diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4472.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4472.json new file mode 100644 index 00000000000..cd1f1597472 --- /dev/null +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4472.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-4472", + "sourceIdentifier": "mandiant-cve@google.com", + "published": "2024-02-01T22:15:55.220", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "mandiant-cve@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-335" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md", + "source": "mandiant-cve@google.com" + }, + { + "url": "https://www.objectplanet.com/opinio/changelog.html", + "source": "mandiant-cve@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json new file mode 100644 index 00000000000..2e2223ad592 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47256.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47256", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T22:15:55.103", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47257.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47257.json new file mode 100644 index 00000000000..5585eeb4f41 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47257.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47257", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-01T22:15:55.170", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51446.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51446.json index 54ed978cab7..7a2e87d102d 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51446.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51446.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51446", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T18:15:53.427", - "lastModified": "2024-02-01T18:15:53.427", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5841.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5841.json index 03c4fa6d5fb..f1adda0dc92 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5841.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5841.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5841", "sourceIdentifier": "cve@takeonme.org", "published": "2024-02-01T19:15:08.097", - "lastModified": "2024-02-01T19:15:08.097", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6078.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6078.json index e4ce5f5d9f5..9f87fc63835 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6078.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6078", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-02-01T14:15:55.810", - "lastModified": "2024-02-01T14:15:55.810", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0325.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0325.json new file mode 100644 index 00000000000..273f94d79e2 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0325.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0325", + "sourceIdentifier": "security@puppet.com", + "published": "2024-02-01T22:15:55.333", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u00a0\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.6, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://perforce.com", + "source": "security@puppet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0935.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0935.json index 26db8f8e982..8345b5acfb6 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0935.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0935.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0935", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-02-01T14:15:56.040", - "lastModified": "2024-02-01T14:15:56.040", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0945.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0945.json index 0a1b555157a..943e4b9861d 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0945.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0945.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0945", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T21:15:08.380", - "lastModified": "2024-01-27T00:42:46.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:20:25.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en 60IndexPage hasta 1.8.5 y clasificada como cr\u00edtica. Una parte desconocida del archivo /include/file.php del componente Parameter Handler afecta a una parte desconocida. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252189. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,7 +85,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,20 +93,57 @@ "value": "CWE-918" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.5", + "matchCriteriaId": "B8E15648-7EC5-40FD-93AA-AE97C70B6292" + } + ] + } + ] } ], "references": [ { "url": "https://note.zhaoj.in/share/7F54gy22y7uJ", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.252189", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.252189", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0946.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0946.json index b89c240b933..08327217d1a 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0946.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0946.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0946", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T21:15:08.600", - "lastModified": "2024-01-27T00:42:46.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:20:11.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en 60IndexPage hasta 1.8.5 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /apply/index.php del componente Parameter Handler. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252190 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,7 +85,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,20 +93,57 @@ "value": "CWE-918" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.5", + "matchCriteriaId": "B8E15648-7EC5-40FD-93AA-AE97C70B6292" + } + ] + } + ] } ], "references": [ { "url": "https://note.zhaoj.in/share/iNSyaClT0hGi", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.252190", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.252190", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1039.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1039.json new file mode 100644 index 00000000000..fae88626f3a --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1039.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1039", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T22:15:55.527", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nGessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1391" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json new file mode 100644 index 00000000000..a08f637e3dc --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1040.