admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-09T19:00:24.636728+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-09 19:00:28 +00:00
parent 37205c4ce3
commit 9e61a5789e
37 changed files with 1118 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-265xx/CVE-2022-26531.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26531",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2022-05-24T06:15:09.297",
"lastModified": "2022-06-19T19:15:07.993",
"lastModified": "2024-02-09T18:15:07.930",
"vulnStatus": "Modified",
"descriptions": [
{
@ -2042,6 +2042,10 @@
"url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
"source": "security@zyxel.com.tw"
},
{
"url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html",
"source": "security@zyxel.com.tw"
},
{
"url": "http://seclists.org/fulldisclosure/2022/Jun/15",
"source": "security@zyxel.com.tw"

68
CVE-2022/CVE-2022-470xx/CVE-2022-47072.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2022-47072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T21:15:08.440",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:30:53.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Enterprise Architect 16.0.1605 de 32 bits permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro Find en el cuadro de di\u00e1logo Select Classifier."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sparxsystems:enterprise_architect:16.0.1605:*:*:*:*:*:x86:*",
"matchCriteriaId": "70FFDA85-667E-44CE-97E3-9DC10792F118"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DojoSecurity/Enterprise-Architect-SQL-Injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-380xx/CVE-2023-38020.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38020",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T04:15:08.147",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T18:44:32.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576."
},
{
"lang": "es",
"value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "5.0.3",
"matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260576",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7111679",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-382xx/CVE-2023-38263.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38263",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T04:15:08.360",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T18:50:58.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577."
},
{
"lang": "es",
"value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "5.0.3",
"matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260577",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7111679",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-396xx/CVE-2023-39611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39611",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T10:15:08.153",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T18:21:06.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en Software FX Chart FX 7 versi\u00f3n 7.0.4962.20829 permite a los atacantes enumerar y leer archivos del sistema de archivos local mediante el env\u00edo de solicitudes web manipuladas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softwarefx:chart_fx:7.0.4962.20829:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2FF298-DE83-430D-918E-242568BC19B0"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/%40arielbreisacher/my-chart-fx-7-software-investigation-journey-leading-to-a-directory-traversal-vulnerability-067cdcd3f2e9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-502xx/CVE-2023-50291.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-50291",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-09T18:15:08.240",
"lastModified": "2024-02-09T18:15:08.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.\nOne of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.\nThere are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.\nThis endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.\n\nThis /admin/info/properties endpoint is protected under the \"config-read\" permission.\nTherefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.\nA single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".\nBy default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".\n\nUsers who cannot upgrade can also use the following Java system property to fix the issue:\n\u00a0 '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies",
"source": "security@apache.org"
}
]
}

32
CVE-2023/CVE-2023-502xx/CVE-2023-50292.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-50292",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-09T18:15:08.363",
"lastModified": "2024-02-09T18:15:08.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.\n\nThe Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.\nHowever, when the feature was created, the \"trust\" (authentication) of these configSets was not considered.\nExternal library loading is only available to configSets that are \"trusted\" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.\nSince the Schema Designer loaded configSets without taking their \"trust\" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.\n\nUsers are recommended to upgrade to version 9.3.0, which fixes the issue.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions",
"source": "security@apache.org"
}
]
}

32
CVE-2023/CVE-2023-502xx/CVE-2023-50298.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-50298",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-09T18:15:08.457",
"lastModified": "2024-02-09T18:15:08.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nSolr Streaming Expressions allows users to extract data from other Solr Clouds, using a \"zkHost\" parameter.\nWhen original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever \"zkHost\" the user provides.\nAn attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information,\nthen send a streaming expression using the mock server's address in \"zkHost\".\nStreaming Expressions are exposed via the \"/streaming\" handler, with \"read\" permissions.\n\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nFrom these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions",
"source": "security@apache.org"
}
]
}

36
CVE-2023/CVE-2023-503xx/CVE-2023-50386.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-50386",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-09T18:15:08.540",
"lastModified": "2024-02-09T18:15:08.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n * The Backup API restricts saving backups to directories that are used in the ClassLoader.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-913"
}
]
}
],
"references": [
{
"url": "https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets",
