admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 02:32:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-15T17:00:30.542461+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-15 17:00:34 +00:00
parent 68f7ba9812
commit c681381720
61 changed files with 4206 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2005/CVE-2005-09xx/CVE-2005-0918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2005-0918",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-05T04:00:00.000",
"lastModified": "2008-09-05T20:47:41.270",
"lastModified": "2024-02-15T15:19:52.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -44,13 +44,14 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -58,28 +59,20 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:svg_viewer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB514A64-3F7E-445D-B2A2-0BCC2D70A851"
},
"criteria": "cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.02",
"matchCriteriaId": "9C1FE08B-07BF-4393-AC21-26590D219EE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:svg_viewer:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37D81AEF-432E-4111-A2CD-292B54C959BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:svg_viewer:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06BCEE0-275C-41C8-8FBC-FCC838CF4D1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:svg_viewer:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CC526B50-EC02-48DD-AD5D-6BDCAC67C004"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:svg_viewer:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1145D3-28F5-4F5B-9F54-20DCBB1CFF3E"
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396"
}
]
}
@ -87,14 +80,28 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/15255",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1013890",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.adobe.com/support/techdocs/323585.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
]
},
@ -102,6 +109,7 @@
"url": "http://www.hyperdose.com/advisories/H2005-07.txt",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch"
]

151
CVE-2014/CVE-2014-31xx/CVE-2014-3185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-3185",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2014-09-28T10:55:10.283",
"lastModified": "2023-11-07T02:19:57.607",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T15:58:06.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,13 +63,43 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.16.1",
"matchCriteriaId": "8452407A-5074-4385-B9A1-9E49042CCAEB"
"versionStartExcluding": "3.2.63",
"matchCriteriaId": "7C80D391-F3B3-4EFA-AB8D-6AFF448F906C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFFCDFC-AE4F-47EE-B1DA-05A6865D1745"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.4.104",
"matchCriteriaId": "95E0847B-5988-4925-98FF-29EEE803ECC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "3.10.54",
"matchCriteriaId": "F9ACBC23-0CDB-475C-A567-6A4D9F322B31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.29",
"matchCriteriaId": "BBF71F21-E234-4CDD-87E7-D0F9ADDEFAD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.18",
"matchCriteriaId": "8E47EF9D-62CE-4AF1-A8C9-14E0D9AB3A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.2",
"matchCriteriaId": "4DAD07BE-4260-45D8-A744-53DE4E3DC346"
}
]
}
@ -79,79 +109,150 @@
"references": [
{
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6817ae225cd650fb1c3295d769298c38b1eba818",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/21",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.securityfocus.com/bid/69781",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2374-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2375-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2376-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2377-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2378-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2379-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141400",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://code.google.com/p/google-security-research/issues/detail?id=98",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2018/CVE-2018-201xx/CVE-2018-20169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-20169",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-12-17T07:29:00.653",
"lastModified": "2019-08-13T19:15:13.593",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T15:56:15.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,8 +85,43 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "3.16.63",
"matchCriteriaId": "130870FD-48F8-416B-8243-1635BCAF703E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.129",
"matchCriteriaId": "DB109F34-BDC4-4BD8-BF8E-B0219637CA44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.4.167",
"matchCriteriaId": "91D67486-8327-45D1-BCE8-F6765A134C66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.145",
"matchCriteriaId": "1443F599-242F-4D82-A137-C3F534A1D4B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.88",
"matchCriteriaId": "3ACB6D3C-AA01-41A7-9A30-7387B0104C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.9",
"matchCriteriaId": "8BFB21C0-9AA2-4122-907F-D95E8D3E2C89"
"matchCriteriaId": "14AFABA8-6411-4647-A0C5-7C5FF13256D0"
}
]
}
@ -140,11 +175,19 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3309",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3517",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9",
@ -203,11 +246,19 @@
},
{
"url": "https://usn.ubuntu.com/4094-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://usn.ubuntu.com/4118-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