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1040", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-01T22:15:55.717", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nGessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-328" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1141.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1141.json index ea21b63c8c0..52134a26db2 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1141.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1141.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1141", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-01T15:15:08.547", - "lastModified": "2024-02-01T15:15:08.547", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1167.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1167.json index a4f591ba345..60b7f1fca2d 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1167.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1167", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-02-01T18:15:53.637", - "lastModified": "2024-02-01T18:15:53.637", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20253.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20253.json index 89f4b5cac7f..24c2fdf0a9a 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20253.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20253.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20253", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-01-26T18:15:10.970", - "lastModified": "2024-01-26T18:29:26.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:16:04.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en m\u00faltiples productos Cisco Unified Communications y Contact Center Solutions podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante tambi\u00e9n podr\u00eda establecer acceso root en el dispositivo afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,160 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", + "versionEndExcluding": "12.5\\(1\\)su8", + "matchCriteriaId": "FB3C1282-5EC8-4E46-ADD9-898449D96A22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14su3", + "matchCriteriaId": "312C8052-DA09-4B61-9E90-E9EEE265A4BC" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", + "versionEndExcluding": "12.5\\(1\\)su8", + "matchCriteriaId": "EA4F43B2-1C73-415B-84BF-26D0322FA2C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14su3", + "matchCriteriaId": "C64C5167-7428-4F9E-B1E9-CAD3236B64AD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.5\\(1\\)su8", + "matchCriteriaId": "DFF9029D-553F-43FD-8F37-86B11A17EC91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.0su3", + "matchCriteriaId": "D09B9BD3-3C31-4816-AD4C-043543C56DB5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.5\\(1\\)su8", + "matchCriteriaId": "E2BC7834-136A-4117-BEDC-0C96EC59227B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14su3", + "matchCriteriaId": "06851CA9-B778-4471-BB1D-A2237B225A4C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", + "matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\(1\\):*:*:*:*:*:*:*", + "matchCriteriaId": "3164D29F-4726-4438-9F31-8644B1C2F0E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(1\\):*:*:*:*:*:*:*", + "matchCriteriaId": "7A2BE523-1AAF-4AB5-ACA3-A1E194590B09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(2\\):*:*:*:*:*:*:*", + "matchCriteriaId": "0A7B033E-5B7F-4C11-9C6C-CA4363770A7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20305.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20305.json index 7b303873492..1a982f06f39 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20305.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20305.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20305", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-01-26T18:15:11.350", - "lastModified": "2024-01-26T18:29:26.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:14:41.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unity Connection podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.0", + "matchCriteriaId": "4BC93734-997C-42AD-9124-F07AEA0AB055" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22417.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22417.json index 956fd5963a5..a531a8a38b9 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22417.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22417.json @@ -2,12 +2,12 @@ "id": "CVE-2024-22417", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-23T18:15:18.860", - "lastModified": "2024-01-29T19:44:57.763", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-01T21:15:07.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person\u2019s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue." + "value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link. The malicious website could, for example, be a copy of a real website, meant to steal a person\u2019s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23645.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23645.json index fe0877bc5f6..85196b129ef 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23645.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23645.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23645", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T18:15:53.823", - "lastModified": "2024-02-01T18:15:53.823", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23738.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23738.json index 5eb24435f7b..c1b2eba366d 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23738.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23738.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23738", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T01:15:07.933", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:09:24.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Un problema en Postman versi\u00f3n 10.22 y anteriores en macOS permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postman:postman:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.22", + "matchCriteriaId": "3F9FBD33-E5E7-4DBD-BD09-8EA0088795A3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23738", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23739.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23739.json index 1b51c6e3515..2837fff8d79 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23739.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23739.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23739", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T03:15:07.700", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:12:13.