"source": "security@apache.org"
}
]
}

73
CVE-2023/CVE-2023-67xx/CVE-2023-6701.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6701",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:56.357",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:08:07.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Advanced Custom Fields (ACF) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de un campo de texto personalizado en todas las versiones hasta la 6.2.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*",
"versionEndIncluding": "6.2.4",
"matchCriteriaId": "544C327C-BC71-444B-92FD-50878E602BAB"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3022469/advanced-custom-fields",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-68xx/CVE-2023-6884.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6884",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:57.057",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:00:31.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "Este complemento para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado del complemento en todas las versiones hasta la 3.1 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en el atributo 'place_id'. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,22 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:richplugins:plugin_for_google_reviews:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "89A8E0CF-D7C2-4607-B720-DFBE7A477034"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.abay.sh/cve-2023-6884",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.svn.wordpress.org/widget-google-reviews/tags/3.1/includes/class-feed-shortcode.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018964%40widget-google-reviews&new=3018964%40widget-google-reviews&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8971d54-b54e-4e62-9db2-fa87d2564599?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-02xx/CVE-2024-0219.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0219",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:45.290",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:15:31.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
},
{
"lang": "es",
"value": "En las versiones de Telerik JustDecompile anteriores a 2024 R1, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik JustDecompile, un usuario con privilegios inferiores tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_justdecompile:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2019.1.118.0",
"matchCriteriaId": "82B84F44-8945-4874-85B5-AB9D3F53FD11"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.telerik.com/products/decompiler.aspx",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-03xx/CVE-2024-0370.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0370",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:00.320",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:30:35.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts."
},
{
"lang": "es",
"value": "El complemento Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'save_view' en todas las versiones hasta la 3.2.2 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, modifiquen los t\u00edtulos de publicaciones arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "4D7AFFDB-B8C6-405F-8206-8F0EA64A46E7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-08xx/CVE-2024-0832.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0832",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:46.287",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:12:45.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
},
{
"lang": "es",
"value": "En las versiones de Telerik Reporting anteriores a 2024 R1, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik Reporting, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0.24.130",
"matchCriteriaId": "99094F38-B499-494D-B452-9998934D4E19"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.telerik.com/products/reporting.aspx",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2024/CVE-2024-08xx/CVE-2024-0833.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0833",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-31T16:15:46.600",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:05:04.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
},
{
"lang": "es",
"value": "En las versiones de Telerik Test Studio anteriores a la v2023.3.1330, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik Test Studio, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_test_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.1330",
"matchCriteriaId": "57245635-375B-4EEB-9881-E9B20FD2F37F"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.telerik.com/teststudio",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2024/CVE-2024-14xx/CVE-2024-1402.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1402",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-02-09T16:15:07.880",
"lastModified": "2024-02-09T16:15:07.880",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2024/CVE-2024-208xx/CVE-2024-20822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20822",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-02-06T03:15:09.867",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:30:17.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.63.6",
"matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-208xx/CVE-2024-20823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20823",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-02-06T03:15:10.057",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:30:06.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.63.6",
"matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-208xx/CVE-2024-20824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20824",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-02-06T03:15:10.240",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:31:03.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.63.6",
"matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-208xx/CVE-2024-20825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20825",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-02-06T03:15:10.430",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T17:29:39.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.63.6",
"matchCriteriaId": "CD43D308-147B-461D-A47E-AF2FBEC7F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-223xx/CVE-2024-22318.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22318",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:09.440",
"lastModified": "2024-02-09T01:37:53.353",
"lastModified": "2024-02-09T18:15:08.680",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091."
