admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-30T15:00:25.970047+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-30 15:00:29 +00:00
parent a26fd0f591
commit a78fd27c47
85 changed files with 2462 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CVE-2021/CVE-2021-421xx/CVE-2021-42141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42141",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T23:15:08.120",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:30:05.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,83 @@
"value": "Se descubri\u00f3 un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podr\u00eda completarse con diferentes n\u00fameros de \u00e9poca en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2018-08-30",
"matchCriteriaId": "E938DF84-2663-4516-87E3-B7E46789F6A1"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/contiki-ng/tinydtls/issues/27",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/14",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-228xx/CVE-2023-22836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22836",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2024-01-29T19:15:08.100",
"lastModified": "2024-01-29T19:15:08.100",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
},
{
"lang": "es",
"value": "En los casos en que un usuario de pila multi-tenant est\u00e9 operando el servicio Foundry\u2019s Linter y el usuario cambie el nombre de un grupo del valor predeterminado, el valor renombrado puede ser visible para el resto de los inquilinos de la pila."
}
],
"metrics": {

99
CVE-2023/CVE-2023-287xx/CVE-2023-28722.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28722",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:09.107",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:47:58.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Las restricciones inadecuadas del b\u00fafer para algunos firmware de BIOS Intel NUC anteriores a la versi\u00f3n IN0048 pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:inwhl357.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "CB60CA15-6E8D-422A-B1A1-9681EA052639"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18330FCA-FFDE-4B0E-8703-1DAE0633C053"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:inwhl357.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "95125F4B-3DFF-4F40-8F6C-BE8587C255B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7FB4D7-3AED-4BBD-9655-6C300FC08218"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-309xx/CVE-2023-30970.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30970",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2024-01-29T19:15:08.313",
"lastModified": "2024-01-29T19:15:08.313",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el servicio Gotham Table y Forward App eran vulnerables a un problema de path traversal que permit\u00eda a un usuario autenticado leer archivos arbitrarios en el sistema de archivos."
}
],
"metrics": {

69
CVE-2023/CVE-2023-332xx/CVE-2023-33295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33295",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:10.567",
"lastModified": "2024-01-23T23:15:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:29:36.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que Cohesity DataProtect 6.8.1 y 6.6.0d ten\u00eda una vulnerabilidad de control de acceso incorrecto debido a la falta de validaci\u00f3n del certificado TLS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cohesity:cohesity_dataplatform:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.1",
"matchCriteriaId": "0CD74FC9-0166-47BD-9635-EE45422DF49B"
}
]
}
]
}
],
"references": [
{
"url": "https://cohesity.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2023-33295.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-362xx/CVE-2023-36259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36259",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T09:15:47.377",
"lastModified": "2024-01-30T09:15:47.377",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-362xx/CVE-2023-36260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36260",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T09:15:47.440",
"lastModified": "2024-01-30T09:15:47.440",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-375xx/CVE-2023-37571.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37571",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:58.803",
"lastModified": "2024-01-30T01:15:58.803",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Softing TH SCOPE through 3.70 allows XSS."
},
{
"lang": "es",
"value": "Softing TH SCOPE hasta 3,70 permite XSS."
}
],
"metrics": {},

69
CVE-2023/CVE-2023-37xx/CVE-2023-3771.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-3771",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:11.480",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:56:48.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites."
},
{
"lang": "es",
"value": "El tema T1 de WordPress hasta la versi\u00f3n 19.0 es vulnerable a redirecciones abiertas no autenticadas con las que cualquier atacante redirige a los usuarios a sitios web arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:t1_project:t1:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "19.0",
"matchCriteriaId": "B7DAB6AA-FC08-47FC-9A55-F9DD87140ACF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/7c6fc499-de09-4874-ab96-bdc24d550cfb/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-385xx/CVE-2023-38541.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38541",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:10.627",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:28:38.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos heredados inseguros en algunos controladores Intel HID Event Filter para Windows 10 para algunos instaladores de software de port\u00e1tiles Intel NUC anteriores a la versi\u00f3n 2.2.2.1 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:hid_event_filter_driver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.2.1",
"matchCriteriaId": "2C574C63-EA47-4E43-9E2A-5CC0C1FC377E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

