admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-02T07:00:24.408007+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-02 07:00:28 +00:00
parent 9b31c36363
commit b4ad8bda3e
18 changed files with 729 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-402xx/CVE-2022-40201.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40201",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-01-06T22:15:09.320",
"lastModified": "2023-11-07T03:52:12.407",
"lastModified": "2024-02-02T06:15:44.650",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "https://www.bentley.com/advisories/be-2023-0003/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01",
"source": "ics-cert@hq.dhs.gov",

10
CVE-2022/CVE-2022-416xx/CVE-2022-41613.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41613",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-01-06T22:15:09.403",
"lastModified": "2023-11-07T03:52:50.540",
"lastModified": "2024-02-02T06:15:44.797",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "https://www.bentley.com/advisories/be-2023-0003/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01",
"source": "ics-cert@hq.dhs.gov",

8
CVE-2023/CVE-2023-410xx/CVE-2023-41032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41032",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-09-12T10:15:29.690",
"lastModified": "2023-11-14T11:15:11.087",
"vulnStatus": "Modified",
"lastModified": "2024-02-02T06:15:44.910",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -111,6 +111,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf",
"source": "productcert@siemens.com"
},
{
"url": "https://www.bentley.com/advisories/be-2023-0004/",
"source": "productcert@siemens.com"
}
]
}

14
CVE-2023/CVE-2023-447xx/CVE-2023-44764.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.863",
"lastModified": "2023-10-06T19:05:57.683",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-02T06:15:45.043",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings."
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro SITE desde la instalaci\u00f3n o en la Configuraci\u00f3n."
}
],
"metrics": {
@ -64,6 +68,10 @@
}
],
"references": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation",
"source": "cve@mitre.org",

28
CVE-2023/CVE-2023-460xx/CVE-2023-46045.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-46045",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T06:15:45.123",
"lastModified": "2024-02-02T06:15:45.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/graphviz/graphviz/-/issues/2441",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/73",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/02/01/2",
"source": "cve@mitre.org"
}
]
}

73
CVE-2023/CVE-2023-487xx/CVE-2023-48714.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48714",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.780",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T05:06:50.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue."
},
{
"lang": "es",
"value": "Silverstripe Framework es el framework que forma la base del sistema de gesti\u00f3n de contenidos Silverstripe. Antes de las versiones 4.13.39 y 5.1.11, si un usuario no pod\u00eda ver un registro, pero ese registro se pod\u00eda agregar a un `GridField` usando el componente `GridFieldAddExistingAutocompleter`, ese usuario pod\u00eda acceder al t\u00edtulo del registro. Las versiones 4.13.39 y 5.1.11 contienen una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.13.39",
"matchCriteriaId": "FBFF168A-BDC7-4903-9FC8-EDDC61DF5F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.11",
"matchCriteriaId": "ED559465-A475-47D0-80A1-E56E9E84522B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-497xx/CVE-2023-49783.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49783",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.967",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T05:07:08.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users."
},
{
"lang": "es",
"value": "Silverstripe Admin proporciona una interfaz de administraci\u00f3n b\u00e1sica para Silverstripe Framework. En las versiones de la rama 1.x anteriores a la 1.13.19 y de la rama 2.x anteriores a la 2.1.8, los usuarios que no tienen permisos de edici\u00f3n o eliminaci\u00f3n de registros expuestos en un `ModelAdmin` a\u00fan pueden editar o eliminar registros, utilizando el formulario de importaci\u00f3n CSV, siempre que tengan permisos de creaci\u00f3n. La probabilidad de que un usuario tenga permisos de creaci\u00f3n pero no de edici\u00f3n o eliminaci\u00f3n es baja, pero es posible. Tenga en cuenta que esto no afecta a ning\u00fan `ModelAdmin` que tenga el formulario de importaci\u00f3n deshabilitado a trav\u00e9s de la propiedad p\u00fablica `showImportForm`. Las versiones 1.13.19 y 2.1.8 contienen un parche para el problema. Aquellos que tienen una implementaci\u00f3n personalizada de `BulkLoader` deben actualizar sus implementaciones para respetar los permisos cuando el valor de retorno de `getCheckPermissions()` sea verdadero. Aquellos que usan cualquier `BulkLoader` en su propia l\u00f3gica de proyecto, o mantienen un m\u00f3dulo que lo usa, deber\u00edan considerar pasar `true` a `setCheckPermissions()` si los datos los proporcionan los usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:admin:*:*:*:*:*:silverstripe:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.13.19",
"matchCriteriaId": "C22A3802-9343-4565-82DE-8237A094E903"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:admin:*:*:*:*:*:silverstripe:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.1.8",
"matchCriteriaId": "B9293652-AD0D-4E08-A38B-5F1163B4E8C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-j3m6-gvm8-mhvw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-49783",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-06xx/CVE-2024-0617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0617",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-25T02:15:53.067",
"lastModified": "2024-01-25T13:38:33.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T05:07:58.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quanticedgesolutions:category_discount_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.13",
"matchCriteriaId": "D26C8C9F-7662-47CA-B5EF-24AC64C4524F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-06xx/CVE-2024-0625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0625",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-25T03:15:07.753",
"lastModified": "2024-01-25T13:38:33.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T05:08:07.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfront:wpfront_notification_bar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.2",
"matchCriteriaId": "2D0E3103-AA1E-46C1-B8FE-BE00A35C3970"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-06xx/CVE-2024-0685.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-0685",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T05:15:08.603",
"lastModified": "2024-02-02T05:15:08.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-10xx/CVE-2024-1047.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1047",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T06:15:45.190",
"lastModified": "2024-02-02T06:15:45.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-10xx/CVE-2024-1073.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1073",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T05:15:09.087",
"lastModified": "2024-02-02T05:15:09.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/admin/index.php#L1004",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67?source=cve",
"source": "security@wordfence.com"
}
]
}

