admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-01T23:00:24.492790+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-01 23:00:28 +00:00
parent 4e7973cd42
commit ab7a18e919
36 changed files with 1146 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2023/CVE-2023-44xx/CVE-2023-4472.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-4472",
"sourceIdentifier": "mandiant-cve@google.com",
"published": "2024-02-01T22:15:55.220",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mandiant-cve@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-335"
}
]
}
],
"references": [
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md",
"source": "mandiant-cve@google.com"
},
{
"url": "https://www.objectplanet.com/opinio/changelog.html",
"source": "mandiant-cve@google.com"
}
]
}

20
CVE-2023/CVE-2023-472xx/CVE-2023-47256.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47256",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T22:15:55.103",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings"
}
],
"metrics": {},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-472xx/CVE-2023-47257.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47257",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T22:15:55.170",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages."
}
],
"metrics": {},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-514xx/CVE-2023-51446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51446",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T18:15:53.427",
"lastModified": "2024-02-01T18:15:53.427",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-58xx/CVE-2023-5841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5841",
"sourceIdentifier": "cve@takeonme.org",
"published": "2024-02-01T19:15:08.097",
"lastModified": "2024-02-01T19:15:08.097",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-60xx/CVE-2023-6078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6078",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2024-02-01T14:15:55.810",
"lastModified": "2024-02-01T14:15:55.810",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2024/CVE-2024-03xx/CVE-2024-0325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0325",
"sourceIdentifier": "security@puppet.com",
"published": "2024-02-01T22:15:55.333",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u00a0\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@puppet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@puppet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://perforce.com",
"source": "security@puppet.com"
}
]
}

4
CVE-2024/CVE-2024-09xx/CVE-2024-0935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0935",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2024-02-01T14:15:56.040",
"lastModified": "2024-02-01T14:15:56.040",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2024/CVE-2024-09xx/CVE-2024-0945.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0945",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T21:15:08.380",
"lastModified": "2024-01-27T00:42:46.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:20:25.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en 60IndexPage hasta 1.8.5 y clasificada como cr\u00edtica. Una parte desconocida del archivo /include/file.php del componente Parameter Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252189. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,57 @@
"value": "CWE-918"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.5",
"matchCriteriaId": "B8E15648-7EC5-40FD-93AA-AE97C70B6292"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/7F54gy22y7uJ",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252189",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252189",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

73
CVE-2024/CVE-2024-09xx/CVE-2024-0946.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0946",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T21:15:08.600",
"lastModified": "2024-01-27T00:42:46.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:20:11.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en 60IndexPage hasta 1.8.5 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /apply/index.php del componente Parameter Handler. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252190 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,57 @@
"value": "CWE-918"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.5",
"matchCriteriaId": "B8E15648-7EC5-40FD-93AA-AE97C70B6292"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/iNSyaClT0hGi",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.252190",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252190",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2024/CVE-2024-10xx/CVE-2024-1039.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1039",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T22:15:55.527",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nGessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2024/CVE-2024-10xx/CVE-2024-1040.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1040",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T22:15:55.717",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nGessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-328"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

4
CVE-2024/CVE-2024-11xx/CVE-2024-1141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1141",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-01T15:15:08.547",
"lastModified": "2024-02-01T15:15:08.547",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-11xx/CVE-2024-1167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1167",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-01T18:15:53.637",
"lastModified": "2024-02-01T18:15:53.637",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