},
{
"lang": "es",
"value": "IBM i Access Client Solutions (ACS) 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.4 es vulnerable a la divulgaci\u00f3n de hash de NT LAN Manager (NTLM) por parte de un atacante que modifica rutas con capacidad UNC dentro de los ACS archivos de configuraci\u00f3n para apuntar a un servidor hostil. Si NTLM est\u00e1 habilitado, el sistema operativo Windows intentar\u00e1 autenticarse utilizando la sesi\u00f3n del usuario actual. El servidor hostil podr\u00eda capturar la informaci\u00f3n hash NTLM para obtener las credenciales del usuario. ID de IBM X-Force: 279091."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html",
"source": "psirt@us.ibm.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279091",
"source": "psirt@us.ibm.com"

64
CVE-2024/CVE-2024-228xx/CVE-2024-22851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22851",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T09:15:37.473",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T18:03:33.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La vulnerabilidad de Directory Traversal en LiveConfig anterior a v.2.5.2 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada al endpoint /static/."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liveconfig:liveconfig:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.2",
"matchCriteriaId": "DAF07479-E225-4FDF-B801-16E0D92F4C68"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-233xx/CVE-2024-23319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23319",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-02-09T15:15:08.133",
"lastModified": "2024-02-09T15:15:08.133",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-247xx/CVE-2024-24774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24774",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-02-09T15:15:08.343",
"lastModified": "2024-02-09T15:15:08.343",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-247xx/CVE-2024-24776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24776",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-02-09T15:15:08.547",
"lastModified": "2024-02-09T15:15:08.547",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25442",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.763",
"lastModified": "2024-02-09T15:15:08.763",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25443",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.817",
"lastModified": "2024-02-09T15:15:08.817",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25445.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25445",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.860",
"lastModified": "2024-02-09T15:15:08.860",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25446",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.910",
"lastModified": "2024-02-09T15:15:08.910",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.967",
"lastModified": "2024-02-09T15:15:08.967",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25448",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.027",
"lastModified": "2024-02-09T15:15:09.027",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25450",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.087",
"lastModified": "2024-02-09T15:15:09.087",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25451",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.143",
"lastModified": "2024-02-09T15:15:09.143",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25452",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.193",
"lastModified": "2024-02-09T15:15:09.193",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25453",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.240",
"lastModified": "2024-02-09T15:15:09.240",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-254xx/CVE-2024-25454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25454",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.293",
"lastModified": "2024-02-09T15:15:09.293",
"vulnStatus": "Received",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-09T17:00:25.628571+00:00
2024-02-09T19:00:24.636728+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-09T16:51:01.473000+00:00
2024-02-09T18:50:58.027000+00:00
```
### Last Data Feed Release
@ -29,51 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238058
238062
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `4`
