diff --git a/CVE-2020/CVE-2020-92xx/CVE-2020-9294.json b/CVE-2020/CVE-2020-92xx/CVE-2020-9294.json index 12b6393ebf1..74c4fa2ef27 100644 --- a/CVE-2020/CVE-2020-92xx/CVE-2020-9294.json +++ b/CVE-2020/CVE-2020-92xx/CVE-2020-9294.json @@ -2,7 +2,7 @@ "id": "CVE-2020-9294", "sourceIdentifier": "psirt@fortinet.com", "published": "2020-04-27T17:15:13.593", - "lastModified": "2020-05-04T14:22:31.947", + "lastModified": "2024-01-18T15:48:06.043", "vulnStatus": "Analyzed", "descriptions": [ { @@ -104,10 +104,10 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*", + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndIncluding": "6.0.1", - "matchCriteriaId": "4F76CD15-B690-4850-9FE2-34B463E1C390" + "matchCriteriaId": "28A42A3E-FBA6-4A68-AD2B-7CFFBDCF1E49" } ] } diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json new file mode 100644 index 00000000000..f3c432671b7 --- /dev/null +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33630.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2021-33630", + "sourceIdentifier": "securities@openeuler.org", + "published": "2024-01-18T15:15:08.653", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.\n\nThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "securities@openeuler.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "securities@openeuler.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/src-openeuler/kernel/pulls/1389", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031", + "source": "securities@openeuler.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json new file mode 100644 index 00000000000..78774876dbd --- /dev/null +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33631.json @@ -0,0 +1,83 @@ +{ + "id": "CVE-2021-33631", + "sourceIdentifier": "securities@openeuler.org", + "published": "2024-01-18T15:15:08.860", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "securities@openeuler.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "securities@openeuler.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/src-openeuler/kernel/pulls/1389", + "source": "securities@openeuler.org" + }, + { + "url": "https://gitee.com/src-openeuler/kernel/pulls/1396", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034", + "source": "securities@openeuler.org" + }, + { + "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035", + "source": "securities@openeuler.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42755.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42755.json index a8fa37afb08..8e1941c52b7 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42755.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42755.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42755", "sourceIdentifier": "psirt@fortinet.com", "published": "2022-07-18T17:15:08.413", - "lastModified": "2022-07-25T18:33:51.503", + "lastModified": "2024-01-18T15:48:06.043", "vulnStatus": "Analyzed", "descriptions": [ { @@ -112,208 +112,208 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "0888B66F-A7CD-43C0-A58C-7C7B5CB61E32" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "53151CA2-647D-4E40-9247-C0F4E6CB680B" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "1267C642-21DA-4236-B408-2D7A6C47725E" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "AA5C8467-1765-434E-8C11-65D3139459EE" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "6BF4DEDB-7B4C-44D2-A52A-AB6FFB714923" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "9D9ECD0B-C46E-485B-AA41-40B9C2A90547" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "6CB7B6AA-3429-4F48-B00B-8E3B9D7C1F92" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "EC948E98-B48D-499B-8FD1-4B75754D2B78" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "10AE2187-5E11-47AB-973C-B5BC0D88A12E" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "668FED55-7378-487E-BE00-C33A45076F02" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "CA0A44A9-3442-4F91-9555-BB58126147DE" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "787C3018-40FA-415C-AF4C-D178AC4FB65E" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "E4CE7424-1BBE-40F8-BBE6-7A2DC105861A" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "4F35AB98-B0CD-4B04-992E-087054FCF91F" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "87F3070D-EF6C-41A3-9454-1438AE4010E7" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "91BF8703-2835-4895-A347-74B6E9A2FA30" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "88AF5CCB-1F8B-4486-BBAD-C36010531DF5" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "C94723AB-6BBE-4F5E-9560-5ECBE3A809A1" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "F0CBD02E-D8C8-4317-9D99-A3FF37D24ED1" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:*:*:*:*", + "matchCriteriaId": "E13ECB66-4AC4-4C1F-92DE-9C8788DD5379" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "5587891C-1B8E-458C-B25A-F05B9D9E8D1F" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "640AC3C4-9529-4796-A2B7-E15C9AB520DB" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "4DCA946D-0592-41A2-90AE-E369EE519C90" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:*:*:*:*", + "matchCriteriaId": "11C09ED8-BEDB-4EAA-B55B-CD8F81FC74CF" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "2D908680-0783-42B6-B3BD-4C0A308E8761" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "4C31FB79-990A-403F-8479-A531837C7A79" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "886C8BA2-F4BB-41C5-B02C-47894AADAEDF" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "BBFE82DC-E7BF-440A-A91E-00E5E4613592" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "608E77FF-2455-490A-82D5-89CD61C2F87A" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "67411CD4-56F9-4300-BA76-87227EE5CB5C" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "E7586076-0E03-493E-9709-0FC5593C1748" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "B7AE39C3-77E7-4BF0-AEA7-186A12DDC965" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "39A4F586-FE43-4541-BEF9-A16C4AFC303F" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:*:*:*:*", + "matchCriteriaId": "C49169A3-E7D2-4A4F-8729-551CCB33452A" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "7E3B5009-DEE8-4495-855E-3DD83C571654" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC7D4A9-9143-4055-BAA2-E6093B5ED085" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "C7A28BEC-BE96-4F25-951D-0C9FE9468CAB" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:*:*:*:*", + "matchCriteriaId": "280D0F29-9BBC-4F39-91D3