180
CVE-2024/CVE-2024-202xx/CVE-2024-20253.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20253",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-26T18:15:10.970",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:16:04.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en m\u00faltiples productos Cisco Unified Communications y Contact Center Solutions podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante tambi\u00e9n podr\u00eda establecer acceso root en el dispositivo afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,160 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
"versionEndExcluding": "12.5\\(1\\)su8",
"matchCriteriaId": "FB3C1282-5EC8-4E46-ADD9-898449D96A22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14su3",
"matchCriteriaId": "312C8052-DA09-4B61-9E90-E9EEE265A4BC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"versionEndExcluding": "12.5\\(1\\)su8",
"matchCriteriaId": "EA4F43B2-1C73-415B-84BF-26D0322FA2C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14su3",
"matchCriteriaId": "C64C5167-7428-4F9E-B1E9-CAD3236B64AD"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.5\\(1\\)su8",
"matchCriteriaId": "DFF9029D-553F-43FD-8F37-86B11A17EC91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.0su3",
"matchCriteriaId": "D09B9BD3-3C31-4816-AD4C-043543C56DB5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.5\\(1\\)su8",
"matchCriteriaId": "E2BC7834-136A-4117-BEDC-0C96EC59227B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14su3",
"matchCriteriaId": "06851CA9-B778-4471-BB1D-A2237B225A4C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3164D29F-4726-4438-9F31-8644B1C2F0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7A2BE523-1AAF-4AB5-ACA3-A1E194590B09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0A7B033E-5B7F-4C11-9C6C-CA4363770A7A"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-203xx/CVE-2024-20305.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20305",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-26T18:15:11.350",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:14:41.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unity Connection podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "4BC93734-997C-42AD-9124-F07AEA0AB055"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-224xx/CVE-2024-22417.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-22417",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.860",
"lastModified": "2024-01-29T19:44:57.763",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-01T21:15:07.760",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person\u2019s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue."
"value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link. The malicious website could, for example, be a copy of a real website, meant to steal a person\u2019s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23645",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T18:15:53.823",
"lastModified": "2024-02-01T18:15:53.823",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

76
CVE-2024/CVE-2024-237xx/CVE-2024-23738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23738",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T01:15:07.933",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:09:24.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Un problema en Postman versi\u00f3n 10.22 y anteriores en macOS permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postman:postman:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.22",
"matchCriteriaId": "3F9FBD33-E5E7-4DBD-BD09-8EA0088795A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23738",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

76
CVE-2024/CVE-2024-237xx/CVE-2024-23739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23739",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:07.700",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:12:13.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Un problema en Discord para macOS versi\u00f3n 0.0.291 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discord:discord:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.0.291",
"matchCriteriaId": "CA5B08D1-5FD3-4A88-8A52-E75495B689EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23739",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2024/CVE-2024-237xx/CVE-2024-23740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23740",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T04:15:07.830",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:08:58.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en Kap para macOS versi\u00f3n 3.6.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkap:kap:*:*:*:*:*:macos:*:*",
"versionEndIncluding": "3.6.0",
"matchCriteriaId": "AE088384-EB6B-4B0D-81F6-1BD948785471"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23740",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-237xx/CVE-2024-23741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23741",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:08.337",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:08:32.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en Hyper en macOS versi\u00f3n 3.4.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyper:hyper:*:*:*:*:*:macos:*:*",
"versionEndIncluding": "3.4.1",
"matchCriteriaId": "7AF8911C-E408-4B57-9C90-A3919E5AC2F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23741",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-237xx/CVE-2024-23742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23742",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:08.390",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:08:50.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en Loom en macOS versi\u00f3n 0.196.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loom:loom:*:*:*:*:*:macos:*:*",
"versionEndIncluding": "0.196.1",
"matchCriteriaId": "04F50C02-E846-43E4-A892-836F867E11FA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23742",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-237xx/CVE-2024-23743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T02:15:08.773",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-01T21:12:23.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Un problema en Notion para macOS versi\u00f3n 3.1.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "01AABF72-D84D-4355-8EA2-1951FBB18129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/V3x0r/CVE-2024-23743",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2024/CVE-2024-238xx/CVE-2024-23832.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23832",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T17:15:10.677",
"lastModified": "2024-02-01T17:15:10.677",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-240xx/CVE-2024-24041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24041",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T20:50:05.760",
"lastModified": "2024-02-01T20:50:05.760",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24557.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24557",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T17:15:10.953",
"lastModified": "2024-02-01T17:15:10.953",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24561",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T17:15:11.180",
"lastModified": "2024-02-01T17:15:11.180",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24569",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T19:15:08.360",
"lastModified": "2024-02-01T19:15:08.360",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-245xx/CVE-2024-24570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24570",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T17:15:11.403",
"lastModified": "2024-02-01T18:15:54.050",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-247xx/CVE-2024-24752.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24752",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.487",
"lastModified": "2024-02-01T20:50:05.813",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-247xx/CVE-2024-24753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24753",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.690",
"lastModified": "2024-02-01T20:50:05.963",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