396
CVE-2023/CVE-2023-385xx/CVE-2023-38587.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38587",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:10.813",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:28:54.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunos firmware de BIOS Intel NUC puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,366 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i3behfa_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "D7628FD5-B359-4778-9BDC-431C00A60B20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i3behfa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6615B-4A7A-40E0-81F0-97EB50C0E244"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i5behfa_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "334A6D25-8C5B-46DF-A646-927EFDA42E96"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i5behfa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF0EDCE-3179-4DAC-9E43-FC4B917064A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i5bekpa_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "5012817B-F8D7-4042-8A78-3E23754C162C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i5bekpa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB778DD-7238-49F7-9B03-8E023FE1EA74"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7behga_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "E251B101-FF90-43D1-82A5-7872AE7DA19B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7behga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75554150-3969-4212-A280-526B37045258"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7bekqa_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD15A7C-6DBE-4AA7-AA45-66650E43D3ED"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7bekqa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE2DC64-4764-4705-BE36-EDB822AE5BAE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3beh_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B5CF65-8BD7-46C7-A695-2AF178974490"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3beh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394145CF-3DDE-4C8E-92E5-79E93459044E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3bek_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EDD019-F2E8-4C96-932B-840C53BE1766"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bek:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6AD0CE-D15D-410A-80A5-756D83DA973B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5beh_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "1D132515-79D2-41AF-A7B5-BA7E63757151"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5beh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B980FA8-25E2-4264-B330-F7A9BA14943A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5bek_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "9F136B17-7B29-432D-92EB-C7997FC0AA28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5bek:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F419C8-C0D0-42C7-AF8A-B8A23A215BC3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7beh_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "6F139054-983A-4F44-B958-DE30DE788B32"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7beh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "771DCB9D-2874-447C-AE8F-0193AD0D2C17"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3behs_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "08E116FB-2F2A-4612-9FAA-CCDB7F4200A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3behs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB12206-EA7C-4153-982F-716C96F1715A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5behs_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA35DE5-667B-4EE4-B540-DD19A7232309"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5behs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7656721C-73F2-43F5-BB36-80789D65BBEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7bek_firmware:becfl357.0095:*:*:*:*:*:*:*",
"matchCriteriaId": "34326BC8-5D17-41E5-AB3C-DCFD113E75BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7bek:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82A6A0FA-8DD5-4774-99C3-272D4CAC1C75"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

207
CVE-2023/CVE-2023-424xx/CVE-2023-42429.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42429",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:11.343",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:20:32.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Las restricciones inadecuadas del b\u00fafer en algunos firmware del BIOS Intel NUC pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,177 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "64DF4579-6014-4B3B-9D0C-7F7B0411366C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7266102D-7B1C-403A-9E27-4E895AC6DCD5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "AECA5B22-1E3B-491C-A626-1FF102E321DC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1298E3-75D5-4ECB-B063-0F635EC0EB80"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "E47D606D-E423-4B7C-9577-BB4ECE8EABA2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1956157-B3D8-49F7-8B4D-CB188AB8F04C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "39E3422A-1803-4C38-A657-7A1130725D04"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "AE14E375-EF46-4466-A6C5-9C2F53DF00D6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CD5445-C828-4157-BE6C-2F606338DAEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "B84818C5-6FD0-4CBF-AC72-53152CC6FD28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD804138-230D-48CD-9990-900DB9760142"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-427xx/CVE-2023-42766.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42766",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:11.537",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:28:01.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunos firmware del BIOS Intel NUC 8 Compute Element puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_compute_element_cm8v5cb_firmware:cbwhlmiv.103:*:*:*:*:*:*:*",
"matchCriteriaId": "091B8649-6C7C-46A2-B015-D3781BC230C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_compute_element_cm8v5cb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDF2D-D808-4FEF-B8D0-DD1117B395A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_compute_element_cm8v7cb_firmware:cbwhlmiv.103:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1F558B-FA4D-4962-BA45-E399A6C324C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_compute_element_cm8v7cb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF24046F-CE1B-401D-882C-3F705AA6C481"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-45xx/CVE-2023-4550.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4550",
"sourceIdentifier": "security@opentext.com",
"published": "2024-01-29T21:15:08.670",
"lastModified": "2024-01-29T21:15:08.670",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta, archivos o directorios accesibles a partes externas en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado o no autenticado puede abusar de una p\u00e1gina de AppBuilder para leer archivos arbitrarios en el servidor en el que est\u00e1 alojada. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4551.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4551",
"sourceIdentifier": "security@opentext.com",
"published": "2024-01-29T21:15:08.880",
"lastModified": "2024-01-29T21:15:08.880",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.\n\nThe AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite la inyecci\u00f3n de comandos del sistema operativo. La funcionalidad Scheduler de AppBuilder que facilita la creaci\u00f3n de tareas programadas es vulnerable a la inyecci\u00f3n de comandos. Esto permite a los usuarios autenticados inyectar comandos arbitrarios del sistema operativo en el proceso de ejecuci\u00f3n. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4552.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4552",
"sourceIdentifier": "security@opentext.com",
"published": "2024-01-29T21:15:09.073",
"lastModified": "2024-01-29T21:15:09.073",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado de AppBuilder con la capacidad de crear o administrar bases de datos existentes puede aprovecharlas para explotar el servidor de AppBuilder, incluido el acceso a su sistema de archivos local. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4553.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4553",
"sourceIdentifier": "security@opentext.com",
"published": "2024-01-29T21:15:09.263",
"lastModified": "2024-01-29T21:15:09.263",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\n\nAppBuilder configuration files are viewable by unauthenticated users.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Los usuarios no autenticados pueden ver los archivos de configuraci\u00f3n de AppBuilder. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4554.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4554",
"sourceIdentifier": "security@opentext.com",
"published": "2024-01-29T21:15:09.457",
"lastModified": "2024-01-29T21:15:09.457",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.\n\nAppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de restricci\u00f3n inadecuada de la referencia de entidad externa XML en OpenText AppBuilder en Windows, Linux permite la server-side request forgery y sondear archivos del sistema. El procesador XML de AppBuilder es vulnerable al procesamiento de entidades externas XML (XXE), lo que permite a un usuario autenticado cargar archivos XML especialmente manipulados para inducir server-side request forgery y revelar archivos locales al servidor que los procesa. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2."
}
],
"metrics": {