-C26EBAEEFC4D" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "78A7AF72-EAFF-4965-BD5F-0562C382B480" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:*:*:*:*", + "matchCriteriaId": "47E2D164-490D-40F2-925B-C1DF2D8905F7" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "7B79EBCE-9630-4C62-B80F-D227488BFEFE" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:*:*:*:*", + "matchCriteriaId": "17FA9D1F-22C3-4B66-89C9-68EF40D7B128" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "85B5F42D-1516-435F-AE53-45DE12969E17" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:*:*:*:*", + "matchCriteriaId": "294F7FEE-D8A0-4B6A-ACF4-539F558BAAF0" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "A36D152F-EC56-45B1-B95E-E845E1A461EC" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:*:*:*:*", + "matchCriteriaId": "DE63E91F-43C9-4878-8ABF-43D6FA243B6E" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "416E9D59-6789-47BD-9134-61090A7C64B3" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:*:*:*:*", + "matchCriteriaId": "21E72112-DD6F-4F04-B7A6-32F4A3CD652C" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "A70B9B11-2356-42BB-A844-67EF50D0FF0E" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:*:*:*:*", + "matchCriteriaId": "0E46A71A-CC32-4FB9-B291-9D5213F2512B" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "F5EF3FD7-29F5-4A1A-8813-4F092E937B24" + "criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:*:*:*:*", + "matchCriteriaId": "86D2A710-4758-4B86-82C8-D3DDFD082935" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "49C799EE-B97A-46FA-AB96-BAC8F19356F0" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C717350D-43D2-41A4-9AA9-F8EA4F5480CD" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "ED9D0634-3837-4E8D-B288-34DE8BD218FA" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4FDD21BC-FD00-4CF5-B093-1E6E9DAC9613" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "457DBF75-805F-4BD1-B931-8220403BC216" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C68C2594-036C-40E0-BAC5-78945229746C" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "3ABFEC5E-61DA-4AC3-BD32-811F24B4C213" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2917F59F-366B-434E-9CCB-1B734396932A" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "20EE0E01-C635-4D60-815B-568DDB002F37" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D1139A66-DE22-4D31-A17F-E0A7BB4111D0" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "695FC3A2-2B80-4CCC-8D27-B323B8000D1A" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "DC8B76AF-0BF0-4283-90B1-48D877CF69A9" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "EBCFB41A-AAF3-4BF9-BBE4-C384E2D9AAE5" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "DDC98DF7-9441-4F7B-9B01-36A5F63BD401" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "D6C2FB81-5FAF-40A8-8226-2DF9AB35A131" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA095F4-1B52-40B2-ADFE-19699C2F9E6C" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "FCB4228F-2CDF-4ADE-98EB-AE5E4F608929" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", + "matchCriteriaId": "0BF91792-6CFF-4069-826D-E252CF9CFB84" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "6165F4CD-505E-4099-8CA0-1B50ED0132D6" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "41C9826B-C2E2-4A10-AC6F-CDFDBE837049" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "A9222D3A-8DC2-4F30-B778-15114F29F32E" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "065C0602-8785-404F-8DD5-EC884F0AC372" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "4E97E260-2B64-4791-885D-8643DA1B05F1" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9BD90D01-091F-42BC-AC76-45A582873EDF" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "31DFF0A5-4CBE-48EA-B489-EE049F532CB0" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9B920B4C-96A2-4341-8F19-8E08A583FEAE" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "E7AEBE9E-1231-4F29-85C1-D9B46D6DE6F2" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "9E9E1371-6C7B-4E98-B34A-9D03C6636CCD" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:entreprise:*:*:*", - "matchCriteriaId": "140FF97C-C8C7-46F9-8EA4-3AE9BEF35672" + "criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "148EFCE2-1EBA-4673-98D2-86095564B727" }, { "vulnerable": true, diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42757.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42757.json index 7b399d4f0be..39778746ae0 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42757.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42757.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42757", "sourceIdentifier": "psirt@fortinet.com", "published": "2021-12-08T11:15:11.840", - "lastModified": "2023-08-29T19:49:23.853", + "lastModified": "2024-01-18T15:48:06.043", "vulnStatus": "Analyzed", "descriptions": [ { @@ -214,17 +214,17 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*", + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndIncluding": "6.0.10", - "matchCriteriaId": "09D2F101-1B67-454C-B21B-28C86F8569FC" + "matchCriteriaId": "70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*", + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.0", "versionEndIncluding": "6.4.4", - "matchCriteriaId": "CB5B77BB-A4A5-4E46-9FF6-A8686570E0D1" + "matchCriteriaId": "E8611A25-64A1-4BCE-AA46-E47DFD607CB2" }, { "vulnerable": true, diff --git a/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json b/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json index 9d6ce534857..951c4fc232f 100644 --- a/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json +++ b/CVE-2022/CVE-2022-274xx/CVE-2022-27488.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27488", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-12-13T07:15:10.910", - "lastModified": "2023-12-13T13:35:21.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:48:06.