201
CVE-2019/CVE-2019-115xx/CVE-2019-11599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-11599",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-04-29T18:29:00.243",
"lastModified": "2023-11-07T03:03:03.567",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T15:56:20.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,44 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.16.12",
"versionEndExcluding": "3.16.66",
"matchCriteriaId": "E19B1AD5-F2B9-42A0-8DEA-D1523A006A62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "4.4.183",
"matchCriteriaId": "048C641C-0C59-4039-B43F-98D9D1D80331"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.188",
"matchCriteriaId": "4FA14762-EEF0-47BF-9AEF-B4EA7F8370C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.114",
"matchCriteriaId": "A8435063-EEF3-4473-8F06-76341B7A06A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.37",
"matchCriteriaId": "ABC4CBFF-ED77-45EE-8543-A217F9762929"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.0.10",
"matchCriteriaId": "995B7430-4BA4-4979-BD8E-8907622852A8"
"matchCriteriaId": "C0ACE181-99FA-47C7-898B-810936A33C08"
}
]
}
@ -96,11 +132,19 @@
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html",
@ -113,7 +157,11 @@
},
{
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/04/29/1",
@ -149,35 +197,67 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2029",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2043",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3309",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3517",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0100",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0103",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0179",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0543",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790",
@ -231,63 +311,115 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Jul/33",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Jun/26",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20190517-0002/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://support.f5.com/csp/article/K51674118",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.f5.com/csp/article/K51674118?utm_source=f5support&amp%3Butm_medium=RSS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4069-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4069-2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://usn.ubuntu.com/4095-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://usn.ubuntu.com/4115-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://usn.ubuntu.com/4118-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.debian.org/security/2019/dsa-4465",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/46781/",
@ -300,7 +432,10 @@
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

35
CVE-2020/CVE-2020-293xx/CVE-2020-29368.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-29368",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-28T07:15:11.460",
"lastModified": "2022-04-26T16:34:29.487",
"lastModified": "2024-02-15T15:56:34.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -77,7 +77,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -86,15 +85,43 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.5",
"versionEndExcluding": "4.9.228",
"matchCriteriaId": "9F533643-6482-466F-87F2-9446C8214FF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.185",
"matchCriteriaId": "82A795AE-6C0D-4C70-93E8-CB1183C8F147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.129",
"matchCriteriaId": "96593438-C71A-47FD-B19B-F54C6E65BDA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.48",
"matchCriteriaId": "55E407BF-74C3-42AB-8591-2385D5732960"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.7.5",
"matchCriteriaId": "1473B179-9D2A-4105-9E31-6B1C2C8C144F"
"matchCriteriaId": "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

6
CVE-2022/CVE-2022-19xx/CVE-2022-1916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-1916",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-06-27T09:15:10.283",
"lastModified": "2022-07-06T17:15:40.673",
"lastModified": "2024-02-15T15:17:27.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.5",
"matchCriteriaId": "24FBB09D-55E9-47E4-A773-DD0400617003"
"matchCriteriaId": "C7EB1C72-D0C0-4C65-A17C-FC8E94558B26"
}
]
}

92
CVE-2023/CVE-2023-18xx/CVE-2023-1838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1838",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-05T19:15:07.793",
"lastModified": "2023-11-07T04:05:03.377",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T15:56:40.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,7 +46,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -66,8 +66,79 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18_25",
"matchCriteriaId": "1D18FD7E-DA12-4F2B-90B3-7C90E81B42FF"
"versionStartIncluding": "4.13",
"versionEndExcluding": "4.14.317",
"matchCriteriaId": "4656B60F-29E8-4D7E-B827-28CC2223B5C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.245",
"matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.196",
"matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.118",
"matchCriteriaId": "CA790029-5DF7-42D7-962E-C810540457A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.42",
"matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.17.10",
"matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -77,11 +148,18 @@
"references": [
{
"url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0003/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-253xx/CVE-2023-25365.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-25365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.410",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:01:16.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3"
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting encontrada en October CMS v.3.2.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del tipo de archivo .mp3"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octobercms:october:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B008F340-B11C-4D76-9A46-34F4B3B03904"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Press/Media Coverage",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-270xx/CVE-2023-27001.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-27001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.463",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:01:02.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation."
},
{
"lang": "es",
"value": "Un problema descubierto en Egerie Risk Manager v4.0.5 permite a los atacantes eludir el mecanismo de firma y alterar los valores dentro de el payload de JWT, lo que resulta en una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:egerie:egerie:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0916E437-CD3F-41D9-93AD-80B081282EC2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-27001.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-31xx/CVE-2023-3106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3106",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-12T09:15:14.550",
"lastModified": "2023-11-07T04:17:55.303",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T16:03:47.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -86,8 +86,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8",
"matchCriteriaId": "28EB12EC-3BC4-4DCC-9A6A-5F810F17E8FE"
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.39",
"matchCriteriaId": "7C441EE1-EC9F-4D9D-95A4-3FD494363278"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "4.4.223",
"matchCriteriaId": "8C132AFE-2E0B-47FD-BBAB-B5D5E3AC6DD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.7.10",
"matchCriteriaId": "C6C1817C-C779-47B1-B9F7-A77838991F27"
},
{
"vulnerable": true,