73
CVE-2023/CVE-2023-470xx/CVE-2023-47035.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-47035",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.820",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:46:19.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPTC 0x3b08c no realiza comprobaciones de estado en el par\u00e1metro tradingOpen. Esta vulnerabilidad puede permitir a los atacantes realizar operaciones de transferencia no autorizadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etherscan:reptilian_coin:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8DECF94-DDCB-44E1-8E1D-981E5EF28EB0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://etherscan.io/token/0x3b08c03fa8278cf81b9043b228183760376fcdbb",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-490xx/CVE-2023-49038.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T21:15:08.620",
"lastModified": "2024-01-29T21:15:08.620",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root."
},
{
"lang": "es",
"value": "La inyecci\u00f3n de comandos en la utilidad ping en Buffalo LS210D 1.78-0.03 permite a un atacante remoto autenticado inyectar comandos arbitrarios en el NAS como root."
}
],
"metrics": {},

79
CVE-2023/CVE-2023-493xx/CVE-2023-49351.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-49351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T19:15:08.120",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T13:56:04.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario /bin/webs en la versi\u00f3n v1.23 del firmware Edimax BR6478AC V2 permite a los atacantes sobrescribir otros valores ubicados en la pila debido a un uso incorrecto de la funci\u00f3n strcpy()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:edimax:br-6478ac_firmware:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DDF2BE-95AB-41F7-AC3D-0C4681009A74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:edimax:br-6478ac:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7455F9-4812-44C9-A5E2-A25077C2C9BF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

6
CVE-2023/CVE-2023-517xx/CVE-2023-51764.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T05:15:08.273",
"lastModified": "2024-01-22T15:15:08.320",
"lastModified": "2024-01-30T14:15:47.213",
"vulnStatus": "Modified",
"descriptions": [
{
@ -184,6 +184,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/",
"source": "cve@mitre.org"