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -50,10 +80,145 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "19BD18D1-18D4-4D01-BF20-63458D0B20DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "649E0260-0770-4D6A-A679-8862D7039A08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.12", + "matchCriteriaId": "01F784BF-4F89-4938-9150-F911E3EB6CD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.9", + "matchCriteriaId": "AEDC7EE8-084C-4F9E-A510-E283FCDF9832" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.6", + "matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.3", + "matchCriteriaId": "3680FCC2-6397-4726-AA94-902C3831EDD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.4", + "matchCriteriaId": "7E091862-662E-40F0-9D53-6F9B898115BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "888692FD-3219-49D3-898C-F4EA84CCC6CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndIncluding": "2.6.3", + "matchCriteriaId": "78EA72E6-DBA2-4E76-AF17-7AC63D542241" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndIncluding": "2.7.7", + "matchCriteriaId": "4A18D3F0-FED4-49D1-BD14-C57875D48190" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.11", + "matchCriteriaId": "BAED4521-DF4F-4CCA-82CE-9FAC7BC95391" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.2", + "matchCriteriaId": "C8252967-27EB-4596-A1BF-673DE66B77BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.11", + "matchCriteriaId": "D3AE050D-F16C-4FA4-B1F3-54708C8BDC4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.7", + "matchCriteriaId": "FCD41EBB-A032-40F1-85F9-E2640DD7F448" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.7", + "matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.7", + "matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.10", + "matchCriteriaId": "4EAE583E-5D26-4224-AB58-DC3E4A6EA505" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.4", + "matchCriteriaId": "2681D458-EE55-478D-92D1-C6BB7BB3BAC4" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-22-038", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28439.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28439.json index 302b0d5dc8b..5ecf9bcb25c 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28439.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28439", "sourceIdentifier": "security-advisories@github.com", "published": "2023-03-22T21:15:18.607", - "lastModified": "2023-11-03T21:15:13.613", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-18T15:11:43.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -64,6 +64,16 @@ "value": "CWE-79" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ @@ -83,6 +93,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] } ], "references": [ @@ -109,15 +144,26 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json index ead45afbf6d..c6422979651 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37932", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:45.570", - "lastModified": "2024-01-11T13:57:35.163", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:50:39.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -40,7 +60,7 @@ }, "weaknesses": [ { - "source": "psirt@fortinet.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -48,12 +68,56 @@ "value": "CWE-22" } ] + }, + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.12", + "matchCriteriaId": "C0B44874-E530-40B9-92F5-03667CFB9F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndExcluding": "6.4.8", + "matchCriteriaId": "A9743AEC-093F-47A0-BA8A-7E76308D0152" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB44AB41-E006-489F-9C49-2DFA73EF01B2" + } + ] + } + ] } ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-219", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json new file mode 100644 index 00000000000..b03821e7412 --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40051.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40051", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-18T15:15:09.060", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport", + "source": "security@progress.com" + }, + { + "url": "https://www.progress.com/openedge", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json new file mode 100644 index 00000000000..965475698e3 --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40052.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40052", + "sourceIdentifier": "security@progress.com", + "published": "2024-01-18T15:15:09.247", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0\n\n.\u00a0\n\nAn attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server\u2019s remaining ability to process valid requests.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport", + "source": "security@progress.com" + }, + { + "url": "https://www.progress.com/openedge", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json index 91e8dc7b083..9cf1f1d8a14 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51073", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T03:15:10.710", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:05:25.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "Un problema en Buffalo LS210D v.1.78-0.03 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del script de actualizaci\u00f3n de firmware en /etc/init.d/update_notifications.sh." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:*:*:*:*:*:*:*", + "matchCriteriaId": "FBE4F37A-F2E5-45F4-A10C-CB92F4C9EF08" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:buffalo:ls210d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9960AF04-5AF3-408D-828C-FBDE6169C539" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/christopher-pace/CVE-2023-51073/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.buffalotech.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51984.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51984.json index 09bcfeb0389..ffb7a29f656 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51984.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51984.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51984", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:53.790", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:34:34.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que D-Link DIR-822+ V1.0.2 conten\u00eda una inyecci\u00f3n de comando en la funci\u00f3n SetStaticRouteSettings. permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de shell." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51987.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51987.json index 444817dc001..51e43610ca6 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51987.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51987.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51987", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:53.863", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:34:58.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords." + }, + { + "lang": "es", + "value": "D-Link DIR-822+ V1.0.2 contiene una omisi\u00f3n de inicio de sesi\u00f3n en la interfaz HNAP1, que permite a los atacantes iniciar sesi\u00f3n en cuentas de administrador con contrase\u00f1as vac\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51989.