admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-18T17:00:24.680887+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-18 17:00:28 +00:00
parent f28f81130f
commit a83a66a0e4
51 changed files with 2866 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-92xx/CVE-2020-9294.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-9294",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2020-04-27T17:15:13.593",
"lastModified": "2020-05-04T14:22:31.947",
"lastModified": "2024-01-18T15:48:06.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -104,10 +104,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*",
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.1",
"matchCriteriaId": "4F76CD15-B690-4850-9FE2-34B463E1C390"
"matchCriteriaId": "28A42A3E-FBA6-4A68-AD2B-7CFFBDCF1E49"
}
]
}

63
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.\n\nThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "securities@openeuler.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "securities@openeuler.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://gitee.com/src-openeuler/kernel/pulls/1389",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031",
"source": "securities@openeuler.org"
}
]
}

83
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json Normal file
View File

@ -0,0 +1,83 @@
{
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "securities@openeuler.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "securities@openeuler.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://gitee.com/src-openeuler/kernel/pulls/1389",
"source": "securities@openeuler.org"
},
{
"url": "https://gitee.com/src-openeuler/kernel/pulls/1396",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034",
"source": "securities@openeuler.org"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035",
"source": "securities@openeuler.org"
}
]
}

166
CVE-2021/CVE-2021-427xx/CVE-2021-42755.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-42755",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2022-07-18T17:15:08.413",
"lastModified": "2022-07-25T18:33:51.503",
"lastModified": "2024-01-18T15:48:06.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -112,208 +112,208 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "0888B66F-A7CD-43C0-A58C-7C7B5CB61E32"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53151CA2-647D-4E40-9247-C0F4E6CB680B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "1267C642-21DA-4236-B408-2D7A6C47725E"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5C8467-1765-434E-8C11-65D3139459EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "6BF4DEDB-7B4C-44D2-A52A-AB6FFB714923"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9ECD0B-C46E-485B-AA41-40B9C2A90547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "6CB7B6AA-3429-4F48-B00B-8E3B9D7C1F92"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC948E98-B48D-499B-8FD1-4B75754D2B78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "10AE2187-5E11-47AB-973C-B5BC0D88A12E"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "668FED55-7378-487E-BE00-C33A45076F02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "CA0A44A9-3442-4F91-9555-BB58126147DE"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "787C3018-40FA-415C-AF4C-D178AC4FB65E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "E4CE7424-1BBE-40F8-BBE6-7A2DC105861A"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4F35AB98-B0CD-4B04-992E-087054FCF91F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "87F3070D-EF6C-41A3-9454-1438AE4010E7"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91BF8703-2835-4895-A347-74B6E9A2FA30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "88AF5CCB-1F8B-4486-BBAD-C36010531DF5"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C94723AB-6BBE-4F5E-9560-5ECBE3A809A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "F0CBD02E-D8C8-4317-9D99-A3FF37D24ED1"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E13ECB66-4AC4-4C1F-92DE-9C8788DD5379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "5587891C-1B8E-458C-B25A-F05B9D9E8D1F"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "640AC3C4-9529-4796-A2B7-E15C9AB520DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "4DCA946D-0592-41A2-90AE-E369EE519C90"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "11C09ED8-BEDB-4EAA-B55B-CD8F81FC74CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "2D908680-0783-42B6-B3BD-4C0A308E8761"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4C31FB79-990A-403F-8479-A531837C7A79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "886C8BA2-F4BB-41C5-B02C-47894AADAEDF"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFE82DC-E7BF-440A-A91E-00E5E4613592"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "608E77FF-2455-490A-82D5-89CD61C2F87A"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "67411CD4-56F9-4300-BA76-87227EE5CB5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "E7586076-0E03-493E-9709-0FC5593C1748"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE39C3-77E7-4BF0-AEA7-186A12DDC965"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "39A4F586-FE43-4541-BEF9-A16C4AFC303F"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C49169A3-E7D2-4A4F-8729-551CCB33452A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "7E3B5009-DEE8-4495-855E-3DD83C571654"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7D4A9-