8
CVE-2023/CVE-2023-518xx/CVE-2023-51813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51813",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:58.873",
"lastModified": "2024-01-30T01:15:58.873",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Free Open-Source Inventory Management System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro staff_list en el componente index.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-518xx/CVE-2023-51837.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51837",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:58.920",
"lastModified": "2024-01-30T01:15:58.920",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation."
},
{
"lang": "es",
"value": "Ylianst MeshCentral 1.1.16 es vulnerable a la falta de validaci\u00f3n del certificado SSL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-518xx/CVE-2023-51839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51839",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.047",
"lastModified": "2024-01-29T20:15:15.047",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm."
},
{
"lang": "es",
"value": "DeviceFarmer stf v3.6.6 sufre de uso de un algoritmo criptogr\u00e1fico defectuoso o riesgoso."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-518xx/CVE-2023-51840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51840",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.100",
"lastModified": "2024-01-29T20:15:15.100",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key."
},
{
"lang": "es",
"value": "DoraCMS 2.1.8 es vulnerable al uso de claves criptogr\u00e1ficas codificadas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-518xx/CVE-2023-51842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51842",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.150",
"lastModified": "2024-01-29T20:15:15.150",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de degradaci\u00f3n del algoritmo en Ylianst MeshCentral 1.1.16."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-518xx/CVE-2023-51843.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51843",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:58.967",
"lastModified": "2024-01-30T01:15:58.967",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set."
},
{
"lang": "es",
"value": "react-dashboard 1.4.0 es vulnerable a Cross Site Scripting (XSS) ya que httpOnly no est\u00e1 configurado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-519xx/CVE-2023-51982.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:15:59.013",
"lastModified": "2024-01-30T01:15:59.013",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)"
},
{
"lang": "es",
"value": "CrateDB 5.5.1 contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente de la interfaz de usuario de administraci\u00f3n. Despu\u00e9s de configurar la autenticaci\u00f3n de contrase\u00f1a y_ Local_ En el caso de una direcci\u00f3n, la autenticaci\u00f3n de identidad se puede omitir configurando el encabezado de solicitud de IP de X-Real en un valor espec\u00edfico y accediendo a la interfaz de usuario del administrador directamente utilizando la identidad de usuario predeterminada. (https://github. es/crate/crate/issues/15231)"
}
],
"metrics": {},

4
CVE-2023/CVE-2023-520xx/CVE-2023-52071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52071",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:07.787",
"lastModified": "2024-01-30T07:15:07.787",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-53xx/CVE-2023-5372.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5372",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-01-30T01:15:59.063",
"lastModified": "2024-01-30T01:15:59.063",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device\u2019s web management interface."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en las versiones de firmware Zyxel NAS326 hasta V5.21(AAZF.15)C0 y NAS542 hasta V5.21(ABAG.12)C0 podr\u00eda permitir que un atacante autenticado con privilegios de administrador ejecute alg\u00fan sistema operativo ( OS) enviando un par\u00e1metro de consulta dise\u00f1ado adjunto a la URL de la interfaz de administraci\u00f3n web de un dispositivo afectado."
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6374",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.520",
"lastModified": "2024-01-30T09:15:47.520",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-67xx/CVE-2023-6747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6747",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T09:15:11.487",
"lastModified": "2024-01-10T16:44:09.000",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-30T14:15:47.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -96,6 +96,14 @@
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/class-gallery-advanced-settings.php?rev=3027668#L149",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/functions.php#L1609",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=cve",
"source": "security@wordfence.com",

4
CVE-2023/CVE-2023-69xx/CVE-2023-6942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6942",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.757",
"lastModified": "2024-01-30T09:15:47.757",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-69xx/CVE-2023-6943.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6943",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-01-30T09:15:47.960",
"lastModified": "2024-01-30T09:15:47.960",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-71xx/CVE-2023-7192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7192",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T19:15:11.510",
"lastModified": "2024-01-09T01:43:40.960",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-30T13:15:07.933",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
"impactScore": 3.6
}
]
},

8
CVE-2023/CVE-2023-72xx/CVE-2023-7225.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7225",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-30T08:15:40.090",
"lastModified": "2024-01-30T08:15:40.090",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento MapPress Maps for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros de ancho y alto en todas las versiones hasta la 2.88.16 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

57
CVE-2023/CVE-2023-72xx/CVE-2023-7238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7238",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-23T20:15:45.413",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:20:10.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orthanc-server:osimis_web_viewer:1.4.2.0-9d9eff4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8E6B02-A66D-4084-A9C5-CAC7758A7F84"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0674.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0674",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.330",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0675.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0675",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.667",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of improper checking for unusual or exceptional conditions\n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version,\n\n the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0676.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0676",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-30T13:15:08.913",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Weak password requirement vulnerability \n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version\n\n, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines",
"source": "cve-coordination@incibe.es"
}
]
}