6
CVE-2023/CVE-2023-386xx/CVE-2023-38646.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-21T15:15:10.003",
"lastModified": "2023-08-09T18:15:13.213",
"lastModified": "2024-02-15T16:15:45.380",
"vulnStatus": "Modified",
"descriptions": [
{
@ -117,6 +117,10 @@
"url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/metabase/metabase/issues/32552",
"source": "cve@mitre.org",

69
CVE-2023/CVE-2023-402xx/CVE-2023-40265.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-40265",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.770",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:00:56.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite la ejecuci\u00f3n remota de c\u00f3digo autenticado mediante la carga de archivos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:unify_openscape_xpressions_webassistant:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "7r1_fr5_hf42_p911",
"matchCriteriaId": "659DD56F-AF9C-4B12-963E-FE33E39386E7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-03.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-402xx/CVE-2023-40266.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-40266",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.840",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:00:49.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite el path traversal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:unify_openscape_xpressions_webassistant:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "7r1_fr5_hf42_p911",
"matchCriteriaId": "659DD56F-AF9C-4B12-963E-FE33E39386E7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-03.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-42xx/CVE-2023-4206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4206",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.280",
"lastModified": "2024-01-11T19:15:11.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T15:57:06.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -90,8 +90,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
"versionStartIncluding": "3.18",
"versionEndExcluding": "4.14.322",
"matchCriteriaId": "1F7D3B5B-3896-4B9A-A0DF-07217A321EA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.291",
"matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.253",
"matchCriteriaId": "0707E9FF-8CDE-4AC1-98F3-5BB74EF88F8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.190",
"matchCriteriaId": "B8DECE4F-2D62-4976-B338-963015198AC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.126",
"matchCriteriaId": "C552AC9E-23B8-4D7D-AA26-57985BD93962"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.45",
"matchCriteriaId": "A0CA013D-55AF-4494-A931-AFC8EA64E875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.4.10",
"matchCriteriaId": "7BB0D94C-4FCE-46F4-A8D4-062D6A84627A"
}
]
}
@ -134,7 +177,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",

56
CVE-2023/CVE-2023-42xx/CVE-2023-4208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4208",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.627",
"lastModified": "2024-01-11T19:15:11.887",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T15:57:17.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -90,8 +90,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
"versionStartIncluding": "3.18",
"versionEndExcluding": "4.14.322",
"matchCriteriaId": "1F7D3B5B-3896-4B9A-A0DF-07217A321EA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.291",
"matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.253",
"matchCriteriaId": "0707E9FF-8CDE-4AC1-98F3-5BB74EF88F8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.190",
"matchCriteriaId": "B8DECE4F-2D62-4976-B338-963015198AC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.126",
"matchCriteriaId": "C552AC9E-23B8-4D7D-AA26-57985BD93962"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.45",
"matchCriteriaId": "A0CA013D-55AF-4494-A931-AFC8EA64E875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.4.10",
"matchCriteriaId": "7BB0D94C-4FCE-46F4-A8D4-062D6A84627A"
}
]
}
@ -130,7 +173,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",

8
CVE-2023/CVE-2023-458xx/CVE-2023-45887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-20T00:15:08.613",
"lastModified": "2024-01-02T14:32:56.787",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-15T16:15:45.510",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177135/DS-Wireless-Communication-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution",
"source": "cve@mitre.org",