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51989.json index 2697a3a7cff..c47026fffb9 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51989.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51989.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51989", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:53.920", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:35:15.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords." + }, + { + "lang": "es", + "value": "D-Link DIR-822+ V1.0.2 contiene una omisi\u00f3n de inicio de sesi\u00f3n en la interfaz HNAP1, que permite a los atacantes iniciar sesi\u00f3n en cuentas de administrador con contrase\u00f1as vac\u00edas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-822_firmware:1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2CE95A9E-D74A-4054-AC64-2E84B2AA68BB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5118.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5118.json index b2b1080b515..b86468f06ed 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5118.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5118.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5118", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-11T16:15:54.000", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:01:37.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content.\n\nReporters inform that the vulnerability has been removed in software versions above 11.1.x. Previous versions may also be vulnerable, but this has not been confirmed.\n" + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n es vulnerable a cross site scripting (XSS) almacenado en el endpoint /sofer/DocumentService.asc/SaveAnnotation, donde los datos de entrada transmitidos a trav\u00e9s del m\u00e9todo POST en los par\u00e1metros author y text no se sanitizan ni validan adecuadamente. Esto permite la inyecci\u00f3n de c\u00f3digo JavaScript malicioso. La vulnerabilidad fue identificada en la funci\u00f3n para agregar nuevas anotaciones mientras se edita el contenido del documento. Los periodistas informan que la vulnerabilidad se ha eliminado en las versiones de software superiores a 11.1.x. Las versiones anteriores tambi\u00e9n pueden ser vulnerables, pero esto no ha sido confirmado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tungstenautomation:kofax_capture:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.0.0", + "matchCriteriaId": "2ADA7FFB-7510-4371-8151-3588E9F71272" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-5118/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-5118/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json index c6cb99a00be..3bc1ceeab18 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5691", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.727", - "lastModified": "2024-01-11T13:57:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:17:46.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collect.chat:chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.9", + "matchCriteriaId": "2C8BFB57-DF4A-47AF-9BA7-15252D284818" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000724%40collectchat%2Ftrunk&old=2983408%40collectchat%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5770.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5770.json index 6841c9f20e9..d1979f08187 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5770.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5770.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5770", "sourceIdentifier": "security@proofpoint.com", "published": "2024-01-09T22:15:43.400", - "lastModified": "2024-01-10T01:21:28.543", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:54:37.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n" + }, + { + "lang": "es", + "value": "Proofpoint Enterprise Protection contiene una vulnerabilidad en el agente de entrega de correo electr\u00f3nico que permite a un atacante no autenticado inyectar HTML codificado incorrectamente en el cuerpo de un mensaje de correo electr\u00f3nico a trav\u00e9s del asunto del correo electr\u00f3nico. La vulnerabilidad se debe a una codificaci\u00f3n inadecuada al reescribir el correo electr\u00f3nico antes de la entrega. Este problema afecta a Proofpoint Enterprise Protection: desde 8.20.2 antes del parche 4809, desde 8.20.0 antes del parche 4805, desde 8.18.6 antes del parche 4804 y todas las dem\u00e1s versiones anteriores." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security@proofpoint.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-838" + } + ] + }, { "source": "security@proofpoint.com", "type": "Secondary", @@ -46,10 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7E481ED5-1AC8-4FEA-9169-17CDE7AB93DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:*:*:*:*:*:*:*", + "matchCriteriaId": "83C899EC-C3E7-4D34-8362-DEB40F16AD09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C22954AF-4D4E-4C9D-868A-62091BD57CC7" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009", - "source": "security@proofpoint.com" + "source": "security@proofpoint.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6244.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6244.json index 19c1a063c4a..14aace75932 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6244.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6244.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6244", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T15:15:08.233", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:13:00.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento EventON - WordPress Virtual Event Calendar Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta 4.5.4 (Pro) y 2.2.8 (gratis), incluidas. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save_virtual_event_settings. Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n de eventos virtuales a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.5.5", + "matchCriteriaId": "E1574D07-2D5A-4157-80E0-113580C14106" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myeventon:eventon-lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.9", + "matchCriteriaId": "4BC9A476-B0DE-4015-ABE4-C0E3938107E9" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.myeventon.com/documentations/eventon-changelog/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json index c65137e24c0..d3ce3c0a2ad 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6776", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.977", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:24:38.