84
CVE-2024/CVE-2024-07xx/CVE-2024-0778.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0778",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T16:15:08.320",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T13:57:06.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en Uniview ISC 2500-S hasta 20210930. La funci\u00f3n setNatConfig del archivo /Interface/DevManage/VM.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento natAddress/natPort/natServerPort conduce a la inyecci\u00f3n de comandos del sistema operativo. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251696. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 con el proveedor primeramente y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:uniview:isc_2500-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20210930",
"matchCriteriaId": "665E0EC0-706A-41CA-87E0-F74C4062F14F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:uniview:isc_2500-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6671393C-0715-4B88-B64A-5B0E6CA0657D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.251696",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251696",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-10xx/CVE-2024-1016.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1016",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T18:15:07.800",
"lastModified": "2024-01-29T18:15:07.800",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Solar FTP Server 2.1.1/2.1.2. Ha sido declarada problem\u00e1tica. C\u00f3digo desconocido del componente PASV Command Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. VDB-252286 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1017.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T19:15:08.637",
"lastModified": "2024-01-29T19:15:08.637",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Gabriels FTP Server 1.2. Ha sido calificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n del argumento USERNAME conduce a la denegaci\u00f3n de servicio. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-252287."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1018.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T20:15:15.197",
"lastModified": "2024-01-29T20:15:15.197",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en PbootCMS 3.2.5-20230421 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin.php?p=/Area/index#tab=t2 es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252288."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1020.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1020",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T22:15:08.313",
"lastModified": "2024-01-29T22:15:08.313",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Rebuild hasta 3.5.5. La funci\u00f3n getStorageFile del archivo /filex/proxy-download es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252289."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1021.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T22:15:08.553",
"lastModified": "2024-01-29T22:15:08.553",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Rebuild hasta 3.5.5 y clasificada como cr\u00edtica. La funci\u00f3n readRawText del componente HTTP Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a la server-side request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252290 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1022.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T23:15:08.313",
"lastModified": "2024-01-29T23:15:08.313",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en CodeAstro Simple Student Result Management System 5.6 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /add_classes.php del componente Add Class Page afecta a una parte desconocida. La manipulaci\u00f3n del argumento Class Name conduce a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252291."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1024.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1024",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T01:15:59.380",
"lastModified": "2024-01-30T01:15:59.380",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente New Account Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n del argumento First Name/Last Name con la entrada conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252292."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1026.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T01:15:59.693",
"lastModified": "2024-01-30T01:15:59.693",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Cogites eReserv 7.7.58 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo front/admin/config.php. La manipulaci\u00f3n del argumento id con la entrada %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E conduce a cross site scripting. El ataque puede iniciarse de forma remota. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252293."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1027.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T03:15:07.617",
"lastModified": "2024-01-30T03:15:07.617",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Post Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El identificador de esta vulnerabilidad es VDB-252300."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1028.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1028",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T05:15:08.773",
"lastModified": "2024-01-30T05:15:08.773",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input <marquee>HACKED</marquee> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Post Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Description con la entrada HACKED conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252301."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1029.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T06:15:45.633",
"lastModified": "2024-01-30T06:15:45.633",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux\"><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Cogites eReserv 7.7.58 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /front/admin/tenancyDetail.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nom con la entrada Dreux\"&gt; conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n se ha divulgado al p\u00fablico y puede usarse VDB-252302 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1030.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T10:15:08.467",
"lastModified": "2024-01-30T10:15:08.467",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Cogites eReserv 7.7.58. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /front/admin/tenancyDetail.php. La manipulaci\u00f3n del argumento id conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-252303."
}
],
"metrics": {

88
CVE-2024/CVE-2024-10xx/CVE-2024-1031.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1031",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T13:15:09.123",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252304",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252304",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1032.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1032",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T14:15:47.577",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/6ISYe2urjlkI",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252307",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252307",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1033.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1033",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T14:15:47.853",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/nD654ot6zRQZ",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252308",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252308",
"source": "cna@vuldb.com"
}
]
}

4
CVE-2024/CVE-2024-10xx/CVE-2024-1061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1061",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-01-30T09:15:48.367",
"lastModified": "2024-01-30T09:15:48.367",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-10xx/CVE-2024-1063.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1063",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-01-30T10:15:09.267",
"lastModified": "2024-01-30T10:15:09.267",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.\n"
},
{
"lang": "es",
"value": "Appwrite &lt;= v1.4.13 se ve afectada por Server-Side Request Forgery (SSRF) a trav\u00e9s del endpoint '/v1/avatars/favicon' debido a una soluci\u00f3n incompleta de CVE-2023-27159."
}
],
"metrics": {

