admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-08T15:00:24.957880+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-08 15:00:28 +00:00
parent b4bbd2313f
commit c11fe73363
24 changed files with 1397 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2018/CVE-2018-250xx/CVE-2018-25096.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2018-25096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-30T10:15:08.837",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:53:38.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo includes/logout.php. La manipulaci\u00f3n conduce a cross-site request forgery. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 0.4-alpha puede solucionar este problema. El parche se llama 58b413aa40820b49070782c786c526850ab7748f. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-249191."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:petrk94:ownhealthrecord:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4",
"matchCriteriaId": "F99995CA-2FBA-48E0-ABE5-7656B60E8BBF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MdAlAmin-aol/ownhealthrecord/commit/58b413aa40820b49070782c786c526850ab7748f",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MdAlAmin-aol/ownhealthrecord/releases/tag/v0.4-alpha",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.249191",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249191",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2022/CVE-2022-464xx/CVE-2022-46486.json
View File

@ -2,27 +2,97 @@
"id": "CVE-2022-46486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.173",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:20:14.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information."
},
{
"lang": "es",
"value": "La falta de l\u00f3gica de validaci\u00f3n de puntero en el componente __scone_dispatch de SCONE anterior a v5.8.0 para Intel SGX permite a los atacantes acceder a informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-763"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.8.0",
"matchCriteriaId": "ACF15B4C-DE86-40B0-9CE7-C9042533D45B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://jovanbulck.github.io/files/ccs19-tale.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://sconedocs.github.io/release5.7/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

63
CVE-2023/CVE-2023-313xx/CVE-2023-31302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.677",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:04:07.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Teller."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0056/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-505xx/CVE-2023-50550.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-50550",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T16:15:44.757",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:58:32.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que layui hasta v2.74 conten\u00eda una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s del par\u00e1metro data-content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.5",
"matchCriteriaId": "0D4498E8-E90A-4D5B-84A8-B67A1CCCA526"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/layui/layui/issues?utf8=%E2%9C%93&state=all&issue_search=xss",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-510xx/CVE-2023-51079.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51079",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:08.350",
"lastModified": "2023-12-27T21:37:15.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:38:55.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final."
},
{
"lang": "es",
"value": "Existe un error de TimeOut en el m\u00e9todo ParseTools.subCompileExpression en mvel2 v2.5.0 Final."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mvel:mvel:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBDE8E9-F229-4610-AAD0-5F98571B5688"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mvel/mvel/issues/348",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-517xx/CVE-2023-51701.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-51701",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-08T14:15:46.677",
"lastModified": "2024-01-08T14:15:46.677",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52180.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52180",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-31T11:15:09.130",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:46:37.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. Este problema afecta a Recipe Maker For Your Food Blog from Zip Recipes: desde n/a hasta 8.1 .0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:really-simple-plugins:recipe_maker_for_your_food_blog_from_zip_recipes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.1.1",
"matchCriteriaId": "16DD547E-D04E-4EE5-BAD3-ECA1801D777E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-1-0-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