90
CVE-2023/CVE-2023-471xx/CVE-2023-47131.json
View File

@ -2,19 +2,101 @@
"id": "CVE-2023-47131",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.827",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:59:41.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file."
},
{
"lang": "es",
"value": "La extensi\u00f3n N-able PassPortal anterior a 3.29.2 para Chrome inserta informaci\u00f3n confidencial en un archivo de registro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:n-able:passportal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.29.2",
"matchCriteriaId": "8DD54E0D-DB4D-474D-8DDA-3A9B2C90011A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://me.n-able.com/s/security-advisory/aArHs000000M8CCKA0/cve202347131-passportal-browser-extension-logs-sensitive-data",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-477xx/CVE-2023-47700.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47700",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-07T17:15:09.677",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:09:10.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
},
{
"lang": "es",
"value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podr\u00edan permitir a un atacante remoto falsificar un sistema confiable que no ser\u00eda validado correctamente por el servidor Storwize. Esto podr\u00eda llevar a que un usuario se conecte a un host malicioso, creyendo que se trata de un sistema confiable y siendo enga\u00f1ado para que acepte datos falsificados. ID de IBM X-Force: 271016."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7114767",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-491xx/CVE-2023-49101.json
View File

@ -2,19 +2,94 @@
"id": "CVE-2023-49101",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.940",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:00:44.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates."
},
{
"lang": "es",
"value": "WebAdmin en Axigen 10.3.x anterior a 10.3.3.61, 10.4.x anterior a 10.4.24 y 10.5.x anterior a 10.5.10 permite ataques XSS contra administradores debido al mal manejo de la visualizaci\u00f3n del uso de certificados SSL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.3.0",
"versionEndExcluding": "10.3.3.61",
"matchCriteriaId": "28DC928C-7974-4B07-B970-DD6B841D2E79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.24",
"matchCriteriaId": "95DDC008-B95F-4D5F-8E11-979BB0A5796B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "10.5.10",
"matchCriteriaId": "94798C71-063F-4867-98E7-25E318C597AD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.axigen.com/kb/show/400",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-49xx/CVE-2023-4993.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4993",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-15T16:15:45.643",
"lastModified": "2024-02-15T16:15:45.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104",
"source": "iletisim@usom.gov.tr"
}
]
}

6
CVE-2023/CVE-2023-515xx/CVE-2023-51505.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51505",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T13:15:10.820",
"lastModified": "2024-01-05T18:05:27.917",
"lastModified": "2024-02-15T15:08:24.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,9 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.6",
"matchCriteriaId": "30D66AEA-E69E-47C1-AADA-122FEA8355A3"
"matchCriteriaId": "573AA7BD-EB43-41C2-96DB-142251E723FB"
}
]
}

55
CVE-2023/CVE-2023-51xx/CVE-2023-5155.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5155",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-15T16:15:45.910",
"lastModified": "2024-02-15T16:15:45.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104",
"source": "iletisim@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-62xx/CVE-2023-6255.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6255",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-15T16:15:46.117",
"lastModified": "2024-02-15T16:15:46.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0104",
"source": "iletisim@usom.gov.tr"
}
]
}

227
CVE-2023/CVE-2023-63xx/CVE-2023-6356.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6356",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-07T21:15:08.317",
"lastModified": "2024-02-07T22:02:11.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:39:38.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe y provoca un p\u00e1nico en el kernel y una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,26 +70,215 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0723",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0724",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0725",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6356",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

227
CVE-2023/CVE-2023-65xx/CVE-2023-6535.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6535",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-07T21:15:08.530",
"lastModified": "2024-02-07T22:02:11.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:39:43.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca p\u00e1nico en el kernel y una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,26 +70,215 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0723",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0724",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0725",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6535",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

227
CVE-2023/CVE-2023-65xx/CVE-2023-6536.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6536",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-07T21:15:08.733",
"lastModified": "2024-02-07T22:02:11.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:25:07.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca p\u00e1nico en el kernel y una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,26 +70,215 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0723",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0724",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0725",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6536",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

6
CVE-2023/CVE-2023-70xx/CVE-2023-7014.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7014",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:58.943",
"lastModified": "2024-02-13T16:18:27.937",
"lastModified": "2024-02-15T15:07:55.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:molongui:authorship:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:amitzy:molongui_authorship:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.5",
"matchCriteriaId": "F110C079-3E25-4DA9-B768-77342962D2B5"
"matchCriteriaId": "94A0B084-131E-48A2-9BBC-E9220BE7B6C8"
}
]
}