8
CVE-2024/CVE-2024-214xx/CVE-2024-21488.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21488",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-30T05:15:09.277",
"lastModified": "2024-01-30T05:15:09.277",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on."
},
{
"lang": "es",
"value": "Las versiones de la red de paquetes anteriores a la 0.7.0 son vulnerables a la inyecci\u00f3n de comandos arbitrarios debido al uso de la funci\u00f3n ejecutiva child_process sin sanitizaci\u00f3n de entrada. Si se proporciona entrada de usuario (controlada por el atacante) a la funci\u00f3n mac_address_for del paquete, es posible que un atacante ejecute comandos arbitrarios en el sistema operativo en el que se ejecuta este paquete."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21803",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-01-30T08:15:41.373",
"lastModified": "2024-01-30T08:15:41.373",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (m\u00f3dulos bluetooth) permite la ejecuci\u00f3n local de c\u00f3digo. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21840",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2024-01-30T03:15:07.867",
"lastModified": "2024-01-30T03:15:07.867",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de permisos predeterminados incorrectos en Hitachi Storage Plug-in para VMware vCenter permite a los usuarios locales leer y escribir archivos espec\u00edficos. Este problema afecta a Hitachi Storage Plug-in para VMware vCenter: desde 04.0.0 hasta 04.9.2."
}
],
"metrics": {

4
CVE-2024/CVE-2024-225xx/CVE-2024-22523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22523",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T09:15:48.573",
"lastModified": "2024-01-30T09:15:48.573",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-225xx/CVE-2024-22570.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.420",
"lastModified": "2024-01-29T20:15:15.420",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en /install.php?m=install&amp;c=index&amp;a=step3 de GreenCMS v2.3 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-226xx/CVE-2024-22643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22643",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:07.950",
"lastModified": "2024-01-30T07:15:07.950",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-226xx/CVE-2024-22646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22646",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.027",
"lastModified": "2024-01-30T07:15:08.027",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-226xx/CVE-2024-22647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22647",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.103",
"lastModified": "2024-01-30T07:15:08.103",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-226xx/CVE-2024-22648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22648",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.200",
"lastModified": "2024-01-30T07:15:08.200",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-226xx/CVE-2024-22682.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22682",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:16:00.020",
"lastModified": "2024-01-30T01:16:00.020",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature."
},
{
"lang": "es",
"value": "DuckDB &lt;=0.9.2 y DuckDB extension-template &lt;=0.9.2 son vulnerables a la inyecci\u00f3n de extensiones maliciosas a trav\u00e9s de la funci\u00f3n de extensi\u00f3n personalizada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-228xx/CVE-2024-22894.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T10:15:09.833",
"lastModified": "2024-01-30T10:15:09.833",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps wp2reg-V.3.88.0-9015, allows remote attackers to execute arbitrary code via the password component in the shadow file."
},
{
"lang": "es",
"value": "Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de contrase\u00f1a en el archivo sombra."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-229xx/CVE-2024-22938.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22938",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:16:00.077",
"lastModified": "2024-01-30T01:16:00.077",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component."
},
{
"lang": "es",
"value": "La vulnerabilidad de permisos inseguros en BossCMS v.1.3.0 permite a un atacante local ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de la funci\u00f3n init en el componente admin.class.php."
}
],
"metrics": {},

76
CVE-2024/CVE-2024-232xx/CVE-2024-23219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23219",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.450",
"lastModified": "2024-01-26T17:15:13.057",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T14:36:42.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,81 @@
"value": "El problema se solucion\u00f3 con una autenticaci\u00f3n mejorada. Este problema se solucion\u00f3 en iOS 17.3 y iPadOS 17.3. La protecci\u00f3n de dispositivos robados puede desactivarse inesperadamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

