuario con privilegios inferiores tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:telerik_justdecompile:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2019.1.118.0", + "matchCriteriaId": "82B84F44-8945-4874-85B5-AB9D3F53FD11" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.telerik.com/products/decompiler.aspx", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0370.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0370.json index a791a3b61c2..eef40c2698f 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0370.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0370.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0370", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:00.320", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:30:35.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts." + }, + { + "lang": "es", + "value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'save_view' en todas las versiones hasta la 3.2.2 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, modifiquen los t\u00edtulos de publicaciones arbitrarias." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.2", + "matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json index 1eb46f02cec..2233f8423d2 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0832.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0832", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:46.287", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:12:45.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + }, + { + "lang": "es", + "value": "En las versiones de Telerik Reporting anteriores a 2024 R1, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik Reporting, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*", + "versionEndExcluding": "18.0.24.130", + "matchCriteriaId": "99094F38-B499-494D-B452-9998934D4E19" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.telerik.com/products/reporting.aspx", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json index 4bc9b66234c..51c1a240243 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0833.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0833", "sourceIdentifier": "security@progress.com", "published": "2024-01-31T16:15:46.600", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:05:04.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." + }, + { + "lang": "es", + "value": "En las versiones de Telerik Test Studio anteriores a la v2023.3.1330, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik Test Studio, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@progress.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@progress.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:telerik_test_studio:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.3.1330", + "matchCriteriaId": "57245635-375B-4EEB-9881-E9B20FD2F37F" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.telerik.com/teststudio", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1402.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1402.json index d50628c1f78..b6950c2a638 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1402.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1402.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1402", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-09T16:15:07.880", - "lastModified": "2024-02-09T16:15:07.880", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json index 79a8663d34c..510350363e2 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20822", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-02-06T03:15:09.867", - "lastModified": "2024-02-06T13:53:38.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:30:17.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.63.6", + "matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json index 0f771c83ad0..53906b48211 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20823", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-02-06T03:15:10.057", - "lastModified": "2024-02-06T13:53:38.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:30:06.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.63.6", + "matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json index 246368c52d4..42f238e2441 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20824", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-02-06T03:15:10.240", - "lastModified": "2024-02-06T13:53:38.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:31:03.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.63.6", + "matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json index 909fabbd056..7e6cb2dba71 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20825", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-02-06T03:15:10.430", - "lastModified": "2024-02-06T13:53:38.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T17:29:39.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.63.6", + "matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22318.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22318.json index 24bccb5fe9f..9182ccb1b5b 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22318.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22318.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22318", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-09T01:15:09.440", - "lastModified": "2024-02-09T01:37:53.353", + "lastModified": "2024-02-09T18:15:08.680", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091." + }, + { + "lang": "es", + "value": "IBM i Access Client Solutions (ACS) 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.4 es vulnerable a la divulgaci\u00f3n de hash de NT LAN Manager (NTLM) por parte de un atacante que modifica rutas con capacidad UNC dentro de los ACS archivos de configuraci\u00f3n para apuntar a un servidor hostil. Si NTLM est\u00e1 habilitado, el sistema operativo Windows intentar\u00e1 autenticarse utilizando la sesi\u00f3n del usuario actual. El servidor hostil podr\u00eda capturar la informaci\u00f3n hash NTLM para obtener las credenciales del usuario. ID de IBM X-Force: 279091." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html", + "source": "psirt@us.ibm.com" + }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279091", "source": "psirt@us.ibm.com" diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22851.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22851.json index 173f19b3336..9108e938f7b 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22851.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22851", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T09:15:37.473", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-09T18:03:33.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "La vulnerabilidad de Directory Traversal en LiveConfig anterior a v.2.5.2 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada al endpoint /static/." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liveconfig:liveconfig:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.2", + "matchCriteriaId": "DAF07479-E225-4FDF-B801-16E0D92F4C68" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23319.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23319.json index d69dd1d6ac0..8f524e94da6 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23319.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23319.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23319", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-09T15:15:08.133", - "lastModified": "2024-02-09T15:15:08.133", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24774.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24774.json index 2d35b67a79f..4ff9adaefa7 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24774.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24774.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24774", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-09T15:15:08.343", - "lastModified": "2024-02-09T15:15:08.343", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24776.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24776.json index 929f30e39ba..5534f982c1c 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24776.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24776.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24776", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-09T15:15:08.547", - "lastModified": "2024-02-09T15:15:08.547", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25442.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25442.json index a1d6e4a88fd..fec25b61934 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25442.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25442.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25442", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.763", - "lastModified": "2024-02-09T15:15:08.763", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25443.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25443.json index 34b58bb76c5..477bea9d417 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25443.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25443.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25443", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.817", - "lastModified": "2024-02-09T15:15:08.817", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json index 4587eba30f4..68527b0cb9c 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25445", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.860", - "lastModified": "2024-02-09T15:15:08.860", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25446.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25446.json index eac83ac30e2..e9e68952847 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25446.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25446.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25446", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.910", - "lastModified": "2024-02-09T15:15:08.910", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25447.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25447.json index b938b726392..045a85f7132 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25447.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25447.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25447", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.967", - "lastModified": "2024-02-09T15:15:08.967", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25448.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25448.json index 3ec3872a13e..7fd2df21bd0 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25448.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25448.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25448", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.027", - "lastModified": "2024-02-09T15:15:09.027", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25450.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25450.json index bafe1e557c5..9cae8bffb78 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25450.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25450.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25450", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.087", - "lastModified": "2024-02-09T15:15:09.087", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25451.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25451.json index c6858dd641f..82b20be324a 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25451.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25451.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25451", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.143", - "lastModified": "2024-02-09T15:15:09.143", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25452.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25452.json index 55b7e58a97d..17a17b7ff63 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25452.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25452.