9143-4055-BAA2-E6093B5ED085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "C7A28BEC-BE96-4F25-951D-0C9FE9468CAB"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "280D0F29-9BBC-4F39-91D3-C26EBAEEFC4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "78A7AF72-EAFF-4965-BD5F-0562C382B480"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "47E2D164-490D-40F2-925B-C1DF2D8905F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "7B79EBCE-9630-4C62-B80F-D227488BFEFE"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "17FA9D1F-22C3-4B66-89C9-68EF40D7B128"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "85B5F42D-1516-435F-AE53-45DE12969E17"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "294F7FEE-D8A0-4B6A-ACF4-539F558BAAF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "A36D152F-EC56-45B1-B95E-E845E1A461EC"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DE63E91F-43C9-4878-8ABF-43D6FA243B6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "416E9D59-6789-47BD-9134-61090A7C64B3"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "21E72112-DD6F-4F04-B7A6-32F4A3CD652C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "A70B9B11-2356-42BB-A844-67EF50D0FF0E"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0E46A71A-CC32-4FB9-B291-9D5213F2512B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "F5EF3FD7-29F5-4A1A-8813-4F092E937B24"
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2A710-4758-4B86-82C8-D3DDFD082935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "49C799EE-B97A-46FA-AB96-BAC8F19356F0"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C717350D-43D2-41A4-9AA9-F8EA4F5480CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "ED9D0634-3837-4E8D-B288-34DE8BD218FA"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDD21BC-FD00-4CF5-B093-1E6E9DAC9613"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "457DBF75-805F-4BD1-B931-8220403BC216"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C2594-036C-40E0-BAC5-78945229746C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "3ABFEC5E-61DA-4AC3-BD32-811F24B4C213"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2917F59F-366B-434E-9CCB-1B734396932A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "20EE0E01-C635-4D60-815B-568DDB002F37"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1139A66-DE22-4D31-A17F-E0A7BB4111D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "695FC3A2-2B80-4CCC-8D27-B323B8000D1A"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8B76AF-0BF0-4283-90B1-48D877CF69A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "EBCFB41A-AAF3-4BF9-BBE4-C384E2D9AAE5"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC98DF7-9441-4F7B-9B01-36A5F63BD401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "D6C2FB81-5FAF-40A8-8226-2DF9AB35A131"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA095F4-1B52-40B2-ADFE-19699C2F9E6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "FCB4228F-2CDF-4ADE-98EB-AE5E4F608929"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF91792-6CFF-4069-826D-E252CF9CFB84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "6165F4CD-505E-4099-8CA0-1B50ED0132D6"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41C9826B-C2E2-4A10-AC6F-CDFDBE837049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "A9222D3A-8DC2-4F30-B778-15114F29F32E"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "065C0602-8785-404F-8DD5-EC884F0AC372"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "4E97E260-2B64-4791-885D-8643DA1B05F1"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D01-091F-42BC-AC76-45A582873EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "31DFF0A5-4CBE-48EA-B489-EE049F532CB0"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B920B4C-96A2-4341-8F19-8E08A583FEAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "E7AEBE9E-1231-4F29-85C1-D9B46D6DE6F2"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9E1371-6C7B-4E98-B34A-9D03C6636CCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:entreprise:*:*:*",
"matchCriteriaId": "140FF97C-C8C7-46F9-8EA4-3AE9BEF35672"
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "148EFCE2-1EBA-4673-98D2-86095564B727"
},
{
"vulnerable": true,

10
CVE-2021/CVE-2021-427xx/CVE-2021-42757.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-42757",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2021-12-08T11:15:11.840",
"lastModified": "2023-08-29T19:49:23.853",
"lastModified": "2024-01-18T15:48:06.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -214,17 +214,17 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*",
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.10",
"matchCriteriaId": "09D2F101-1B67-454C-B21B-28C86F8569FC"
"matchCriteriaId": "70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*",
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.4",
"matchCriteriaId": "CB5B77BB-A4A5-4E46-9FF6-A8686570E0D1"
"matchCriteriaId": "E8611A25-64A1-4BCE-AA46-E47DFD607CB2"
},
{
"vulnerable": true,

171
CVE-2022/CVE-2022-274xx/CVE-2022-27488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27488",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:10.910",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:48:06.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +80,145 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19BD18D1-18D4-4D01-BF20-63458D0B20DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "649E0260-0770-4D6A-A679-8862D7039A08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.12",