191
CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-01-26T18:15:12.997",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T14:32:15.580",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-23",
"cisaActionDue": "2024-02-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -18,63 +18,220 @@
"value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7.3",
"matchCriteriaId": "ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214056",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214057",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-233xx/CVE-2024-23334.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23334",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T23:15:08.563",
"lastModified": "2024-01-29T23:15:08.563",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Cuando se utiliza aiohttp como servidor web y se configuran rutas est\u00e1ticas, es necesario especificar la ruta ra\u00edz para los archivos est\u00e1ticos. Adem\u00e1s, la opci\u00f3n 'follow_symlinks' se puede utilizar para determinar si se deben seguir enlaces simb\u00f3licos fuera del directorio ra\u00edz est\u00e1tico. Cuando 'follow_symlinks' se establece en Verdadero, no hay validaci\u00f3n para verificar si la lectura de un archivo est\u00e1 dentro del directorio ra\u00edz. Esto puede generar vulnerabilidades de directory traversal, lo que resulta en acceso no autorizado a archivos arbitrarios en el sistema, incluso cuando no hay enlaces simb\u00f3licos presentes. Se recomiendan como mitigaciones deshabilitar follow_symlinks y usar un proxy inverso. La versi\u00f3n 3.9.2 soluciona este problema."
}
],
"metrics": {

53
CVE-2024/CVE-2024-233xx/CVE-2024-23339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23339",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T23:15:08.413",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:30:28.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elijahharry:hoolock:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "C4DE5F97-F88D-4551-9194-4620945DA9C9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-233xx/CVE-2024-23340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23340",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T23:15:08.637",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T14:30:38.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hono:node-server:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "1.3.0",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "050ADA00-CAFF-4B7D-AB88-92F4196D1289"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/honojs/node-server/blob/8cea466fd05e6d2e99c28011fc0e2c2d3f3397c9/src/request.ts#L43-L45",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/honojs/node-server/commit/dd9b9a9b23e3896403c90a740e7f1f0892feb402",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/honojs/node-server/security/advisories/GHSA-rjq5-w47x-x359",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-238xx/CVE-2024-23829.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23829",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-29T23:15:08.767",
"lastModified": "2024-01-29T23:15:08.767",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las partes sensibles a la seguridad del analizador HTTP de Python conservaron diferencias menores en los conjuntos de caracteres permitidos, que deben activar el manejo de errores para hacer coincidir de manera s\u00f3lida los l\u00edmites de marco de los servidores proxy para proteger contra la inyecci\u00f3n de solicitudes adicionales. Adem\u00e1s, la validaci\u00f3n podr\u00eda desencadenar excepciones que no se manejaron de manera consistente con el procesamiento de otras entradas con formato incorrecto. Ser m\u00e1s indulgente de lo que exigen los est\u00e1ndares de Internet podr\u00eda, seg\u00fan el entorno de implementaci\u00f3n, ayudar en el contrabando de solicitudes. La excepci\u00f3n no controlada podr\u00eda causar un consumo excesivo de recursos en el servidor de aplicaciones y/o sus instalaciones de registro. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2023-47627. La versi\u00f3n 3.9.2 corrige esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23940.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23940",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-29T19:15:08.887",
"lastModified": "2024-01-29T19:15:08.887",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system."
},
{
"lang": "es",
"value": "Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versi\u00f3n 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podr\u00eda permitir a un atacante hacerse pasar por una librer\u00eda y modificarla para ejecutar c\u00f3digo en el sistema y, en \u00faltima instancia, escalar privilegios en un sistema afectado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24134.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24134",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T19:15:08.940",
"lastModified": "2024-01-29T19:15:08.940",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section."
},
{
"lang": "es",
"value": "Sourcecodester Online Food Menu 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de los campos 'Menu Name' y 'Description' en la secci\u00f3n Update Menu."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24135.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24135",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T19:15:08.990",
"lastModified": "2024-01-29T19:15:08.990",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks."
},
{
"lang": "es",
"value": "Product Name y Product Code en la secci\u00f3n 'Add Product' de Sourcecodester Product Inventory with Export to Excel 1.0 son vulnerables a ataques XSS."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24136.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.467",
"lastModified": "2024-01-29T20:15:15.467",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks."
},
{
"lang": "es",
"value": "El campo 'Your Name' en la secci\u00f3n Submit Score de Sourcecodester Math Game con Leaderboard v1.0 es vulnerable a ataques de Cross-Site Scripting (XSS)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24139",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.517",
"lastModified": "2024-01-29T20:15:15.517",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter."
},
{
"lang": "es",
"value": "El sistema de inicio de sesi\u00f3n Sourcecodester Login System with Email Verification 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'user'."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24140.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24140",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.557",
"lastModified": "2024-01-29T20:15:15.557",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Sourcecodester Daily Habit Tracker 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'tracker'."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24141.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24141",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.600",
"lastModified": "2024-01-29T20:15:15.600",
"vulnStatus": "Received",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Sourcecodester School Task Manager 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'task'."
}
],
"metrics": {},