10
CVE-2024/CVE-2024-247xx/CVE-2024-24754.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-24754",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T16:17:14.877",
"lastModified": "2024-02-01T16:17:14.877",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13."
"value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13."
}
],
"metrics": {
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w",
"source": "security-advisories@github.com"

59
CVE-2024/CVE-2024-247xx/CVE-2024-24755.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24755",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-01T22:15:55.900",
"lastModified": "2024-02-01T22:39:14.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2024/CVE-2024-249xx/CVE-2024-24945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24945",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T20:50:06.063",
"lastModified": "2024-02-01T20:50:06.063",
"vulnStatus": "Received",
"lastModified": "2024-02-01T21:30:44.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-01T21:00:26.830728+00:00
2024-02-01T23:00:24.492790+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-01T20:59:40.320000+00:00
2024-02-01T22:39:14.853000+00:00
```
### Last Data Feed Release
@ -29,44 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237319
237326
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `7`
* [CVE-2023-5841](CVE-2023/CVE-2023-58xx/CVE-2023-5841.json) (`2024-02-01T19:15:08.097`)
* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-01T19:15:08.360`)
* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-01T20:50:05.760`)
* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-01T20:50:06.063`)
* [CVE-2023-47256](CVE-2023/CVE-2023-472xx/CVE-2023-47256.json) (`2024-02-01T22:15:55.103`)
* [CVE-2023-47257](CVE-2023/CVE-2023-472xx/CVE-2023-47257.json) (`2024-02-01T22:15:55.170`)
* [CVE-2023-4472](CVE-2023/CVE-2023-44xx/CVE-2023-4472.json) (`2024-02-01T22:15:55.220`)
* [CVE-2024-0325](CVE-2024/CVE-2024-03xx/CVE-2024-0325.json) (`2024-02-01T22:15:55.333`)
* [CVE-2024-1039](CVE-2024/CVE-2024-10xx/CVE-2024-1039.json) (`2024-02-01T22:15:55.527`)
* [CVE-2024-1040](CVE-2024/CVE-2024-10xx/CVE-2024-1040.json) (`2024-02-01T22:15:55.717`)
* [CVE-2024-24755](CVE-2024/CVE-2024-247xx/CVE-2024-24755.json) (`2024-02-01T22:15:55.900`)
### CVEs modified in the last Commit
Recently modified CVEs: `21`
Recently modified CVEs: `28`
* [CVE-2018-17215](CVE-2018/CVE-2018-172xx/CVE-2018-17215.json) (`2024-02-01T19:55:49.890`)
* [CVE-2021-42146](CVE-2021/CVE-2021-421xx/CVE-2021-42146.json) (`2024-02-01T20:16:49.277`)
* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2024-02-01T19:15:08.180`)
* [CVE-2023-6919](CVE-2023/CVE-2023-69xx/CVE-2023-6919.json) (`2024-02-01T19:43:35.653`)
* [CVE-2023-6298](CVE-2023/CVE-2023-62xx/CVE-2023-6298.json) (`2024-02-01T19:58:50.157`)
* [CVE-2023-29081](CVE-2023/CVE-2023-290xx/CVE-2023-29081.json) (`2024-02-01T20:59:40.320`)
* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-02-01T19:03:24.887`)