20
CVE-2024/CVE-2024-11xx/CVE-2024-1143.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-1143",
"sourceIdentifier": "dl_cve@linecorp.com",
"published": "2024-02-02T06:15:45.360",
"lastModified": "2024-02-02T06:15:45.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/line/centraldogma/commit/8edcf913b88101aff70008156b0881850e005783",
"source": "dl_cve@linecorp.com"
}
]
}

47
CVE-2024/CVE-2024-11xx/CVE-2024-1162.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1162",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T06:15:45.407",
"lastModified": "2024-02-02T06:15:45.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve",
"source": "security@wordfence.com"
}
]
}

87
CVE-2024/CVE-2024-214xx/CVE-2024-21485.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2024-21485",
"sourceIdentifier": "report@snyk.io",
"published": "2024-02-02T05:15:09.510",
"lastModified": "2024-02-02T05:15:09.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.\r\r**Note:**\r\rThis is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/plotly/dash/commit/9920073c9a8619ae8f90fcec1924f2f3a4332a8c",
"source": "report@snyk.io"
},
{
"url": "https://github.com/plotly/dash/issues/2729",
"source": "report@snyk.io"
},
{
"url": "https://github.com/plotly/dash/pull/2732",
"source": "report@snyk.io"
},
{
"url": "https://github.com/plotly/dash/releases/tag/v2.15.0",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-DASHCORECOMPONENTS-6183084",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-DASHHTMLCOMPONENTS-6226337",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DASH-6226335",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DASHCORECOMPONENTS-6226334",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-6226336",
"source": "report@snyk.io"
}
]
}