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-30T11:00:24.962970+00:00
2024-01-30T15:00:25.970047+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-30T10:15:09.833000+00:00
2024-01-30T14:56:48.577000+00:00
```
### Last Data Feed Release
@ -29,31 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237114
237120
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `6`
* [CVE-2023-36259](CVE-2023/CVE-2023-362xx/CVE-2023-36259.json) (`2024-01-30T09:15:47.377`)
* [CVE-2023-36260](CVE-2023/CVE-2023-362xx/CVE-2023-36260.json) (`2024-01-30T09:15:47.440`)
* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-01-30T09:15:47.520`)
* [CVE-2023-6942](CVE-2023/CVE-2023-69xx/CVE-2023-6942.json) (`2024-01-30T09:15:47.757`)
* [CVE-2023-6943](CVE-2023/CVE-2023-69xx/CVE-2023-6943.json) (`2024-01-30T09:15:47.960`)
* [CVE-2024-1061](CVE-2024/CVE-2024-10xx/CVE-2024-1061.json) (`2024-01-30T09:15:48.367`)
* [CVE-2024-22523](CVE-2024/CVE-2024-225xx/CVE-2024-22523.json) (`2024-01-30T09:15:48.573`)
* [CVE-2024-1030](CVE-2024/CVE-2024-10xx/CVE-2024-1030.json) (`2024-01-30T10:15:08.467`)
* [CVE-2024-1063](CVE-2024/CVE-2024-10xx/CVE-2024-1063.json) (`2024-01-30T10:15:09.267`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-01-30T10:15:09.833`)
* [CVE-2024-0674](CVE-2024/CVE-2024-06xx/CVE-2024-0674.json) (`2024-01-30T13:15:08.330`)
* [CVE-2024-0675](CVE-2024/CVE-2024-06xx/CVE-2024-0675.json) (`2024-01-30T13:15:08.667`)
* [CVE-2024-0676](CVE-2024/CVE-2024-06xx/CVE-2024-0676.json) (`2024-01-30T13:15:08.913`)
* [CVE-2024-1031](CVE-2024/CVE-2024-10xx/CVE-2024-1031.json) (`2024-01-30T13:15:09.123`)
* [CVE-2024-1032](CVE-2024/CVE-2024-10xx/CVE-2024-1032.json) (`2024-01-30T14:15:47.577`)
* [CVE-2024-1033](CVE-2024/CVE-2024-10xx/CVE-2024-1033.json) (`2024-01-30T14:15:47.853`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `78`
* [CVE-2024-1014](CVE-2024/CVE-2024-10xx/CVE-2024-1014.json) (`2024-01-30T09:15:48.173`)
* [CVE-2024-1015](CVE-2024/CVE-2024-10xx/CVE-2024-1015.json) (`2024-01-30T09:15:48.277`)
* [CVE-2024-23334](CVE-2024/CVE-2024-233xx/CVE-2024-23334.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1024](CVE-2024/CVE-2024-10xx/CVE-2024-1024.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1026](CVE-2024/CVE-2024-10xx/CVE-2024-1026.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22682](CVE-2024/CVE-2024-226xx/CVE-2024-22682.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22938](CVE-2024/CVE-2024-229xx/CVE-2024-22938.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1027](CVE-2024/CVE-2024-10xx/CVE-2024-1027.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1028](CVE-2024/CVE-2024-10xx/CVE-2024-1028.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21803](CVE-2024/CVE-2024-218xx/CVE-2024-21803.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1061](CVE-2024/CVE-2024-10xx/CVE-2024-1061.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22523](CVE-2024/CVE-2024-225xx/CVE-2024-22523.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1030](CVE-2024/CVE-2024-10xx/CVE-2024-1030.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1063](CVE-2024/CVE-2024-10xx/CVE-2024-1063.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-23339](CVE-2024/CVE-2024-233xx/CVE-2024-23339.json) (`2024-01-30T14:30:28.343`)
* [CVE-2024-23340](CVE-2024/CVE-2024-233xx/CVE-2024-23340.json) (`2024-01-30T14:30:38.267`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-30T14:32:15.580`)
* [CVE-2024-23219](CVE-2024/CVE-2024-232xx/CVE-2024-23219.json) (`2024-01-30T14:36:42.017`)
## Download and Usage