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:3dflipbook:3d_flipbook:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.15.2", + "matchCriteriaId": "099994A5-5471-41C8-9142-958376F677D8" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3014013/interactive-3d-flipbook-powered-physics-engine", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json index 2f2bff469a2..6f2adc6f8f0 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6781", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.133", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:24:52.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.10.26", + "matchCriteriaId": "791EE92A-AF5D-4DBE-8E54-8E291DA40BDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L315", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L34", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3011567%40themeisle-companion%2Ftrunk&old=2991564%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23e39019-c322-4027-84f2-faabd9ca4983?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json index ce40123d938..f2b6b5ae087 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6782", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.297", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:11:09.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magazine3:amp_for_wp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.92", + "matchCriteriaId": "03688531-2AE5-4FD1-8DA0-CA8A826EFD4C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.svn.wordpress.org/accelerated-mobile-pages/trunk/templates/features.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json index d47726b05ca..6acf454459e 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6875", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.773", - "lastModified": "2024-01-11T22:15:45.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:11:25.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.7", + "matchCriteriaId": "69EA3FC7-5A83-43E1-A957-885559CA5C91" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L60", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json index 85205bc061c..929978ae3f7 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6878", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.940", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:34:53.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:leechesnutt:slick_social_share_buttons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.11", + "matchCriteriaId": "61BC89F8-3A69-4694-B107-17C1B014EBEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json index c984d91dd99..3e31c15630f 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6882", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.103", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:43:49.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.3.8", + "matchCriteriaId": "1676B35D-B851-4FF3-A77C-95BF0236633E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3010737/simple-membership", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json index 0efeb2bf6b8..567f3b7d6db 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6924", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.253", - "lastModified": "2024-01-11T13:57:09.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:42:06.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,26 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.18", + "matchCriteriaId": "10B19669-9D27-48C6-8C4E-A88EB50F5EB4" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6938.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6938.json index ee933bad95a..07818173eb1 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6938.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6938.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6938", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T15:15:08.410", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:57:39.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details." + }, + { + "lang": "es", + "value": "El complemento Oxygen Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de un campo personalizado en todas las versiones hasta la 4.8 inclusive debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. NOTA: La versi\u00f3n 4.8.1 del complemento Oxygen Builder para WordPress aborda esta vulnerabilidad implementando un filtro opcional para proporcionar salida de escape para datos din\u00e1micos. Consulte https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data para obtener m\u00e1s detalles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soflyy:oxygen:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.8.1", + "matchCriteriaId": "A487ADDF-15AC-4FD6-8DEE-FCD4E2B078E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://oxygenbuilder.com/oxygen-4-8-1-now-available/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7153.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7153.json new file mode 100644 index 00000000000..503eca187f2 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7153.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-7153", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-01-18T15:15:09.430", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Macro-Bel: before V.1.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0041", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json new file mode 100644 index 00000000000..f67b9337a4c --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0408.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0408", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-18T16:15:08.380", + "lastModified": "2024-01-18T16:15:08.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-158" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0408", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257689", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json new file mode 100644 index 00000000000..fa4f6e04aab --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0409.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2024-0409", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-18T16:15:08.593", + "lastModified": "2024-01-18T16:15:08.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0409", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257690", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0461.