From a503940f451b842d3c376969f684b2a5ff2bc102 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 6 Feb 2024 11:00:30 +0000 Subject: [PATCH] Auto-Update: 2024-02-06T11:00:26.647805+00:00 --- CVE-2022/CVE-2022-36xx/CVE-2022-3647.json | 37 ++++++++-- CVE-2023/CVE-2023-45xx/CVE-2023-4503.json | 75 +++++++++++++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0684.json | 63 +++++++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23673.json | 55 +++++++++++++++ CVE-2024/CVE-2024-239xx/CVE-2024-23917.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24936.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24937.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24938.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24939.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24940.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24941.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24942.json | 55 +++++++++++++++ CVE-2024/CVE-2024-249xx/CVE-2024-24943.json | 55 +++++++++++++++ CVE-2024/CVE-2024-251xx/CVE-2024-25140.json | 28 ++++++++ README.md | 36 +++++----- 15 files changed, 768 insertions(+), 21 deletions(-) create mode 100644 CVE-2023/CVE-2023-45xx/CVE-2023-4503.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0684.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23673.json create mode 100644 CVE-2024/CVE-2024-239xx/CVE-2024-23917.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24936.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24937.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24938.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24939.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24940.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24941.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24942.json create mode 100644 CVE-2024/CVE-2024-249xx/CVE-2024-24943.json create mode 100644 CVE-2024/CVE-2024-251xx/CVE-2024-25140.json diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json index 25875ae7263..6dfdd381b8c 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3647.json @@ -2,12 +2,12 @@ "id": "CVE-2022-3647", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-21T18:15:10.183", - "lastModified": "2023-11-07T03:51:34.463", + "lastModified": "2024-02-06T10:15:08.497", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred." + "value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 1.4 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,11 +56,36 @@ "exploitabilityScore": 1.6, "impactScore": 1.4 } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 1.8 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.2, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } ] }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -98,6 +123,10 @@ "Third Party Advisory" ] }, + { + "url": "https://vuldb.com/?ctiid.211962", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?id.211962", "source": "cna@vuldb.com", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4503.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4503.json new file mode 100644 index 00000000000..d6da8df7d49 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4503.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-4503", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-02-06T09:15:52.407", + "lastModified": "2024-02-06T09:15:52.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7637", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7638", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7639", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7641", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4503", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0684.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0684.json new file mode 100644 index 00000000000..c7fd65683f4 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0684.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-0684", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-06T09:15:52.643", + "lastModified": "2024-02-06T09:15:52.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0684", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258948", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/01/18/2", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23673.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23673.json new file mode 100644 index 00000000000..84a7266d28c --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23673.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23673", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-06T10:15:08.833", + "lastModified": "2024-02-06T10:15:08.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nMalicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.\nIf the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.\u00a0\n\nUsers are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23917.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23917.json new file mode 100644 index 00000000000..3ad85f3caa2 --- /dev/null +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23917.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23917", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:09.280", + "lastModified": "2024-02-06T10:15:09.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24936.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24936.json new file mode 100644 index 00000000000..a5c5c812e30 --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24936.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24936", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:09.553", + "lastModified": "2024-02-06T10:15:09.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24937.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24937.json new file mode 100644 index 00000000000..41ba1175b0b --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24937.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24937", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:09.957", + "lastModified": "2024-02-06T10:15:09.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24938.