"matchCriteriaId": "01F784BF-4F89-4938-9150-F911E3EB6CD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.9",
"matchCriteriaId": "AEDC7EE8-084C-4F9E-A510-E283FCDF9832"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.6",
"matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.3",
"matchCriteriaId": "3680FCC2-6397-4726-AA94-902C3831EDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.4",
"matchCriteriaId": "7E091862-662E-40F0-9D53-6F9B898115BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "888692FD-3219-49D3-898C-F4EA84CCC6CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndIncluding": "2.6.3",
"matchCriteriaId": "78EA72E6-DBA2-4E76-AF17-7AC63D542241"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndIncluding": "2.7.7",
"matchCriteriaId": "4A18D3F0-FED4-49D1-BD14-C57875D48190"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.11",
"matchCriteriaId": "BAED4521-DF4F-4CCA-82CE-9FAC7BC95391"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.2",
"matchCriteriaId": "C8252967-27EB-4596-A1BF-673DE66B77BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.11",
"matchCriteriaId": "D3AE050D-F16C-4FA4-B1F3-54708C8BDC4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.7",
"matchCriteriaId": "FCD41EBB-A032-40F1-85F9-E2640DD7F448"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.7",
"matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.7",
"matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.10",
"matchCriteriaId": "4EAE583E-5D26-4224-AB58-DC3E4A6EA505"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.4",
"matchCriteriaId": "2681D458-EE55-478D-92D1-C6BB7BB3BAC4"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-038",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-284xx/CVE-2023-28439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28439",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-03-22T21:15:18.607",
"lastModified": "2023-11-03T21:15:13.613",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-18T15:11:43.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -64,6 +64,16 @@
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
@ -83,6 +93,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
@ -109,15 +144,26 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
]
}
]
}

72
CVE-2023/CVE-2023-379xx/CVE-2023-37932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37932",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:45.570",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:50:39.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,56 @@
"value": "CWE-22"
}
]
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.12",
"matchCriteriaId": "C0B44874-E530-40B9-92F5-03667CFB9F1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.8",
"matchCriteriaId": "A9743AEC-093F-47A0-BA8A-7E76308D0152"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB44AB41-E006-489F-9C49-2DFA73EF01B2"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-219",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40051.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40051",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-18T15:15:09.060",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/openedge",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40052.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40052",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-18T15:15:09.247",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0\n\n.\u00a0\n\nAn attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server\u2019s remaining ability to process valid requests.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/openedge",
"source": "security@progress.com"
}
]
}

81
CVE-2023/CVE-2023-510xx/CVE-2023-51073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51073",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T03:15:10.710",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:05:25.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Un problema en Buffalo LS210D v.1.78-0.03 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del script de actualizaci\u00f3n de firmware en /etc/init.d/update_notifications.sh."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE4F37A-F2E5-45F4-A10C-CB92F4C9EF08"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:buffalo:ls210d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9960AF04-5AF3-408D-828C-FBDE6169C539"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/christopher-pace/CVE-2023-51073/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.buffalotech.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51984.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51984",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.790",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:34:34.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-822+ V1.0.2 conten\u00eda una inyecci\u00f3n de comando en la funci\u00f3n SetStaticRouteSettings. permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de shell."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51987.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51987",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.863",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:34:58.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords."