77
CVE-2024/CVE-2024-222xx/CVE-2024-22204.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22204",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.467",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T05:07:34.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue."
},
{
"lang": "es",
"value": "Whoogle Search es un metabuscador autohospedado. Las versiones 0.8.3 y anteriores tienen una vulnerabilidad de escritura de archivos limitada cuando las opciones de configuraci\u00f3n en Whoogle est\u00e1n habilitadas. La funci\u00f3n `config` en `app/routes.py` no valida la variable `name` controlada por el usuario en la l\u00ednea 447 y la variable `config_data` en la l\u00ednea 437. La variable `name` est\u00e1 concatenada de forma insegura en `os.path. join`, lo que lleva a la manipulaci\u00f3n de la ruta. Los datos POST de la variable `config_data` se guardan con `pickle.dump`, lo que genera una escritura de archivo limitada. Sin embargo, los datos que se guardan se transforman previamente en un diccionario y el par clave-valor \"url\" se agrega antes de que el archivo se guarde en el sistema. Con todo, el problema nos permite guardar y sobrescribir archivos en el sistema para el que la aplicaci\u00f3n tiene permisos, con un diccionario que contiene datos arbitrarios y el valor clave \"url\", que es una escritura de archivo limitada. La versi\u00f3n 0.8.4 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benbusby:whoogle_search:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.4",
"matchCriteriaId": "D3DA218E-B891-4381-97E4-F0F1147E6309"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L419-L452",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L437",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L444",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L447",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-244xx/CVE-2024-24482.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24482",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T05:15:10.007",
"lastModified": "2024-02-02T05:15:10.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv",
"source": "cve@mitre.org"
}
]
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-02T05:00:24.708571+00:00
2024-02-02T07:00:24.408007+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-02T04:58:55.817000+00:00
2024-02-02T06:15:45.407000+00:00
```
### Last Data Feed Release
@ -29,52 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237379
237387
```
### CVEs added in the last Commit
Recently added CVEs: `8`
* [CVE-2022-40744](CVE-2022/CVE-2022-407xx/CVE-2022-40744.json) (`2024-02-02T04:15:07.700`)
* [CVE-2023-46159](CVE-2023/CVE-2023-461xx/CVE-2023-46159.json) (`2024-02-02T03:15:09.920`)
* [CVE-2023-38019](CVE-2023/CVE-2023-380xx/CVE-2023-38019.json) (`2024-02-02T04:15:07.937`)
* [CVE-2023-38020](CVE-2023/CVE-2023-380xx/CVE-2023-38020.json) (`2024-02-02T04:15:08.147`)
* [CVE-2023-38263](CVE-2023/CVE-2023-382xx/CVE-2023-38263.json) (`2024-02-02T04:15:08.360`)
* [CVE-2024-22319](CVE-2024/CVE-2024-223xx/CVE-2024-22319.json) (`2024-02-02T03:15:10.573`)
* [CVE-2024-22320](CVE-2024/CVE-2024-223xx/CVE-2024-22320.json) (`2024-02-02T03:15:10.780`)
* [CVE-2024-22533](CVE-2024/CVE-2024-225xx/CVE-2024-22533.json) (`2024-02-02T03:15:11.210`)
* [CVE-2023-46045](CVE-2023/CVE-2023-460xx/CVE-2023-46045.json) (`2024-02-02T06:15:45.123`)
* [CVE-2024-0685](CVE-2024/CVE-2024-06xx/CVE-2024-0685.json) (`2024-02-02T05:15:08.603`)
* [CVE-2024-1073](CVE-2024/CVE-2024-10xx/CVE-2024-1073.json) (`2024-02-02T05:15:09.087`)
* [CVE-2024-21485](CVE-2024/CVE-2024-214xx/CVE-2024-21485.json) (`2024-02-02T05:15:09.510`)