* [CVE-2024-23626](CVE-2024/CVE-2024-236xx/CVE-2024-23626.json) (`2024-02-01T19:24:18.060`)
* [CVE-2024-23627](CVE-2024/CVE-2024-236xx/CVE-2024-23627.json) (`2024-02-01T19:38:10.910`)
* [CVE-2024-23628](CVE-2024/CVE-2024-236xx/CVE-2024-23628.json) (`2024-02-01T19:40:28.237`)
* [CVE-2024-23629](CVE-2024/CVE-2024-236xx/CVE-2024-23629.json) (`2024-02-01T19:48:49.857`)
* [CVE-2024-23630](CVE-2024/CVE-2024-236xx/CVE-2024-23630.json) (`2024-02-01T19:56:55.807`)
* [CVE-2024-22551](CVE-2024/CVE-2024-225xx/CVE-2024-22551.json) (`2024-02-01T20:10:53.180`)
* [CVE-2024-23341](CVE-2024/CVE-2024-233xx/CVE-2024-23341.json) (`2024-02-01T20:15:31.893`)
* [CVE-2024-23636](CVE-2024/CVE-2024-236xx/CVE-2024-23636.json) (`2024-02-01T20:17:34.393`)
* [CVE-2024-21620](CVE-2024/CVE-2024-216xx/CVE-2024-21620.json) (`2024-02-01T20:20:19.847`)
* [CVE-2024-0942](CVE-2024/CVE-2024-09xx/CVE-2024-0942.json) (`2024-02-01T20:32:02.617`)
* [CVE-2024-0943](CVE-2024/CVE-2024-09xx/CVE-2024-0943.json) (`2024-02-01T20:47:02.903`)
* [CVE-2024-0944](CVE-2024/CVE-2024-09xx/CVE-2024-0944.json) (`2024-02-01T20:49:30.500`)
* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T20:50:05.813`)
* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T20:50:05.963`)
* [CVE-2024-23741](CVE-2024/CVE-2024-237xx/CVE-2024-23741.json) (`2024-02-01T21:08:32.010`)
* [CVE-2024-23742](CVE-2024/CVE-2024-237xx/CVE-2024-23742.json) (`2024-02-01T21:08:50.937`)
* [CVE-2024-23740](CVE-2024/CVE-2024-237xx/CVE-2024-23740.json) (`2024-02-01T21:08:58.803`)
* [CVE-2024-23738](CVE-2024/CVE-2024-237xx/CVE-2024-23738.json) (`2024-02-01T21:09:24.777`)
* [CVE-2024-23739](CVE-2024/CVE-2024-237xx/CVE-2024-23739.json) (`2024-02-01T21:12:13.300`)
* [CVE-2024-23743](CVE-2024/CVE-2024-237xx/CVE-2024-23743.json) (`2024-02-01T21:12:23.090`)
* [CVE-2024-20305](CVE-2024/CVE-2024-203xx/CVE-2024-20305.json) (`2024-02-01T21:14:41.087`)
* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-02-01T21:15:07.760`)
* [CVE-2024-20253](CVE-2024/CVE-2024-202xx/CVE-2024-20253.json) (`2024-02-01T21:16:04.890`)
* [CVE-2024-0946](CVE-2024/CVE-2024-09xx/CVE-2024-0946.json) (`2024-02-01T21:20:11.267`)
* [CVE-2024-0945](CVE-2024/CVE-2024-09xx/CVE-2024-0945.json) (`2024-02-01T21:20:25.947`)
* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24754](CVE-2024/CVE-2024-247xx/CVE-2024-24754.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-23832](CVE-2024/CVE-2024-238xx/CVE-2024-23832.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24557](CVE-2024/CVE-2024-245xx/CVE-2024-24557.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24561](CVE-2024/CVE-2024-245xx/CVE-2024-24561.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-1167](CVE-2024/CVE-2024-11xx/CVE-2024-1167.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-23645](CVE-2024/CVE-2024-236xx/CVE-2024-23645.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-01T21:30:44.493`)
* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-01T21:30:44.493`)
## Download and Usage