},
{
"lang": "es",
"value": "D-Link DIR-822+ V1.0.2 contiene una omisi\u00f3n de inicio de sesi\u00f3n en la interfaz HNAP1, que permite a los atacantes iniciar sesi\u00f3n en cuentas de administrador con contrase\u00f1as vac\u00edas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51989.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51989",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:53.920",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:35:15.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords."
},
{
"lang": "es",
"value": "D-Link DIR-822+ V1.0.2 contiene una omisi\u00f3n de inicio de sesi\u00f3n en la interfaz HNAP1, que permite a los atacantes iniciar sesi\u00f3n en cuentas de administrador con contrase\u00f1as vac\u00edas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-51xx/CVE-2023-5118.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5118",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-11T16:15:54.000",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:01:37.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content.\n\nReporters inform that the vulnerability has been removed in software versions above 11.1.x. Previous versions may also be vulnerable, but this has not been confirmed.\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n es vulnerable a cross site scripting (XSS) almacenado en el endpoint /sofer/DocumentService.asc/SaveAnnotation, donde los datos de entrada transmitidos a trav\u00e9s del m\u00e9todo POST en los par\u00e1metros author y text no se sanitizan ni validan adecuadamente. Esto permite la inyecci\u00f3n de c\u00f3digo JavaScript malicioso. La vulnerabilidad fue identificada en la funci\u00f3n para agregar nuevas anotaciones mientras se edita el contenido del documento. Los periodistas informan que la vulnerabilidad se ha eliminado en las versiones de software superiores a 11.1.x. Las versiones anteriores tambi\u00e9n pueden ser vulnerables, pero esto no ha sido confirmado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tungstenautomation:kofax_capture:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.0.0",
"matchCriteriaId": "2ADA7FFB-7510-4371-8151-3588E9F71272"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-5118/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-5118/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-56xx/CVE-2023-5691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5691",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:47.727",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:17:46.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collect.chat:chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.9",
"matchCriteriaId": "2C8BFB57-DF4A-47AF-9BA7-15252D284818"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000724%40collectchat%2Ftrunk&old=2983408%40collectchat%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-57xx/CVE-2023-5770.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5770",
"sourceIdentifier": "security@proofpoint.com",
"published": "2024-01-09T22:15:43.400",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:54:37.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n"
},
{
"lang": "es",
"value": "Proofpoint Enterprise Protection contiene una vulnerabilidad en el agente de entrega de correo electr\u00f3nico que permite a un atacante no autenticado inyectar HTML codificado incorrectamente en el cuerpo de un mensaje de correo electr\u00f3nico a trav\u00e9s del asunto del correo electr\u00f3nico. La vulnerabilidad se debe a una codificaci\u00f3n inadecuada al reescribir el correo electr\u00f3nico antes de la entrega. Este problema afecta a Proofpoint Enterprise Protection: desde 8.20.2 antes del parche 4809, desde 8.20.0 antes del parche 4805, desde 8.18.6 antes del parche 4804 y todas las dem\u00e1s versiones anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@proofpoint.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-838"
}
]
},
{
"source": "security@proofpoint.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E481ED5-1AC8-4FEA-9169-17CDE7AB93DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83C899EC-C3E7-4D34-8362-DEB40F16AD09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C22954AF-4D4E-4C9D-868A-62091BD57CC7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009",
"source": "security@proofpoint.com"
"source": "security@proofpoint.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-62xx/CVE-2023-6244.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6244",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T15:15:08.233",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:13:00.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento EventON - WordPress Virtual Event Calendar Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta 4.5.4 (Pro) y 2.2.8 (gratis), incluidas. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save_virtual_event_settings. Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n de eventos virtuales a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "E1574D07-2D5A-4157-80E0-113580C14106"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myeventon:eventon-lite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "4BC9A476-B0DE-4015-ABE4-C0E3938107E9"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.myeventon.com/documentations/eventon-changelog/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-67xx/CVE-2023-6776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6776",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:51.977",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:24:38.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3dflipbook:3d_flipbook:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.15.2",
"matchCriteriaId": "099994A5-5471-41C8-9142-958376F677D8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3014013/interactive-3d-flipbook-powered-physics-engine",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-67xx/CVE-2023-6781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6781",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.133",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:24:52.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10.26",
"matchCriteriaId": "791EE92A-AF5D-4DBE-8E54-8E291DA40BDF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L315",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L34",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3011567%40themeisle-companion%2Ftrunk&old=2991564%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23e39019-c322-4027-84f2-faabd9ca4983?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-67xx/CVE-2023-6782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6782",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.297",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:11:09.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magazine3:amp_for_wp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.92",