178
CVE-2023/CVE-2023-522xx/CVE-2023-52240.json
View File

@ -2,39 +2,199 @@
"id": "CVE-2023-52240",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T22:15:37.070",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:32:47.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)"
},
{
"lang": "es",
"value": "Las aplicaciones de inicio de sesi\u00f3n \u00fanico Kantega SAML SSO OIDC Kerberos anteriores a 6.20.0 para productos Atlassian permiten XSS si el enlace SAML POST est\u00e1 habilitado. Esto afecta a 4.4.2 a 4.14.8 antes de 4.14.9, 5.0.0 a 5.11.4 antes de 5.11.5 y 6.0.0 a 6.19.0 antes de 6.20.0. Los nombres completos de los productos son Kantega SAML SSO OIDC Kerberos Single Sign-on para Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on para Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO Single Sign-on OIDC Kerberos para Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on para Bamboo Data Center & Server (Kantega SSO Enterprise) y Kantega SAML SSO OIDC Kerberos Single Sign-on para Servidor FeCru (Kantega SSO Enterprise). (Aqu\u00ed, FeCru se refiere a los productos Atlassian Fisheye y Crucible que funcionan juntos)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*",
"versionStartIncluding": "4.4.2",
"versionEndExcluding": "4.14.9",
"matchCriteriaId": "E25CE452-6A9D-43CD-B2C0-9F05CF1435ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*",
"versionStartIncluding": "4.4.2",
"versionEndExcluding": "4.14.9",
"matchCriteriaId": "18085385-2727-4A8B-AF51-A3AA95E5C621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*",
"versionStartIncluding": "4.4.2",
"versionEndExcluding": "4.14.9",
"matchCriteriaId": "26A03B32-B6EE-4B44-B2AB-A19330AB6314"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:fecru:*:*",
"versionStartIncluding": "4.4.2",
"versionEndExcluding": "4.14.9",
"matchCriteriaId": "3BCC69B7-03CF-4BD8-BB05-3A94A9A5D67F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*",
"versionStartIncluding": "4.4.2",
"versionEndExcluding": "4.14.9",
"matchCriteriaId": "29942ED3-4BBE-48EC-8C56-5B83D4B3BCAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.11.5",
"matchCriteriaId": "17705BE4-8F5F-4599-B5BC-B39371431C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.11.5",
"matchCriteriaId": "373A48CC-0592-4629-821A-21CEF001D749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.11.5",
"matchCriteriaId": "695DD0D2-9E61-4BEE-B2C5-D8DF581AC1E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.11.5",
"matchCriteriaId": "15376799-816D-4B38-8A98-5C59720BDF7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.20.0",
"matchCriteriaId": "B0E70B97-26D0-4D58-AC51-782EF31E5C93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.20.0",
"matchCriteriaId": "2FB079FA-EF11-4DAE-8C67-CDFC2EE681B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.20.0",
"matchCriteriaId": "A2BC8F24-D8C2-48BD-A269-A4E3587B1381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.20.0",
"matchCriteriaId": "4602AD1E-9DB9-4607-8281-97AABDC0A948"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

40
CVE-2023/CVE-2023-65xx/CVE-2023-6552.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-6552",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-08T13:15:09.257",
"lastModified": "2024-01-08T13:15:09.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6552/",
"source": "cvd@cert.pl"
},
{
"url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039",
"source": "cvd@cert.pl"
}
]
}

6
CVE-2023/CVE-2023-67xx/CVE-2023-6710.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6710",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T22:15:22.950",
"lastModified": "2023-12-18T17:15:41.067",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-08T14:15:46.957",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password."
"value": "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page."
},
{
"lang": "es",