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25452", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.193", - "lastModified": "2024-02-09T15:15:09.193", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25453.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25453.json index 40672bd2dbd..a5bcbc4161d 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25453.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25453.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25453", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.240", - "lastModified": "2024-02-09T15:15:09.240", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25454.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25454.json index d735fb3edcc..12c00beee2f 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25454.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25454.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25454", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:09.293", - "lastModified": "2024-02-09T15:15:09.293", - "vulnStatus": "Received", + "lastModified": "2024-02-09T17:31:15.470", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 56483266c80..7c530f4f025 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-09T17:00:25.628571+00:00 +2024-02-09T19:00:24.636728+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-09T16:51:01.473000+00:00 +2024-02-09T18:50:58.027000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238058 +238062 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `4` -* [CVE-2024-23319](CVE-2024/CVE-2024-233xx/CVE-2024-23319.json) (`2024-02-09T15:15:08.133`) -* [CVE-2024-24774](CVE-2024/CVE-2024-247xx/CVE-2024-24774.json) (`2024-02-09T15:15:08.343`) -* [CVE-2024-24776](CVE-2024/CVE-2024-247xx/CVE-2024-24776.json) (`2024-02-09T15:15:08.547`) -* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-09T15:15:08.763`) -* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-09T15:15:08.817`) -* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-09T15:15:08.860`) -* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-09T15:15:08.910`) -* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-09T15:15:08.967`) -* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-09T15:15:09.027`) -* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-09T15:15:09.087`) -* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-09T15:15:09.143`) -* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-09T15:15:09.193`) -* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-09T15:15:09.240`) -* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-09T15:15:09.293`) -* [CVE-2024-1402](CVE-2024/CVE-2024-14xx/CVE-2024-1402.json) (`2024-02-09T16:15:07.880`) +* [CVE-2023-50291](CVE-2023/CVE-2023-502xx/CVE-2023-50291.json) (`2024-02-09T18:15:08.240`) +* [CVE-2023-50292](CVE-2023/CVE-2023-502xx/CVE-2023-50292.json) (`2024-02-09T18:15:08.363`) +* [CVE-2023-50298](CVE-2023/CVE-2023-502xx/CVE-2023-50298.json) (`2024-02-09T18:15:08.457`) +* [CVE-2023-50386](CVE-2023/CVE-2023-503xx/CVE-2023-50386.json) (`2024-02-09T18:15:08.540`) ### CVEs modified in the last Commit -Recently modified CVEs: `17` +Recently modified CVEs: `32` -* [CVE-2008-4077](CVE-2008/CVE-2008-40xx/CVE-2008-4077.json) (`2024-02-09T16:11:07.433`) -* [CVE-2023-47116](CVE-2023/CVE-2023-471xx/CVE-2023-47116.json) (`2024-02-09T15:37:21.887`) -* [CVE-2023-28807](CVE-2023/CVE-2023-288xx/CVE-2023-28807.json) (`2024-02-09T16:30:38.753`) -* [CVE-2023-6700](CVE-2023/CVE-2023-67xx/CVE-2023-6700.json) (`2024-02-09T16:38:05.687`) -* [CVE-2023-6807](CVE-2023/CVE-2023-68xx/CVE-2023-6807.json) (`2024-02-09T16:43:49.707`) -* [CVE-2023-6808](CVE-2023/CVE-2023-68xx/CVE-2023-6808.json) (`2024-02-09T16:49:29.023`) -* [CVE-2023-6846](CVE-2023/CVE-2023-68xx/CVE-2023-6846.json) (`2024-02-09T16:51:01.473`) -* [CVE-2024-23895](CVE-2024/CVE-2024-238xx/CVE-2024-23895.json) (`2024-02-09T15:13:03.010`) -* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-09T15:15:08.047`) -* [CVE-2024-0831](CVE-2024/CVE-2024-08xx/CVE-2024-0831.json) (`2024-02-09T15:16:56.083`) -* [CVE-2024-24747](CVE-2024/CVE-2024-247xx/CVE-2024-24747.json) (`2024-02-09T15:18:00.510`) -* [CVE-2024-24566](CVE-2024/CVE-2024-245xx/CVE-2024-24566.json) (`2024-02-09T15:25:16.147`) -* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-02-09T15:38:09.697`) -* [CVE-2024-24579](CVE-2024/CVE-2024-245xx/CVE-2024-24579.json) (`2024-02-09T16:22:53.863`) -* [CVE-2024-24524](CVE-2024/CVE-2024-245xx/CVE-2024-24524.json) (`2024-02-09T16:30:43.830`) -* [CVE-2024-1185](CVE-2024/CVE-2024-11xx/CVE-2024-1185.json) (`2024-02-09T16:31:40.607`) -* [CVE-2024-0953](CVE-2024/CVE-2024-09xx/CVE-2024-0953.json) (`2024-02-09T16:38:45.380`) +* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-02-09T17:05:04.153`) +* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-02-09T17:12:45.853`) +* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-02-09T17:15:31.870`) +* [CVE-2024-20825](CVE-2024/CVE-2024-208xx/CVE-2024-20825.json) (`2024-02-09T17:29:39.753`) +* [CVE-2024-20823](CVE-2024/CVE-2024-208xx/CVE-2024-20823.json) (`2024-02-09T17:30:06.773`) +* [CVE-2024-20822](CVE-2024/CVE-2024-208xx/CVE-2024-20822.json) (`2024-02-09T17:30:17.653`) +* [CVE-2024-0370](CVE-2024/CVE-2024-03xx/CVE-2024-0370.json) (`2024-02-09T17:30:35.817`) +* [CVE-2024-20824](CVE-2024/CVE-2024-208xx/CVE-2024-20824.json) (`2024-02-09T17:31:03.593`) +* [CVE-2024-23319](CVE-2024/CVE-2024-233xx/CVE-2024-23319.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-24774](CVE-2024/CVE-2024-247xx/CVE-2024-24774.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-24776](CVE-2024/CVE-2024-247xx/CVE-2024-24776.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-1402](CVE-2024/CVE-2024-14xx/CVE-2024-1402.json) (`2024-02-09T17:31:15.470`) +* [CVE-2024-22851](CVE-2024/CVE-2024-228xx/CVE-2024-22851.json) (`2024-02-09T18:03:33.997`) +* [CVE-2024-22318](CVE-2024/CVE-2024-223xx/CVE-2024-22318.json) (`2024-02-09T18:15:08.680`) ## Download and Usage