"matchCriteriaId": "03688531-2AE5-4FD1-8DA0-CA8A826EFD4C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.svn.wordpress.org/accelerated-mobile-pages/trunk/templates/features.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-68xx/CVE-2023-6875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6875",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.773",
"lastModified": "2024-01-11T22:15:45.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:11:25.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "69EA3FC7-5A83-43E1-A957-885559CA5C91"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L60",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-68xx/CVE-2023-6878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6878",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.940",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:34:53.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leechesnutt:slick_social_share_buttons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.11",
"matchCriteriaId": "61BC89F8-3A69-4694-B107-17C1B014EBEF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-68xx/CVE-2023-6882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6882",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:53.103",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:43:49.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3.8",
"matchCriteriaId": "1676B35D-B851-4FF3-A77C-95BF0236633E"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3010737/simple-membership",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-69xx/CVE-2023-6924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6924",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:53.253",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:42:06.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,26 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.18",
"matchCriteriaId": "10B19669-9D27-48C6-8C4E-A88EB50F5EB4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-69xx/CVE-2023-6938.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6938",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T15:15:08.410",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:57:39.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details."
},
{
"lang": "es",
"value": "El complemento Oxygen Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de un campo personalizado en todas las versiones hasta la 4.8 inclusive debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. NOTA: La versi\u00f3n 4.8.1 del complemento Oxygen Builder para WordPress aborda esta vulnerabilidad implementando un filtro opcional para proporcionar salida de escape para datos din\u00e1micos. Consulte https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data para obtener m\u00e1s detalles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:soflyy:oxygen:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.8.1",
"matchCriteriaId": "A487ADDF-15AC-4FD6-8DEE-FCD4E2B078E8"
}
]
}
]
}
],
"references": [
{
"url": "https://oxygenbuilder.com/oxygen-4-8-1-now-available/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-71xx/CVE-2023-7153.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-7153",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-01-18T15:15:09.430",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Macro-Bel: before V.1.0.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0041",
"source": "iletisim@usom.gov.tr"
}
]
}

59
CVE-2024/CVE-2024-04xx/CVE-2024-0408.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-18T16:15:08.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-158"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0408",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257689",
"source": "secalert@redhat.com"
}
]
}

36
CVE-2024/CVE-2024-04xx/CVE-2024-0409.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-18T16:15:08.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0409",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257690",
"source": "secalert@redhat.com"
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0461.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0461",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T17:15:09.780",
"lastModified": "2024-01-12T18:05:43.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:36:57.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Online Faculty Clearance 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo deactivate.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250566 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250566",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250566",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0462.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T18:15:46.687",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:37:50.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Online Faculty Clearance 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /production/designee_view_status.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250567."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250567",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250567",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0463.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T18:15:46.913",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:38:05.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Online Faculty Clearance 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /production/admin_view_info.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250568."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-04xx/CVE-2024-0467.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T20:15:47.177",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:38:31.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en code-projects Employee Profile Management System 1.0. Una funci\u00f3n desconocida del archivo edit_position_query.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento pos_name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250572."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carmelogarcia:employee_profile_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68758D37-72B5-4B1E-B3BA-0A0AF03657C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.250572",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250572",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-06xx/CVE-2024-0607.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0607",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.690",
"lastModified": "2024-01-18T16:15:08.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0607",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635",
"source": "secalert@redhat.com"
}
]
}

12
CVE-2024/CVE-2024-221xx/CVE-2024-22191.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22191",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T22:15:46.020",
"lastModified": "2024-01-16T23:12:38.473",
"lastModified": "2024-01-18T16:15:08.920",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 includes a fix for this issue. Users are advised to upgrade."