* [CVE-2024-23319](CVE-2024/CVE-2024-233xx/CVE-2024-23319.json) (`2024-02-09T15:15:08.133`)
* [CVE-2024-24774](CVE-2024/CVE-2024-247xx/CVE-2024-24774.json) (`2024-02-09T15:15:08.343`)
* [CVE-2024-24776](CVE-2024/CVE-2024-247xx/CVE-2024-24776.json) (`2024-02-09T15:15:08.547`)
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-09T15:15:08.763`)
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-09T15:15:08.817`)
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-09T15:15:08.860`)
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-09T15:15:08.910`)
* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-09T15:15:08.967`)
* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-09T15:15:09.027`)
* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-09T15:15:09.087`)
* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-09T15:15:09.143`)
* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-09T15:15:09.193`)
* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-09T15:15:09.240`)
* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-09T15:15:09.293`)
* [CVE-2024-1402](CVE-2024/CVE-2024-14xx/CVE-2024-1402.json) (`2024-02-09T16:15:07.880`)
* [CVE-2023-50291](CVE-2023/CVE-2023-502xx/CVE-2023-50291.json) (`2024-02-09T18:15:08.240`)
* [CVE-2023-50292](CVE-2023/CVE-2023-502xx/CVE-2023-50292.json) (`2024-02-09T18:15:08.363`)
* [CVE-2023-50298](CVE-2023/CVE-2023-502xx/CVE-2023-50298.json) (`2024-02-09T18:15:08.457`)
* [CVE-2023-50386](CVE-2023/CVE-2023-503xx/CVE-2023-50386.json) (`2024-02-09T18:15:08.540`)
### CVEs modified in the last Commit
Recently modified CVEs: `17`
Recently modified CVEs: `32`
* [CVE-2008-4077](CVE-2008/CVE-2008-40xx/CVE-2008-4077.json) (`2024-02-09T16:11:07.433`)
* [CVE-2023-47116](CVE-2023/CVE-2023-471xx/CVE-2023-47116.json) (`2024-02-09T15:37:21.887`)
* [CVE-2023-28807](CVE-2023/CVE-2023-288xx/CVE-2023-28807.json) (`2024-02-09T16:30:38.753`)
* [CVE-2023-6700](CVE-2023/CVE-2023-67xx/CVE-2023-6700.json) (`2024-02-09T16:38:05.687`)
* [CVE-2023-6807](CVE-2023/CVE-2023-68xx/CVE-2023-6807.json) (`2024-02-09T16:43:49.707`)
* [CVE-2023-6808](CVE-2023/CVE-2023-68xx/CVE-2023-6808.json) (`2024-02-09T16:49:29.023`)
* [CVE-2023-6846](CVE-2023/CVE-2023-68xx/CVE-2023-6846.json) (`2024-02-09T16:51:01.473`)
* [CVE-2024-23895](CVE-2024/CVE-2024-238xx/CVE-2024-23895.json) (`2024-02-09T15:13:03.010`)
* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-09T15:15:08.047`)
* [CVE-2024-0831](CVE-2024/CVE-2024-08xx/CVE-2024-0831.json) (`2024-02-09T15:16:56.083`)
* [CVE-2024-24747](CVE-2024/CVE-2024-247xx/CVE-2024-24747.json) (`2024-02-09T15:18:00.510`)
* [CVE-2024-24566](CVE-2024/CVE-2024-245xx/CVE-2024-24566.json) (`2024-02-09T15:25:16.147`)
* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-02-09T15:38:09.697`)
* [CVE-2024-24579](CVE-2024/CVE-2024-245xx/CVE-2024-24579.json) (`2024-02-09T16:22:53.863`)
* [CVE-2024-24524](CVE-2024/CVE-2024-245xx/CVE-2024-24524.json) (`2024-02-09T16:30:43.830`)
* [CVE-2024-1185](CVE-2024/CVE-2024-11xx/CVE-2024-1185.json) (`2024-02-09T16:31:40.607`)
* [CVE-2024-0953](CVE-2024/CVE-2024-09xx/CVE-2024-0953.json) (`2024-02-09T16:38:45.380`)
* [CVE-2024-0833](CVE-2024/CVE-2024-08xx/CVE-2024-0833.json) (`2024-02-09T17:05:04.153`)
* [CVE-2024-0832](CVE-2024/CVE-2024-08xx/CVE-2024-0832.json) (`2024-02-09T17:12:45.853`)
* [CVE-2024-0219](CVE-2024/CVE-2024-02xx/CVE-2024-0219.json) (`2024-02-09T17:15:31.870`)
* [CVE-2024-20825](CVE-2024/CVE-2024-208xx/CVE-2024-20825.json) (`2024-02-09T17:29:39.753`)
* [CVE-2024-20823](CVE-2024/CVE-2024-208xx/CVE-2024-20823.json) (`2024-02-09T17:30:06.773`)
* [CVE-2024-20822](CVE-2024/CVE-2024-208xx/CVE-2024-20822.json) (`2024-02-09T17:30:17.653`)
* [CVE-2024-0370](CVE-2024/CVE-2024-03xx/CVE-2024-0370.json) (`2024-02-09T17:30:35.817`)
* [CVE-2024-20824](CVE-2024/CVE-2024-208xx/CVE-2024-20824.json) (`2024-02-09T17:31:03.593`)
* [CVE-2024-23319](CVE-2024/CVE-2024-233xx/CVE-2024-23319.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-24774](CVE-2024/CVE-2024-247xx/CVE-2024-24774.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-24776](CVE-2024/CVE-2024-247xx/CVE-2024-24776.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-1402](CVE-2024/CVE-2024-14xx/CVE-2024-1402.json) (`2024-02-09T17:31:15.470`)
* [CVE-2024-22851](CVE-2024/CVE-2024-228xx/CVE-2024-22851.json) (`2024-02-09T18:03:33.997`)
* [CVE-2024-22318](CVE-2024/CVE-2024-223xx/CVE-2024-22318.json) (`2024-02-09T18:15:08.680`)
## Download and Usage