68
CVE-2023/CVE-2023-71xx/CVE-2023-7172.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7172",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-30T09:15:07.953",
"lastModified": "2024-01-02T10:15:09.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:53:41.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Admin Dashboard es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249356."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CB92F-609E-4807-A613-7AA413460314"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sharathc213/CVE-2023-7172",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249356",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249356",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-71xx/CVE-2023-7173.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7173",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-30T12:15:44.680",
"lastModified": "2024-01-02T10:15:09.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:46:32.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como problem\u00e1tica. Una parte desconocida del archivo Registration.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento First Name conduce a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249357."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CB92F-609E-4807-A613-7AA413460314"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1Mqs0mmxxmKLrFLHekPke5bZnzMHvnrFm/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sharathc213/CVE-2023-7173",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-71xx/CVE-2023-7175.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7175",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-30T13:15:16.097",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T14:38:08.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Campcodes Online College Library System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/borrow_add.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento student conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249362 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes:online_college_library_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D331640-536F-4A3E-A438-540A67CDC849"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@heishou/libsystem-sql-injection-bb74915175fe",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249362",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249362",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-72xx/CVE-2023-7224.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-7224",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-01-08T14:15:47.130",
"lastModified": "2024-01-08T14:15:47.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@openvpn.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-95"
}
]
}
],
"references": [
{
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/",
"source": "security@openvpn.net"
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0189.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0189",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T18:15:08.037",
"lastModified": "2024-01-02T19:36:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:56:09.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en RRJ Nueva Ecija Engineer Online Portal 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo teacher_message.php del componente Create Message Handler. La manipulaci\u00f3n del argumento Content con la entrada conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249502 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2E258-3668-43F3-B65F-C8F3B5E8A263"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249502",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249502",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0190.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0190",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T19:15:11.717",
"lastModified": "2024-01-02T19:36:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:56:00.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en RRJ Nueva Ecija Engineer Online Portal 1.0 y clasificada como problem\u00e1tica. Este problema afecta a una funci\u00f3n desconocida del archivo add_quiz.php del componente Quiz Handler. La manipulaci\u00f3n del argumento Quiz Title/Quiz Description con la entrada conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249503."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2E258-3668-43F3-B65F-C8F3B5E8A263"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249503",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249503",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-01xx/CVE-2024-0191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0191",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T20:15:10.700",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:55:46.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2E258-3668-43F3-B65F-C8F3B5E8A263"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249504",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249504",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-01xx/CVE-2024-0192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0192",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T20:15:10.933",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T13:54:59.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2E258-3668-43F3-B65F-C8F3B5E8A263"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249505",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249505",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-03xx/CVE-2024-0321.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0321",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-01-08T13:15:09.347",
"lastModified": "2024-01-08T13:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-03xx/CVE-2024-0322.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0322",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-01-08T13:15:09.557",