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0461.json index 7d7c7e0ee80..c7bbb57e15a 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0461.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0461.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0461", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T17:15:09.780", - "lastModified": "2024-01-12T18:05:43.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:36:57.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Online Faculty Clearance 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo deactivate.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250566 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250566", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250566", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0462.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0462.json index da28d01f193..7a5e4ca532e 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0462.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0462.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0462", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T18:15:46.687", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:37:50.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Online Faculty Clearance 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /production/designee_view_status.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250567." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250567", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250567", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0463.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0463.json index 40d6821ea25..3612fdfd42e 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0463.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0463.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0463", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T18:15:46.913", - "lastModified": "2024-01-12T19:21:49.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:38:05.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Online Faculty Clearance 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /production/admin_view_info.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento haydi conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250568." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA6BE7A-83D1-44E8-AA59-6D9F339CDAA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250568", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250568", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0467.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0467.json index 428ea46189d..6999724df3b 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0467.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0467.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0467", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-12T20:15:47.177", - "lastModified": "2024-01-14T21:42:17.123", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:38:31.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en code-projects Employee Profile Management System 1.0. Una funci\u00f3n desconocida del archivo edit_position_query.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento pos_name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250572." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:carmelogarcia:employee_profile_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "68758D37-72B5-4B1E-B3BA-0A0AF03657C3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.250572", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.250572", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json new file mode 100644 index 00000000000..333ed50ccba --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0607.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0607", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-18T16:15:08.690", + "lastModified": "2024-01-18T16:15:08.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0607", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22191.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22191.json index f6315f904cd..333da63c21f 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22191.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22191.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22191", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-16T22:15:46.020", - "lastModified": "2024-01-16T23:12:38.473", + "lastModified": "2024-01-18T16:15:08.920", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 includes a fix for this issue. Users are advised to upgrade." + "value": "Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade." + }, + { + "lang": "es", + "value": "Avo es un framework para crear paneles de administraci\u00f3n para aplicaciones Ruby on Rails. Se encontr\u00f3 una vulnerabilidad de cross site scripting (XSS) almacenado en el campo key_value de Avo v3.2.3. Esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. El valor de key_value se inserta directamente en el c\u00f3digo HTML. En la versi\u00f3n actual de Avo (posiblemente tambi\u00e9n en versiones anteriores), el valor no se sanitiza adecuadamente antes de insertarlo en el c\u00f3digo HTML. Esta vulnerabilidad podr\u00eda usarse para robar informaci\u00f3n confidencial de las v\u00edctimas que podr\u00eda usarse para secuestrar las cuentas de las v\u00edctimas o redirigirlas a sitios web maliciosos. Avo 3.2.4 incluye una soluci\u00f3n para este problema. Se recomienda a los usuarios que actualicen." } ], "metrics": { @@ -51,6 +55,10 @@ "url": "https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347", "source": "security-advisories@github.com" }, + { + "url": "https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22199.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22199.json index 629a7fd7cc2..984047f22ee 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22199.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22199.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22199", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T18:15:45.327", - "lastModified": "2024-01-12T13:47:31.250", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T16:54:56.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -58,14 +78,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gofiber:django:*:*:*:*:*:go:*:*", + "versionEndExcluding": "3.1.9", + "matchCriteriaId": "882B64AE-AF35-454D-8D79-AC188A250E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22317.