"value": "Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Avo es un framework para crear paneles de administraci\u00f3n para aplicaciones Ruby on Rails. Se encontr\u00f3 una vulnerabilidad de cross site scripting (XSS) almacenado en el campo key_value de Avo v3.2.3. Esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. El valor de key_value se inserta directamente en el c\u00f3digo HTML. En la versi\u00f3n actual de Avo (posiblemente tambi\u00e9n en versiones anteriores), el valor no se sanitiza adecuadamente antes de insertarlo en el c\u00f3digo HTML. Esta vulnerabilidad podr\u00eda usarse para robar informaci\u00f3n confidencial de las v\u00edctimas que podr\u00eda usarse para secuestrar las cuentas de las v\u00edctimas o redirigirlas a sitios web maliciosos. Avo 3.2.4 incluye una soluci\u00f3n para este problema. Se recomienda a los usuarios que actualicen."
}
],
"metrics": {
@ -51,6 +55,10 @@
"url": "https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h",
"source": "security-advisories@github.com"

53
CVE-2024/CVE-2024-221xx/CVE-2024-22199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22199",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T18:15:45.327",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T16:54:56.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -58,14 +78,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gofiber:django:*:*:*:*:*:go:*:*",
"versionEndExcluding": "3.1.9",
"matchCriteriaId": "882B64AE-AF35-454D-8D79-AC188A250E41"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-223xx/CVE-2024-22317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22317",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-18T14:15:07.970",
"lastModified": "2024-01-18T14:15:07.970",
"vulnStatus": "Received",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-225xx/CVE-2024-22548.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22548",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.623",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/5List/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22549.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22549",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.670",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cccbbbttt/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22568.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22568",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.717",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kayo-zjq/myc/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22591.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22591",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.763",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22592.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22592",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.813",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22593.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22593",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T15:15:09.853",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ysuzhangbin/cms2/blob/main/3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-226xx/CVE-2024-22699.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22699",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T16:15:09.020",
"lastModified": "2024-01-18T16:15:09.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/biantaibao/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

80