55
CVE-2023/CVE-2023-70xx/CVE-2023-7081.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-7081",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-15T16:15:46.373",
"lastModified": "2024-02-15T16:15:46.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHS\u0130L Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0103",
"source": "iletisim@usom.gov.tr"
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0164.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0164",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.473",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:55:31.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_topstats. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios con privilegios elevados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0165",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.700",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:55:25.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_acldb_dump. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-01xx/CVE-2024-0166.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0166",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:09.960",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:55:20.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_tcpdump. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo con privilegios elevados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0167.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0167",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.133",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:55:14.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la utilidad svc_topstats. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda sobrescribir archivos arbitrarios en el sistema de archivos con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-01xx/CVE-2024-0170.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0170",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.800",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:55:09.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_cava. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, escapar del shell restringido y ejecutar comandos arbitrarios del sistema operativo con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-09xx/CVE-2024-0985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0985",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-02-08T13:15:08.927",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:23:49.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary",
@ -50,10 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.18",
"matchCriteriaId": "6515DD96-8226-4C7A-9731-75C62F781ADD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.14",
"matchCriteriaId": "36C5A43F-5861-460E-912B-BC70C232DEED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.11",
"matchCriteriaId": "170AC44C-3970-46BF-8071-4B29F5EF20F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.6",
"matchCriteriaId": "AF8DDD13-1879-4298-855A-F2FC236CB846"
}
]
}
]
}
],
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/",
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-202xx/CVE-2024-20252.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20252",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:09.913",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:54:43.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00edan permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: \"Serie Cisco Expressway\" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles [\"#details\"] de este aviso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "0A7F785F-B9AD-4036-B752-61CB9F69B16C"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-202xx/CVE-2024-20254.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20254",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.130",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:54:33.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00edan permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: \"Serie Cisco Expressway\" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles [\"#details\"] de este aviso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "0A7F785F-B9AD-4036-B752-61CB9F69B16C"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-202xx/CVE-2024-20255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20255",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.327",
"lastModified": "2024-02-07T17:38:33.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:54:19.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la API SOAP de Cisco Expressway Series y Cisco TelePresence Video Communication Server podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site request forgery (CSRF) en un sistema afectado. Esta vulnerabilidad se debe a protecciones CSRF insuficientes para la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la API REST para que siga un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el sistema afectado se recargue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "7131565E-A9DB-4C80-9935-5312E2BE2994"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2024/CVE-2024-202xx/CVE-2024-20290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20290",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.517",
"lastModified": "2024-02-14T03:15:14.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:43:27.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -50,18 +80,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "7.5.17",
"matchCriteriaId": "107EAB90-71E6-4FF7-BAA5-71F21C4FE683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "8.0.1.21160",
"versionEndExcluding": "8.2.3.30119",
"matchCriteriaId": "2EA4AF93-6973-4F23-A173-99701A2FB637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.0",
"matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-220xx/CVE-2024-22012.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-22012",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-02-07T16:15:47.687",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:10:05.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
},
{
"lang": "es",
"value": "En TBD de TBD, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-02-01",
"source": "dsap-vuln-management@google.com"
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-226xx/CVE-2024-22637.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22637",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.427",
"lastModified": "2024-01-29T15:57:38.163",
"lastModified": "2024-02-15T15:19:44.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formtools:form_toools:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5EBA2C-5B01-4C27-B786-973A45D0A4A8"
"criteria": "cpe:2.3:a:formtools:form_tools:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2FECB7-93EA-4F34-AD68-A96EED343AF6"
}
]
}