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Un problema en Discord para macOS versi\u00f3n 0.0.291 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:discord:discord:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.0.291", + "matchCriteriaId": "CA5B08D1-5FD3-4A88-8A52-E75495B689EC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23739", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23740.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23740.json index 2e1cd51eee5..45d188a4ee2 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23740.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23740.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23740", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T04:15:07.830", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:08:58.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en Kap para macOS versi\u00f3n 3.6.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getkap:kap:*:*:*:*:*:macos:*:*", + "versionEndIncluding": "3.6.0", + "matchCriteriaId": "AE088384-EB6B-4B0D-81F6-1BD948785471" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23740", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23741.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23741.json index bb034c8373a..41bed4f43a5 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23741.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23741.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23741", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T03:15:08.337", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:08:32.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en Hyper en macOS versi\u00f3n 3.4.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hyper:hyper:*:*:*:*:*:macos:*:*", + "versionEndIncluding": "3.4.1", + "matchCriteriaId": "7AF8911C-E408-4B57-9C90-A3919E5AC2F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23741", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json index a38c7777d57..856bc69f1be 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23742", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T03:15:08.390", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:08:50.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema en Loom en macOS versi\u00f3n 0.196.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:loom:loom:*:*:*:*:*:macos:*:*", + "versionEndIncluding": "0.196.1", + "matchCriteriaId": "04F50C02-E846-43E4-A892-836F867E11FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23742", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23743.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23743.json index 3aa0f182966..4354591943b 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23743.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23743", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-28T02:15:08.773", - "lastModified": "2024-01-29T14:25:25.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-01T21:12:23.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Un problema en Notion para macOS versi\u00f3n 3.1.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes RunAsNode y enableNodeClilnspectArguments." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "01AABF72-D84D-4355-8EA2-1951FBB18129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/V3x0r/CVE-2024-23743", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23832.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23832.json index 009841b069c..9c6a57d4b50 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23832.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23832.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23832", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T17:15:10.677", - "lastModified": "2024-02-01T17:15:10.677", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json index cf28a424b04..40c7c085b6e 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24041.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24041", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T20:50:05.760", - "lastModified": "2024-02-01T20:50:05.760", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24557.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24557.json index 97f049fc33b..0f315189537 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24557.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24557.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24557", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T17:15:10.953", - "lastModified": "2024-02-01T17:15:10.953", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24561.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24561.json index a2b1dcfd5fd..777eb05c81f 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24561.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24561.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24561", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T17:15:11.180", - "lastModified": "2024-02-01T17:15:11.180", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24569.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24569.json index cae1d14d434..4b8bf8b6725 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24569.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24569.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24569", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T19:15:08.360", - "lastModified": "2024-02-01T19:15:08.360", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24570.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24570.json index 9df7838990b..d68e9a903ef 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24570.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24570.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24570", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T17:15:11.403", - "lastModified": "2024-02-01T18:15:54.050", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24752.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24752.json index 338c458e202..dca46cbd31c 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24752.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24752.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24752", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T16:17:14.487", - "lastModified": "2024-02-01T20:50:05.813", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24753.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24753.json index 96dd4dc6cdc..ef88dc3a2ff 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24753.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24753.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24753", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T16:17:14.690", - "lastModified": "2024-02-01T20:50:05.963", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24754.