CVE-2024/CVE-2024-229xx/CVE-2024-22942.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-22942",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.857",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:15:47.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro hostName en la funci\u00f3n setWanCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-230xx/CVE-2024-23057.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-23057",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.943",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:16:24.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro tz en la funci\u00f3n setNtpCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-230xx/CVE-2024-23058.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-23058",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:55.997",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:16:50.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro pass en la funci\u00f3n setTr069Cfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-230xx/CVE-2024-23059.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-23059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.057",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:17:14.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro username en la funci\u00f3n setDdnsCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-230xx/CVE-2024-23060.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-23060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.110",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:17:35.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro ip en la funci\u00f3n setDmzCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-230xx/CVE-2024-23061.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-23061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T16:15:56.157",
"lastModified": "2024-01-11T16:34:20.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T15:18:14.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro de minute en la funci\u00f3n setScheduleCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-18T15:00:25.190108+00:00
2024-01-18T17:00:24.680887+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-18T14:49:49.540000+00:00
2024-01-18T16:54:56.383000+00:00
```
### Last Data Feed Release
@ -29,47 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236291
236306
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `15`
* [CVE-2023-5806](CVE-2023/CVE-2023-58xx/CVE-2023-5806.json) (`2024-01-18T13:15:08.770`)
* [CVE-2024-0669](CVE-2024/CVE-2024-06xx/CVE-2024-0669.json) (`2024-01-18T13:15:09.177`)
* [CVE-2024-22317](CVE-2024/CVE-2024-223xx/CVE-2024-22317.json) (`2024-01-18T14:15:07.970`)
* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-18T15:15:08.653`)
* [CVE-2021-33631](CVE-2021/CVE-2021-336xx/CVE-2021-33631.json) (`2024-01-18T15:15:08.860`)
* [CVE-2023-40051](CVE-2023/CVE-2023-400xx/CVE-2023-40051.json) (`2024-01-18T15:15:09.060`)
* [CVE-2023-40052](CVE-2023/CVE-2023-400xx/CVE-2023-40052.json) (`2024-01-18T15:15:09.247`)
* [CVE-2023-7153](CVE-2023/CVE-2023-71xx/CVE-2023-7153.json) (`2024-01-18T15:15:09.430`)
* [CVE-2024-22548](CVE-2024/CVE-2024-225xx/CVE-2024-22548.json) (`2024-01-18T15:15:09.623`)
* [CVE-2024-22549](CVE-2024/CVE-2024-225xx/CVE-2024-22549.json) (`2024-01-18T15:15:09.670`)
* [CVE-2024-22568](CVE-2024/CVE-2024-225xx/CVE-2024-22568.json) (`2024-01-18T15:15:09.717`)
* [CVE-2024-22591](CVE-2024/CVE-2024-225xx/CVE-2024-22591.json) (`2024-01-18T15:15:09.763`)
* [CVE-2024-22592](CVE-2024/CVE-2024-225xx/CVE-2024-22592.json) (`2024-01-18T15:15:09.813`)
* [CVE-2024-22593](CVE-2024/CVE-2024-225xx/CVE-2024-22593.json) (`2024-01-18T15:15:09.853`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-18T16:15:08.380`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-18T16:15:08.593`)
* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-18T16:15:08.690`)
* [CVE-2024-22699](CVE-2024/CVE-2024-226xx/CVE-2024-22699.json) (`2024-01-18T16:15:09.020`)
### CVEs modified in the last Commit
Recently modified CVEs: `68`
Recently modified CVEs: `35`
* [CVE-2023-38610](CVE-2023/CVE-2023-386xx/CVE-2023-38610.json) (`2024-01-18T14:34:34.800`)
* [CVE-2023-32436](CVE-2023/CVE-2023-324xx/CVE-2023-32436.json) (`2024-01-18T14:35:09.270`)
* [CVE-2023-32424](CVE-2023/CVE-2023-324xx/CVE-2023-32424.json) (`2024-01-18T14:44:50.053`)