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24938.json new file mode 100644 index 00000000000..94c3931649b --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24938.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24938", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:10.303", + "lastModified": "2024-02-06T10:15:10.303", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24939.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24939.json new file mode 100644 index 00000000000..80a8232bcfd --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24939.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24939", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:10.603", + "lastModified": "2024-02-06T10:15:10.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24940.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24940.json new file mode 100644 index 00000000000..f1a4274789b --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24940.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24940", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:10.960", + "lastModified": "2024-02-06T10:15:10.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24941.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24941.json new file mode 100644 index 00000000000..3944784a755 --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24941.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24941", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:11.183", + "lastModified": "2024-02-06T10:15:11.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24942.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24942.json new file mode 100644 index 00000000000..1f464086a7d --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24942.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24942", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:11.590", + "lastModified": "2024-02-06T10:15:11.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24943.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24943.json new file mode 100644 index 00000000000..3c588ea90e7 --- /dev/null +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24943.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24943", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-02-06T10:15:11.837", + "lastModified": "2024-02-06T10:15:11.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25140.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25140.json new file mode 100644 index 00000000000..338692c3565 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25140.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-25140", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-06T09:15:52.827", + "lastModified": "2024-02-06T09:15:52.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is \"we do not have EV cert, so we use test cert as a workaround.\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rustdesk/rustdesk/discussions/6444", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=39256493", + "source": "cve@mitre.org" + }, + { + "url": "https://serverfault.com/questions/837994", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b48f99c5268..3c1f204fbb9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T09:00:23.653777+00:00 +2024-02-06T11:00:26.647805+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T08:15:52.203000+00:00 +2024-02-06T10:15:11.837000+00:00 ``` ### Last Data Feed Release @@ -29,31 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237753 +237766 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `13` -* [CVE-2023-25543](CVE-2023/CVE-2023-255xx/CVE-2023-25543.json) (`2024-02-06T07:15:08.170`) -* [CVE-2023-28049](CVE-2023/CVE-2023-280xx/CVE-2023-28049.json) (`2024-02-06T07:15:09.167`) -* [CVE-2023-52239](CVE-2023/CVE-2023-522xx/CVE-2023-52239.json) (`2024-02-06T07:15:10.530`) -* [CVE-2023-28063](CVE-2023/CVE-2023-280xx/CVE-2023-28063.json) (`2024-02-06T08:15:46.863`) -* [CVE-2023-32451](CVE-2023/CVE-2023-324xx/CVE-2023-32451.json) (`2024-02-06T08:15:48.843`) -* [CVE-2023-32454](CVE-2023/CVE-2023-324xx/CVE-2023-32454.json) (`2024-02-06T08:15:49.850`) -* [CVE-2023-32474](CVE-2023/CVE-2023-324xx/CVE-2023-32474.json) (`2024-02-06T08:15:50.647`) -* [CVE-2023-32479](CVE-2023/CVE-2023-324xx/CVE-2023-32479.json) (`2024-02-06T08:15:51.383`) -* [CVE-2024-22433](CVE-2024/CVE-2024-224xx/CVE-2024-22433.json) (`2024-02-06T07:15:11.337`) -* [CVE-2024-22365](CVE-2024/CVE-2024-223xx/CVE-2024-22365.json) (`2024-02-06T08:15:52.203`) +* [CVE-2023-4503](CVE-2023/CVE-2023-45xx/CVE-2023-4503.json) (`2024-02-06T09:15:52.407`) +* [CVE-2024-0684](CVE-2024/CVE-2024-06xx/CVE-2024-0684.json) (`2024-02-06T09:15:52.643`) +* [CVE-2024-25140](CVE-2024/CVE-2024-251xx/CVE-2024-25140.json) (`2024-02-06T09:15:52.827`) +* [CVE-2024-23673](CVE-2024/CVE-2024-236xx/CVE-2024-23673.json) (`2024-02-06T10:15:08.833`) +* [CVE-2024-23917](CVE-2024/CVE-2024-239xx/CVE-2024-23917.json) (`2024-02-06T10:15:09.280`) +* [CVE-2024-24936](CVE-2024/CVE-2024-249xx/CVE-2024-24936.json) (`2024-02-06T10:15:09.553`) +* [CVE-2024-24937](CVE-2024/CVE-2024-249xx/CVE-2024-24937.json) (`2024-02-06T10:15:09.957`) +* [CVE-2024-24938](CVE-2024/CVE-2024-249xx/CVE-2024-24938.json) (`2024-02-06T10:15:10.303`) +* [CVE-2024-24939](CVE-2024/CVE-2024-249xx/CVE-2024-24939.json) (`2024-02-06T10:15:10.603`) +* [CVE-2024-24940](CVE-2024/CVE-2024-249xx/CVE-2024-24940.json) (`2024-02-06T10:15:10.960`) +* [CVE-2024-24941](CVE-2024/CVE-2024-249xx/CVE-2024-24941.json) (`2024-02-06T10:15:11.183`) +* [CVE-2024-24942](CVE-2024/CVE-2024-249xx/CVE-2024-24942.json) (`2024-02-06T10:15:11.590`) +* [CVE-2024-24943](CVE-2024/CVE-2024-249xx/CVE-2024-24943.json) (`2024-02-06T10:15:11.837`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `1` -* [CVE-2023-36260](CVE-2023/CVE-2023-362xx/CVE-2023-36260.json) (`2024-02-06T07:15:09.673`) -* [CVE-2024-1143](CVE-2024/CVE-2024-11xx/CVE-2024-1143.json) (`2024-02-06T07:15:10.813`) +* [CVE-2022-3647](CVE-2022/CVE-2022-36xx/CVE-2022-3647.json) (`2024-02-06T10:15:08.497`) ## Download and Usage