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22317.json index 9d4d493ce66..4aed537a50e 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22317.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22317.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22317", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-18T14:15:07.970", - "lastModified": "2024-01-18T14:15:07.970", - "vulnStatus": "Received", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22548.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22548.json new file mode 100644 index 00000000000..86b63b912a2 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22548.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22548", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.623", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/5List/cms/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json new file mode 100644 index 00000000000..a07a43d185d --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22549", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.670", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/cccbbbttt/cms/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json new file mode 100644 index 00000000000..d1cd4465ecb --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22568", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.717", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/kayo-zjq/myc/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json new file mode 100644 index 00000000000..1657d724362 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22591", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.763", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ysuzhangbin/cms2/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22592.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22592.json new file mode 100644 index 00000000000..e45d6975831 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22592.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22592", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.813", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ysuzhangbin/cms2/blob/main/2.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22593.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22593.json new file mode 100644 index 00000000000..9ec7eb3a4c2 --- /dev/null +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22593.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22593", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T15:15:09.853", + "lastModified": "2024-01-18T15:50:54.810", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ysuzhangbin/cms2/blob/main/3.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json new file mode 100644 index 00000000000..f9e20d7e107 --- /dev/null +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22699.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22699", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-18T16:15:09.020", + "lastModified": "2024-01-18T16:15:09.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/biantaibao/cms/blob/main/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22942.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22942.json index 247adc5d13d..56fbc490f9b 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22942.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22942.json @@ -2,19 +2,91 @@ "id": "CVE-2024-22942", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:55.857", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:15:47.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro hostName en la funci\u00f3n setWanCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23057.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23057.json index 101699cb917..a9f509a24aa 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23057.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23057.json @@ -2,19 +2,91 @@ "id": "CVE-2024-23057", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:55.943", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:16:24.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro tz en la funci\u00f3n setNtpCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23058.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23058.json index 171a397b875..1ee784f3e78 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23058.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23058.json @@ -2,19 +2,91 @@ "id": "CVE-2024-23058", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:55.997", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:16:50.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro pass en la funci\u00f3n setTr069Cfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23059.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23059.json index fb1e9423a70..3a4a7418e72 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23059.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23059.json @@ -2,19 +2,91 @@ "id": "CVE-2024-23059", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:56.057", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:17:14.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro username en la funci\u00f3n setDdnsCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23060.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23060.json index 0bf035c7cd2..71a014fa24d 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23060.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23060.json @@ -2,19 +2,91 @@ "id": "CVE-2024-23060", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:56.110", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:17:35.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro ip en la funci\u00f3n setDmzCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23061.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23061.json index 0e10fe0f0cd..d748e6caffa 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23061.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23061.json @@ -2,19 +2,91 @@ "id": "CVE-2024-23061", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T16:15:56.157", - "lastModified": "2024-01-11T16:34:20.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-18T15:18:14.