* [CVE-2023-32401](CVE-2023/CVE-2023-324xx/CVE-2023-32401.json) (`2024-01-18T14:45:33.753`)
* [CVE-2023-32383](CVE-2023/CVE-2023-323xx/CVE-2023-32383.json) (`2024-01-18T14:46:30.137`)
* [CVE-2023-32378](CVE-2023/CVE-2023-323xx/CVE-2023-32378.json) (`2024-01-18T14:47:06.280`)
* [CVE-2023-32366](CVE-2023/CVE-2023-323xx/CVE-2023-32366.json) (`2024-01-18T14:48:05.697`)
* [CVE-2023-28197](CVE-2023/CVE-2023-281xx/CVE-2023-28197.json) (`2024-01-18T14:49:49.540`)
* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-18T13:12:45.593`)
* [CVE-2024-0565](CVE-2024/CVE-2024-05xx/CVE-2024-0565.json) (`2024-01-18T13:15:09.000`)
* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-18T13:20:45.647`)
* [CVE-2024-0655](CVE-2024/CVE-2024-06xx/CVE-2024-0655.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0381](CVE-2024/CVE-2024-03xx/CVE-2024-0381.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0580](CVE-2024/CVE-2024-05xx/CVE-2024-0580.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0650](CVE-2024/CVE-2024-06xx/CVE-2024-0650.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-22416](CVE-2024/CVE-2024-224xx/CVE-2024-22416.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0651](CVE-2024/CVE-2024-06xx/CVE-2024-0651.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0652](CVE-2024/CVE-2024-06xx/CVE-2024-0652.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0654](CVE-2024/CVE-2024-06xx/CVE-2024-0654.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-0648](CVE-2024/CVE-2024-06xx/CVE-2024-0648.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-0649](CVE-2024/CVE-2024-06xx/CVE-2024-0649.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-18T13:48:07.553`)
* [CVE-2023-37932](CVE-2023/CVE-2023-379xx/CVE-2023-37932.json) (`2024-01-18T15:50:39.943`)
* [CVE-2023-5770](CVE-2023/CVE-2023-57xx/CVE-2023-5770.json) (`2024-01-18T15:54:37.647`)
* [CVE-2023-6938](CVE-2023/CVE-2023-69xx/CVE-2023-6938.json) (`2024-01-18T15:57:39.827`)
* [CVE-2023-5118](CVE-2023/CVE-2023-51xx/CVE-2023-5118.json) (`2024-01-18T16:01:37.653`)
* [CVE-2023-6782](CVE-2023/CVE-2023-67xx/CVE-2023-6782.json) (`2024-01-18T16:11:09.587`)
* [CVE-2023-6875](CVE-2023/CVE-2023-68xx/CVE-2023-6875.json) (`2024-01-18T16:11:25.827`)
* [CVE-2023-6244](CVE-2023/CVE-2023-62xx/CVE-2023-6244.json) (`2024-01-18T16:13:00.490`)
* [CVE-2023-6776](CVE-2023/CVE-2023-67xx/CVE-2023-6776.json) (`2024-01-18T16:24:38.070`)
* [CVE-2023-6781](CVE-2023/CVE-2023-67xx/CVE-2023-6781.json) (`2024-01-18T16:24:52.810`)
* [CVE-2023-6878](CVE-2023/CVE-2023-68xx/CVE-2023-6878.json) (`2024-01-18T16:34:53.617`)
* [CVE-2023-6924](CVE-2023/CVE-2023-69xx/CVE-2023-6924.json) (`2024-01-18T16:42:06.183`)
* [CVE-2023-6882](CVE-2023/CVE-2023-68xx/CVE-2023-6882.json) (`2024-01-18T16:43:49.213`)
* [CVE-2024-22942](CVE-2024/CVE-2024-229xx/CVE-2024-22942.json) (`2024-01-18T15:15:47.273`)
* [CVE-2024-23057](CVE-2024/CVE-2024-230xx/CVE-2024-23057.json) (`2024-01-18T15:16:24.097`)
* [CVE-2024-23058](CVE-2024/CVE-2024-230xx/CVE-2024-23058.json) (`2024-01-18T15:16:50.140`)
* [CVE-2024-23059](CVE-2024/CVE-2024-230xx/CVE-2024-23059.json) (`2024-01-18T15:17:14.453`)
* [CVE-2024-23060](CVE-2024/CVE-2024-230xx/CVE-2024-23060.json) (`2024-01-18T15:17:35.587`)
* [CVE-2024-23061](CVE-2024/CVE-2024-230xx/CVE-2024-23061.json) (`2024-01-18T15:18:14.357`)
* [CVE-2024-0461](CVE-2024/CVE-2024-04xx/CVE-2024-0461.json) (`2024-01-18T15:36:57.897`)
* [CVE-2024-0462](CVE-2024/CVE-2024-04xx/CVE-2024-0462.json) (`2024-01-18T15:37:50.997`)
* [CVE-2024-0463](CVE-2024/CVE-2024-04xx/CVE-2024-0463.json) (`2024-01-18T15:38:05.047`)
* [CVE-2024-0467](CVE-2024/CVE-2024-04xx/CVE-2024-0467.json) (`2024-01-18T15:38:31.063`)
* [CVE-2024-22317](CVE-2024/CVE-2024-223xx/CVE-2024-22317.json) (`2024-01-18T15:50:54.810`)
* [CVE-2024-22191](CVE-2024/CVE-2024-221xx/CVE-2024-22191.json) (`2024-01-18T16:15:08.920`)
* [CVE-2024-22199](CVE-2024/CVE-2024-221xx/CVE-2024-22199.json) (`2024-01-18T16:54:56.383`)
## Download and Usage