* [CVE-2024-24482](CVE-2024/CVE-2024-244xx/CVE-2024-24482.json) (`2024-02-02T05:15:10.007`)
* [CVE-2024-1047](CVE-2024/CVE-2024-10xx/CVE-2024-1047.json) (`2024-02-02T06:15:45.190`)
* [CVE-2024-1143](CVE-2024/CVE-2024-11xx/CVE-2024-1143.json) (`2024-02-02T06:15:45.360`)
* [CVE-2024-1162](CVE-2024/CVE-2024-11xx/CVE-2024-1162.json) (`2024-02-02T06:15:45.407`)
### CVEs modified in the last Commit
Recently modified CVEs: `70`
Recently modified CVEs: `9`
* [CVE-2023-6779](CVE-2023/CVE-2023-67xx/CVE-2023-6779.json) (`2024-02-02T04:15:08.813`)
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-02T04:15:08.907`)
* [CVE-2023-32333](CVE-2023/CVE-2023-323xx/CVE-2023-32333.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-46344](CVE-2023/CVE-2023-463xx/CVE-2023-46344.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-48792](CVE-2023/CVE-2023-487xx/CVE-2023-48792.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-48793](CVE-2023/CVE-2023-487xx/CVE-2023-48793.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50328](CVE-2023/CVE-2023-503xx/CVE-2023-50328.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50934](CVE-2023/CVE-2023-509xx/CVE-2023-50934.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50935](CVE-2023/CVE-2023-509xx/CVE-2023-50935.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50938](CVE-2023/CVE-2023-509xx/CVE-2023-50938.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50941](CVE-2023/CVE-2023-509xx/CVE-2023-50941.json) (`2024-02-02T04:58:55.817`)
* [CVE-2023-50962](CVE-2023/CVE-2023-509xx/CVE-2023-50962.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-1059](CVE-2024/CVE-2024-10xx/CVE-2024-1059.json) (`2024-02-02T03:15:10.207`)
* [CVE-2024-1060](CVE-2024/CVE-2024-10xx/CVE-2024-1060.json) (`2024-02-02T03:15:10.313`)
* [CVE-2024-1077](CVE-2024/CVE-2024-10xx/CVE-2024-1077.json) (`2024-02-02T03:15:10.417`)
* [CVE-2024-20305](CVE-2024/CVE-2024-203xx/CVE-2024-20305.json) (`2024-02-02T03:15:10.463`)
* [CVE-2024-22420](CVE-2024/CVE-2024-224xx/CVE-2024-22420.json) (`2024-02-02T03:15:10.977`)
* [CVE-2024-22421](CVE-2024/CVE-2024-224xx/CVE-2024-22421.json) (`2024-02-02T03:15:11.097`)
* [CVE-2024-22779](CVE-2024/CVE-2024-227xx/CVE-2024-22779.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-22899](CVE-2024/CVE-2024-228xx/CVE-2024-22899.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-22900](CVE-2024/CVE-2024-229xx/CVE-2024-22900.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-22901](CVE-2024/CVE-2024-229xx/CVE-2024-22901.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-22902](CVE-2024/CVE-2024-229xx/CVE-2024-22902.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-22903](CVE-2024/CVE-2024-229xx/CVE-2024-22903.json) (`2024-02-02T04:58:55.817`)
* [CVE-2024-23746](CVE-2024/CVE-2024-237xx/CVE-2024-23746.json) (`2024-02-02T04:58:55.817`)
* [CVE-2022-40201](CVE-2022/CVE-2022-402xx/CVE-2022-40201.json) (`2024-02-02T06:15:44.650`)
* [CVE-2022-41613](CVE-2022/CVE-2022-416xx/CVE-2022-41613.json) (`2024-02-02T06:15:44.797`)
* [CVE-2023-48714](CVE-2023/CVE-2023-487xx/CVE-2023-48714.json) (`2024-02-02T05:06:50.870`)
* [CVE-2023-49783](CVE-2023/CVE-2023-497xx/CVE-2023-49783.json) (`2024-02-02T05:07:08.153`)
* [CVE-2023-41032](CVE-2023/CVE-2023-410xx/CVE-2023-41032.json) (`2024-02-02T06:15:44.910`)
* [CVE-2023-44764](CVE-2023/CVE-2023-447xx/CVE-2023-44764.json) (`2024-02-02T06:15:45.043`)
* [CVE-2024-22204](CVE-2024/CVE-2024-222xx/CVE-2024-22204.json) (`2024-02-02T05:07:34.323`)
* [CVE-2024-0617](CVE-2024/CVE-2024-06xx/CVE-2024-0617.json) (`2024-02-02T05:07:58.277`)
* [CVE-2024-0625](CVE-2024/CVE-2024-06xx/CVE-2024-0625.json) (`2024-02-02T05:08:07.047`)
## Download and Usage