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro de minute en la funci\u00f3n setScheduleCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", + "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d55757757a6..af3c1cb4230 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-18T15:00:25.190108+00:00 +2024-01-18T17:00:24.680887+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-18T14:49:49.540000+00:00 +2024-01-18T16:54:56.383000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236291 +236306 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `15` -* [CVE-2023-5806](CVE-2023/CVE-2023-58xx/CVE-2023-5806.json) (`2024-01-18T13:15:08.770`) -* [CVE-2024-0669](CVE-2024/CVE-2024-06xx/CVE-2024-0669.json) (`2024-01-18T13:15:09.177`) -* [CVE-2024-22317](CVE-2024/CVE-2024-223xx/CVE-2024-22317.json) (`2024-01-18T14:15:07.970`) +* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-18T15:15:08.653`) +* [CVE-2021-33631](CVE-2021/CVE-2021-336xx/CVE-2021-33631.json) (`2024-01-18T15:15:08.860`) +* [CVE-2023-40051](CVE-2023/CVE-2023-400xx/CVE-2023-40051.json) (`2024-01-18T15:15:09.060`) +* [CVE-2023-40052](CVE-2023/CVE-2023-400xx/CVE-2023-40052.json) (`2024-01-18T15:15:09.247`) +* [CVE-2023-7153](CVE-2023/CVE-2023-71xx/CVE-2023-7153.json) (`2024-01-18T15:15:09.430`) +* [CVE-2024-22548](CVE-2024/CVE-2024-225xx/CVE-2024-22548.json) (`2024-01-18T15:15:09.623`) +* [CVE-2024-22549](CVE-2024/CVE-2024-225xx/CVE-2024-22549.json) (`2024-01-18T15:15:09.670`) +* [CVE-2024-22568](CVE-2024/CVE-2024-225xx/CVE-2024-22568.json) (`2024-01-18T15:15:09.717`) +* [CVE-2024-22591](CVE-2024/CVE-2024-225xx/CVE-2024-22591.json) (`2024-01-18T15:15:09.763`) +* [CVE-2024-22592](CVE-2024/CVE-2024-225xx/CVE-2024-22592.json) (`2024-01-18T15:15:09.813`) +* [CVE-2024-22593](CVE-2024/CVE-2024-225xx/CVE-2024-22593.json) (`2024-01-18T15:15:09.853`) +* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-18T16:15:08.380`) +* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-18T16:15:08.593`) +* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-18T16:15:08.690`) +* [CVE-2024-22699](CVE-2024/CVE-2024-226xx/CVE-2024-22699.json) (`2024-01-18T16:15:09.020`) ### CVEs modified in the last Commit -Recently modified CVEs: `68` +Recently modified CVEs: `35` -* [CVE-2023-38610](CVE-2023/CVE-2023-386xx/CVE-2023-38610.json) (`2024-01-18T14:34:34.800`) -* [CVE-2023-32436](CVE-2023/CVE-2023-324xx/CVE-2023-32436.json) (`2024-01-18T14:35:09.270`) -* [CVE-2023-32424](CVE-2023/CVE-2023-324xx/CVE-2023-32424.json) (`2024-01-18T14:44:50.053`) -* [CVE-2023-32401](CVE-2023/CVE-2023-324xx/CVE-2023-32401.json) (`2024-01-18T14:45:33.753`) -* [CVE-2023-32383](CVE-2023/CVE-2023-323xx/CVE-2023-32383.json) (`2024-01-18T14:46:30.137`) -* [CVE-2023-32378](CVE-2023/CVE-2023-323xx/CVE-2023-32378.json) (`2024-01-18T14:47:06.280`) -* [CVE-2023-32366](CVE-2023/CVE-2023-323xx/CVE-2023-32366.json) (`2024-01-18T14:48:05.697`) -* [CVE-2023-28197](CVE-2023/CVE-2023-281xx/CVE-2023-28197.json) (`2024-01-18T14:49:49.540`) -* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-18T13:12:45.593`) -* [CVE-2024-0565](CVE-2024/CVE-2024-05xx/CVE-2024-0565.json) (`2024-01-18T13:15:09.000`) -* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-18T13:20:45.647`) -* [CVE-2024-0655](CVE-2024/CVE-2024-06xx/CVE-2024-0655.json) (`2024-01-18T13:41:52.450`) -* [CVE-2024-0381](CVE-2024/CVE-2024-03xx/CVE-2024-0381.json) (`2024-01-18T13:41:52.450`) -* [CVE-2024-0580](CVE-2024/CVE-2024-05xx/CVE-2024-0580.json) (`2024-01-18T13:41:52.450`) -* [CVE-2024-0650](CVE-2024/CVE-2024-06xx/CVE-2024-0650.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-22416](CVE-2024/CVE-2024-224xx/CVE-2024-22416.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-0651](CVE-2024/CVE-2024-06xx/CVE-2024-0651.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-0652](CVE-2024/CVE-2024-06xx/CVE-2024-0652.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-0654](CVE-2024/CVE-2024-06xx/CVE-2024-0654.json) (`2024-01-18T13:42:01.673`) -* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-18T13:42:11.613`) -* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-18T13:42:11.613`) -* [CVE-2024-0648](CVE-2024/CVE-2024-06xx/CVE-2024-0648.json) (`2024-01-18T13:42:11.613`) -* [CVE-2024-0649](CVE-2024/CVE-2024-06xx/CVE-2024-0649.json) (`2024-01-18T13:42:11.613`) -* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-18T13:48:07.553`) +* [CVE-2023-37932](CVE-2023/CVE-2023-379xx/CVE-2023-37932.json) (`2024-01-18T15:50:39.943`) +* [CVE-2023-5770](CVE-2023/CVE-2023-57xx/CVE-2023-5770.json) (`2024-01-18T15:54:37.647`) +* [CVE-2023-6938](CVE-2023/CVE-2023-69xx/CVE-2023-6938.json) (`2024-01-18T15:57:39.827`) +* [CVE-2023-5118](CVE-2023/CVE-2023-51xx/CVE-2023-5118.json) (`2024-01-18T16:01:37.653`) +* [CVE-2023-6782](CVE-2023/CVE-2023-67xx/CVE-2023-6782.json) (`2024-01-18T16:11:09.587`) +* [CVE-2023-6875](CVE-2023/CVE-2023-68xx/CVE-2023-6875.json) (`2024-01-18T16:11:25.827`) +* [CVE-2023-6244](CVE-2023/CVE-2023-62xx/CVE-2023-6244.json) (`2024-01-18T16:13:00.490`) +* [CVE-2023-6776](CVE-2023/CVE-2023-67xx/CVE-2023-6776.json) (`2024-01-18T16:24:38.070`) +* [CVE-2023-6781](CVE-2023/CVE-2023-67xx/CVE-2023-6781.json) (`2024-01-18T16:24:52.810`) +* [CVE-2023-6878](CVE-2023/CVE-2023-68xx/CVE-2023-6878.json) (`2024-01-18T16:34:53.617`) +* [CVE-2023-6924](CVE-2023/CVE-2023-69xx/CVE-2023-6924.json) (`2024-01-18T16:42:06.183`) +* [CVE-2023-6882](CVE-2023/CVE-2023-68xx/CVE-2023-6882.json) (`2024-01-18T16:43:49.213`) +* [CVE-2024-22942](CVE-2024/CVE-2024-229xx/CVE-2024-22942.json) (`2024-01-18T15:15:47.273`) +* [CVE-2024-23057](CVE-2024/CVE-2024-230xx/CVE-2024-23057.json) (`2024-01-18T15:16:24.097`) +* [CVE-2024-23058](CVE-2024/CVE-2024-230xx/CVE-2024-23058.json) (`2024-01-18T15:16:50.140`) +* [CVE-2024-23059](CVE-2024/CVE-2024-230xx/CVE-2024-23059.json) (`2024-01-18T15:17:14.453`) +* [CVE-2024-23060](CVE-2024/CVE-2024-230xx/CVE-2024-23060.json) (`2024-01-18T15:17:35.587`) +* [CVE-2024-23061](CVE-2024/CVE-2024-230xx/CVE-2024-23061.json) (`2024-01-18T15:18:14.357`) +* [CVE-2024-0461](CVE-2024/CVE-2024-04xx/CVE-2024-0461.json) (`2024-01-18T15:36:57.897`) +* [CVE-2024-0462](CVE-2024/CVE-2024-04xx/CVE-2024-0462.json) (`2024-01-18T15:37:50.997`) +* [CVE-2024-0463](CVE-2024/CVE-2024-04xx/CVE-2024-0463.json) (`2024-01-18T15:38:05.047`) +* [CVE-2024-0467](CVE-2024/CVE-2024-04xx/CVE-2024-0467.json) (`2024-01-18T15:38:31.063`) +* [CVE-2024-22317](CVE-2024/CVE-2024-223xx/CVE-2024-22317.json) (`2024-01-18T15:50:54.810`) +* [CVE-2024-22191](CVE-2024/CVE-2024-221xx/CVE-2024-22191.json) (`2024-01-18T16:15:08.920`) +* [CVE-2024-22199](CVE-2024/CVE-2024-221xx/CVE-2024-22199.json) (`2024-01-18T16:54:56.383`) ## Download and Usage