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24754.json index d94e18fcc43..131551a703b 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24754.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24754.json @@ -2,12 +2,12 @@ "id": "CVE-2024-24754", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-01T16:17:14.877", - "lastModified": "2024-02-01T16:17:14.877", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13." + "value": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13." } ], "metrics": { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24755.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24755.json new file mode 100644 index 00000000000..017504e61c5 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24755.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24755", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-01T22:15:55.900", + "lastModified": "2024-02-01T22:39:14.853", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json index 3c3d03fc2d4..aa21487b69b 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24945.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24945", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T20:50:06.063", - "lastModified": "2024-02-01T20:50:06.063", - "vulnStatus": "Received", + "lastModified": "2024-02-01T21:30:44.493", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 52ebef3f900..27c66019c43 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-01T21:00:26.830728+00:00 +2024-02-01T23:00:24.492790+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-01T20:59:40.320000+00:00 +2024-02-01T22:39:14.853000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237319 +237326 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `7` -* [CVE-2023-5841](CVE-2023/CVE-2023-58xx/CVE-2023-5841.json) (`2024-02-01T19:15:08.097`) -* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-01T19:15:08.360`) -* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-01T20:50:05.760`) -* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-01T20:50:06.063`) +* [CVE-2023-47256](CVE-2023/CVE-2023-472xx/CVE-2023-47256.json) (`2024-02-01T22:15:55.103`) +* [CVE-2023-47257](CVE-2023/CVE-2023-472xx/CVE-2023-47257.json) (`2024-02-01T22:15:55.170`) +* [CVE-2023-4472](CVE-2023/CVE-2023-44xx/CVE-2023-4472.json) (`2024-02-01T22:15:55.220`) +* [CVE-2024-0325](CVE-2024/CVE-2024-03xx/CVE-2024-0325.json) (`2024-02-01T22:15:55.333`) +* [CVE-2024-1039](CVE-2024/CVE-2024-10xx/CVE-2024-1039.json) (`2024-02-01T22:15:55.527`) +* [CVE-2024-1040](CVE-2024/CVE-2024-10xx/CVE-2024-1040.json) (`2024-02-01T22:15:55.717`) +* [CVE-2024-24755](CVE-2024/CVE-2024-247xx/CVE-2024-24755.json) (`2024-02-01T22:15:55.900`) ### CVEs modified in the last Commit -Recently modified CVEs: `21` +Recently modified CVEs: `28` -* [CVE-2018-17215](CVE-2018/CVE-2018-172xx/CVE-2018-17215.json) (`2024-02-01T19:55:49.890`) -* [CVE-2021-42146](CVE-2021/CVE-2021-421xx/CVE-2021-42146.json) (`2024-02-01T20:16:49.277`) -* [CVE-2023-6176](CVE-2023/CVE-2023-61xx/CVE-2023-6176.json) (`2024-02-01T19:15:08.180`) -* [CVE-2023-6919](CVE-2023/CVE-2023-69xx/CVE-2023-6919.json) (`2024-02-01T19:43:35.653`) -* [CVE-2023-6298](CVE-2023/CVE-2023-62xx/CVE-2023-6298.json) (`2024-02-01T19:58:50.157`) -* [CVE-2023-29081](CVE-2023/CVE-2023-290xx/CVE-2023-29081.json) (`2024-02-01T20:59:40.320`) -* [CVE-2024-0781](CVE-2024/CVE-2024-07xx/CVE-2024-0781.json) (`2024-02-01T19:03:24.887`) -* [CVE-2024-23626](CVE-2024/CVE-2024-236xx/CVE-2024-23626.json) (`2024-02-01T19:24:18.060`) -* [CVE-2024-23627](CVE-2024/CVE-2024-236xx/CVE-2024-23627.json) (`2024-02-01T19:38:10.910`) -* [CVE-2024-23628](CVE-2024/CVE-2024-236xx/CVE-2024-23628.json) (`2024-02-01T19:40:28.237`) -* [CVE-2024-23629](CVE-2024/CVE-2024-236xx/CVE-2024-23629.json) (`2024-02-01T19:48:49.857`) -* [CVE-2024-23630](CVE-2024/CVE-2024-236xx/CVE-2024-23630.json) (`2024-02-01T19:56:55.807`) -* [CVE-2024-22551](CVE-2024/CVE-2024-225xx/CVE-2024-22551.json) (`2024-02-01T20:10:53.180`) -* [CVE-2024-23341](CVE-2024/CVE-2024-233xx/CVE-2024-23341.json) (`2024-02-01T20:15:31.893`) -* [CVE-2024-23636](CVE-2024/CVE-2024-236xx/CVE-2024-23636.json) (`2024-02-01T20:17:34.393`) -* [CVE-2024-21620](CVE-2024/CVE-2024-216xx/CVE-2024-21620.json) (`2024-02-01T20:20:19.847`) -* [CVE-2024-0942](CVE-2024/CVE-2024-09xx/CVE-2024-0942.json) (`2024-02-01T20:32:02.617`) -* [CVE-2024-0943](CVE-2024/CVE-2024-09xx/CVE-2024-0943.json) (`2024-02-01T20:47:02.903`) -* [CVE-2024-0944](CVE-2024/CVE-2024-09xx/CVE-2024-0944.json) (`2024-02-01T20:49:30.500`) -* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T20:50:05.813`) -* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T20:50:05.963`) +* [CVE-2024-23741](CVE-2024/CVE-2024-237xx/CVE-2024-23741.json) (`2024-02-01T21:08:32.010`) +* [CVE-2024-23742](CVE-2024/CVE-2024-237xx/CVE-2024-23742.json) (`2024-02-01T21:08:50.937`) +* [CVE-2024-23740](CVE-2024/CVE-2024-237xx/CVE-2024-23740.json) (`2024-02-01T21:08:58.803`) +* [CVE-2024-23738](CVE-2024/CVE-2024-237xx/CVE-2024-23738.json) (`2024-02-01T21:09:24.777`) +* [CVE-2024-23739](CVE-2024/CVE-2024-237xx/CVE-2024-23739.json) (`2024-02-01T21:12:13.300`) +* [CVE-2024-23743](CVE-2024/CVE-2024-237xx/CVE-2024-23743.json) (`2024-02-01T21:12:23.090`) +* [CVE-2024-20305](CVE-2024/CVE-2024-203xx/CVE-2024-20305.json) (`2024-02-01T21:14:41.087`) +* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-02-01T21:15:07.760`) +* [CVE-2024-20253](CVE-2024/CVE-2024-202xx/CVE-2024-20253.json) (`2024-02-01T21:16:04.890`) +* [CVE-2024-0946](CVE-2024/CVE-2024-09xx/CVE-2024-0946.json) (`2024-02-01T21:20:11.267`) +* [CVE-2024-0945](CVE-2024/CVE-2024-09xx/CVE-2024-0945.json) (`2024-02-01T21:20:25.947`) +* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24752](CVE-2024/CVE-2024-247xx/CVE-2024-24752.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24753](CVE-2024/CVE-2024-247xx/CVE-2024-24753.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24754](CVE-2024/CVE-2024-247xx/CVE-2024-24754.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-23832](CVE-2024/CVE-2024-238xx/CVE-2024-23832.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24557](CVE-2024/CVE-2024-245xx/CVE-2024-24557.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24561](CVE-2024/CVE-2024-245xx/CVE-2024-24561.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-1167](CVE-2024/CVE-2024-11xx/CVE-2024-1167.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-23645](CVE-2024/CVE-2024-236xx/CVE-2024-23645.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24041](CVE-2024/CVE-2024-240xx/CVE-2024-24041.json) (`2024-02-01T21:30:44.493`) +* [CVE-2024-24945](CVE-2024/CVE-2024-249xx/CVE-2024-24945.json) (`2024-02-01T21:30:44.493`) ## Download and Usage