"lastModified": "2024-01-08T13:15:09.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21644.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21644",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-08T14:15:47.217",
"lastModified": "2024-01-08T14:15:47.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21645.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21645",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-08T14:15:47.420",
"lastModified": "2024-01-08T14:15:47.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker\u2019s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21647.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21647",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-08T14:15:47.640",
"lastModified": "2024-01-08T14:15:47.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2",
"source": "security-advisories@github.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-08T13:00:40.270293+00:00
2024-01-08T15:00:24.957880+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-08T12:57:18.850000+00:00
2024-01-08T14:58:32.780000+00:00
```
### Last Data Feed Release
@ -29,45 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235036
235044
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `8`
* [CVE-2023-6921](CVE-2023/CVE-2023-69xx/CVE-2023-6921.json) (`2024-01-08T12:15:46.513`)
* [CVE-2023-6552](CVE-2023/CVE-2023-65xx/CVE-2023-6552.json) (`2024-01-08T13:15:09.257`)
* [CVE-2023-51701](CVE-2023/CVE-2023-517xx/CVE-2023-51701.json) (`2024-01-08T14:15:46.677`)
* [CVE-2023-7224](CVE-2023/CVE-2023-72xx/CVE-2023-7224.json) (`2024-01-08T14:15:47.130`)
* [CVE-2024-0321](CVE-2024/CVE-2024-03xx/CVE-2024-0321.json) (`2024-01-08T13:15:09.347`)
* [CVE-2024-0322](CVE-2024/CVE-2024-03xx/CVE-2024-0322.json) (`2024-01-08T13:15:09.557`)
* [CVE-2024-21644](CVE-2024/CVE-2024-216xx/CVE-2024-21644.json) (`2024-01-08T14:15:47.217`)
* [CVE-2024-21645](CVE-2024/CVE-2024-216xx/CVE-2024-21645.json) (`2024-01-08T14:15:47.420`)
* [CVE-2024-21647](CVE-2024/CVE-2024-216xx/CVE-2024-21647.json) (`2024-01-08T14:15:47.640`)
### CVEs modified in the last Commit
Recently modified CVEs: `81`
Recently modified CVEs: `15`
* [CVE-2024-0284](CVE-2024/CVE-2024-02xx/CVE-2024-0284.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0286](CVE-2024/CVE-2024-02xx/CVE-2024-0286.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0287](CVE-2024/CVE-2024-02xx/CVE-2024-0287.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0288](CVE-2024/CVE-2024-02xx/CVE-2024-0288.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0289](CVE-2024/CVE-2024-02xx/CVE-2024-0289.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0290](CVE-2024/CVE-2024-02xx/CVE-2024-0290.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0291](CVE-2024/CVE-2024-02xx/CVE-2024-0291.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0292](CVE-2024/CVE-2024-02xx/CVE-2024-0292.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0293](CVE-2024/CVE-2024-02xx/CVE-2024-0293.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0294](CVE-2024/CVE-2024-02xx/CVE-2024-0294.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0295](CVE-2024/CVE-2024-02xx/CVE-2024-0295.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0296](CVE-2024/CVE-2024-02xx/CVE-2024-0296.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0297](CVE-2024/CVE-2024-02xx/CVE-2024-0297.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0298](CVE-2024/CVE-2024-02xx/CVE-2024-0298.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0299](CVE-2024/CVE-2024-02xx/CVE-2024-0299.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0300](CVE-2024/CVE-2024-03xx/CVE-2024-0300.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0301](CVE-2024/CVE-2024-03xx/CVE-2024-0301.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0302](CVE-2024/CVE-2024-03xx/CVE-2024-0302.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-22216](CVE-2024/CVE-2024-222xx/CVE-2024-22216.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0303](CVE-2024/CVE-2024-03xx/CVE-2024-0303.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0304](CVE-2024/CVE-2024-03xx/CVE-2024-0304.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0305](CVE-2024/CVE-2024-03xx/CVE-2024-0305.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0306](CVE-2024/CVE-2024-03xx/CVE-2024-0306.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0307](CVE-2024/CVE-2024-03xx/CVE-2024-0307.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0308](CVE-2024/CVE-2024-03xx/CVE-2024-0308.json) (`2024-01-08T12:02:30.513`)
* [CVE-2018-25096](CVE-2018/CVE-2018-250xx/CVE-2018-25096.json) (`2024-01-08T14:53:38.617`)
* [CVE-2022-46486](CVE-2022/CVE-2022-464xx/CVE-2022-46486.json) (`2024-01-08T14:20:14.670`)
* [CVE-2023-31302](CVE-2023/CVE-2023-313xx/CVE-2023-31302.json) (`2024-01-08T13:04:07.097`)
* [CVE-2023-7173](CVE-2023/CVE-2023-71xx/CVE-2023-7173.json) (`2024-01-08T13:46:32.740`)
* [CVE-2023-7172](CVE-2023/CVE-2023-71xx/CVE-2023-7172.json) (`2024-01-08T13:53:41.707`)
* [CVE-2023-6710](CVE-2023/CVE-2023-67xx/CVE-2023-6710.json) (`2024-01-08T14:15:46.957`)
* [CVE-2023-52240](CVE-2023/CVE-2023-522xx/CVE-2023-52240.json) (`2024-01-08T14:32:47.203`)
* [CVE-2023-7175](CVE-2023/CVE-2023-71xx/CVE-2023-7175.json) (`2024-01-08T14:38:08.007`)
* [CVE-2023-51079](CVE-2023/CVE-2023-510xx/CVE-2023-51079.json) (`2024-01-08T14:38:55.560`)
* [CVE-2023-52180](CVE-2023/CVE-2023-521xx/CVE-2023-52180.json) (`2024-01-08T14:46:37.220`)
* [CVE-2023-50550](CVE-2023/CVE-2023-505xx/CVE-2023-50550.json) (`2024-01-08T14:58:32.780`)
* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-08T13:54:59.710`)
* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-08T13:55:46.670`)
* [CVE-2024-0190](CVE-2024/CVE-2024-01xx/CVE-2024-0190.json) (`2024-01-08T13:56:00.663`)
* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-08T13:56:09.703`)
## Download and Usage