78
CVE-2024/CVE-2024-228xx/CVE-2024-22836.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-22836",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T20:15:52.830",
"lastModified": "2024-02-08T21:03:22.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:00:38.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Akaunting v3.1.3 y versiones anteriores. Un atacante puede manipular la configuraci\u00f3n regional de la empresa al instalar una aplicaci\u00f3n para ejecutar comandos del sistema en el servidor de alojamiento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:akaunting:akaunting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "187ED3B4-BC97-413C-801B-0671E38DAEFA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://akaunting.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/akaunting/akaunting/releases/tag/3.1.4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/u32i/cve/tree/main/CVE-2024-22836",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-234xx/CVE-2024-23448.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23448",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-02-07T22:15:09.987",
"lastModified": "2024-02-08T03:29:33.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:39:14.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema por el cual APM Server pod\u00eda iniciar sesi\u00f3n en el nivel ERROR, una respuesta de Elasticsearch indicaba que la indexaci\u00f3n del documento fall\u00f3 y que esa respuesta contendr\u00eda partes del documento original. Dependiendo de la naturaleza del documento que el servidor APM intent\u00f3 ingerir, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del servidor APM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.12.1",
"matchCriteriaId": "359F4AB6-DD4A-4B8E-B6AE-5879A047E448"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-236xx/CVE-2024-23660.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-23660",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T20:15:52.887",
"lastModified": "2024-02-08T21:03:22.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:01:29.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Binance Trust Wallet para iOS en el commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 hace un mal uso de la librer\u00eda trezor-crypto y, en consecuencia, genera palabras mnemot\u00e9cnicas para las cuales el tiempo del dispositivo es la \u00fanica fuente de entrop\u00eda, lo que genera p\u00e9rdidas econ\u00f3micas, como se explot\u00f3 en julio 2023. Un atacante puede generar sistem\u00e1ticamente mnem\u00f3nicos para cada marca de tiempo dentro de un per\u00edodo de tiempo aplicable y vincularlos a direcciones de billetera espec\u00edficas para robar fondos de esas billeteras."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:binance:trust_wallet:0.0.4:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "45D1DFB6-967A-4455-9154-5929E18431E2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://milksad.info/posts/research-update-5/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23756.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-23756",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T21:15:08.380",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:01:08.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them."
},
{
"lang": "es",
"value": "Los m\u00e9todos HTTP PUT y DELETE est\u00e1n habilitados en la versi\u00f3n 5.2.13 (5221) oficial de Docker de Plone, lo que permite a atacantes no autenticados ejecutar acciones peligrosas como cargar archivos al servidor o eliminarlos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:plone:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB57250-2183-41C5-9EC2-6D32A991516D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-237xx/CVE-2024-23769.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23769",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T19:15:08.437",
"lastModified": "2024-02-07T22:02:11.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:40:20.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data."
},
{
"lang": "es",
"value": "El control de privilegios inadecuado para la canalizaci\u00f3n con nombre en Samsung Magician PC Software 8.0.0 (para Windows) permite a un atacante local leer datos privilegiados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +58,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:magician:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34531F24-ABCD-49CF-BE71-4BC35AF27449"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24115",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T20:15:52.933",
"lastModified": "2024-02-14T22:15:48.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:01:23.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la funci\u00f3n Editar p\u00e1gina de Cotonti CMS v0.9.24 permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cotonti:siena:0.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "53AB91EE-8789-4E70-B950-EBA76B57944D"
}
]
}
]
}
],
"references": [
{
"url": "https://mechaneus.github.io/CVE-2024-24115.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-242xx/CVE-2024-24202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T05:15:08.593",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:24:30.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,77 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en /upgrade/control.php de ZenTao Community Edition v18.10, ZenTao Biz v8.10 y ZenTao Max v4.10 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo .txt manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:*",
"matchCriteriaId": "D6445254-1C39-4E80-8AFF-9E100F043E35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "41C834A4-88A7-4F19-90B3-4214D321C568"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA51DA5A-3570-408E-9254-5E13D20DA145"
}
]
}
]
}
],
"references": [
{
"url": "https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-242xx/CVE-2024-24213.json
View File

@ -2,31 +2,99 @@
"id": "CVE-2024-24213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T18:15:08.237",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:00:32.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Supabase PostgreSQL v15.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /pg_meta/default/query."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B2D1C6-F9D3-46F9-988C-4E4BEDF498F5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://app.flows.sh:8443/project/default%2C",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer.",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://reference1.example.com/project/default/logs/explorer%2C",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

60
CVE-2024/CVE-2024-245xx/CVE-2024-24590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24590",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.100",
"lastModified": "2024-02-13T20:15:52.953",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T15:43:23.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -50,10 +80,34 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.17.0",
"versionEndIncluding": "1.14.2",
"matchCriteriaId": "E6977435-CDE5-4CE8-B6CA-A302E5841FF2"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-245xx/CVE-2024-24591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24591",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.367",
"lastModified": "2024-02-13T20:15:53.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T16:14:26.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -50,10 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67B96EA1-2F78-43CC-9732-D22428A9C801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "931CB808-10A5-4656-A2A9-4BDAD84F06BE"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-245xx/CVE-2024-24592.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24592",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.730",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:57:44.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Lack of authentication in all versions of the fileserver component of Allegro AI\u2019s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. \n"
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en todas las versiones del componente del servidor de archivos de la plataforma ClearML de Allegro AI permite a un atacante remoto acceder, crear, modificar y eliminar archivos de forma arbitraria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "103BE03A-14B9-47F2-89B2-C7AC238C8C1A"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-245xx/CVE-2024-24593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24593",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.977",
"lastModified": "2024-02-13T20:15:53.243",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T16:55:09.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -50,10 +80,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "774F9B65-A581-4DF9-8BA9-D7E84C2E5504"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-245xx/CVE-2024-24594.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24594",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:10.203",
"lastModified": "2024-02-06T17:53:00.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T16:47:17.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI\u2019s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en todas las versiones del componente del servidor web de la plataforma ClearML de Allegro AI, permite a un atacante remoto ejecutar un payload de JavaScript cuando un usuario ve la pesta\u00f1a Muestras de depuraci\u00f3n en la interfaz de usuario web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8EB0BF-75B9-4B0E-9129-0508A2742B27"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-248xx/CVE-2024-24815.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T16:15:47.753",
"lastModified": "2024-02-07T18:15:54.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:09:37.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts."
},
{
"lang": "es",
"value": "CKEditor4 es un editor HTML de c\u00f3digo abierto de lo que ves es lo que obtienes. Se ha descubierto una vulnerabilidad de cross-site scripting en el m\u00f3dulo principal de an\u00e1lisis HTML en versiones de CKEditor4 anteriores a la 4.24.0-lts. Puede afectar a todas las instancias del editor que habilitaron el modo de edici\u00f3n de p\u00e1gina completa o habilitaron elementos CDATA en la configuraci\u00f3n de filtrado de contenido avanzado (los elementos predeterminados son `script` y `style`). La vulnerabilidad permite a los atacantes inyectar contenido HTML con formato incorrecto sin pasar por el mecanismo de filtrado de contenido avanzado, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo JavaScript. Un atacante podr\u00eda abusar de la detecci\u00f3n de contenido CDATA defectuosa y utilizarla para preparar un ataque intencional al editor. Hay una soluci\u00f3n disponible en la versi\u00f3n 4.24.0-lts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +70,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.24.0",
"matchCriteriaId": "5070BF32-E186-434A-9640-21D43A3CDA38"
}
]
}
]
}
],
"references": [
{
"url": "https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-248xx/CVE-2024-24822.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:54.147",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:43:07.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Antes de la versi\u00f3n 1.3.3, un atacante pod\u00eda crear, eliminar, etc. etiquetas sin tener permiso para hacerlo. Hay una soluci\u00f3n disponible en la versi\u00f3n 1.3.3. Como workaround, se puede aplicar el parche manualmente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "23018350-7CBD-4A0F-8FC3-7591E52971B0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-248xx/CVE-2024-24823.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:54.870",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:41:48.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable."
},
{
"lang": "es",
"value": "Graylog es una plataforma de gesti\u00f3n de registros abierta y gratuita. A partir de la versi\u00f3n 4.3.0 y antes de las versiones 5.1.11 y 5.2.4, la nueva autenticaci\u00f3n con una cookie de sesi\u00f3n existente reutilizar\u00eda esa identificaci\u00f3n de sesi\u00f3n, incluso si se trata de credenciales de usuario diferentes. En este caso, la sesi\u00f3n preexistente podr\u00eda usarse para obtener acceso elevado a una sesi\u00f3n de inicio de sesi\u00f3n de Graylog existente, siempre que el usuario malintencionado pueda inyectar con \u00e9xito su cookie de sesi\u00f3n en el navegador de otra persona. La complejidad de un ataque de este tipo es alta, porque requiere presentar una pantalla de inicio de sesi\u00f3n falsificada e inyectar una cookie de sesi\u00f3n en un navegador existente, potencialmente a trav\u00e9s de un ataque de cross-site scripting. No se ha descubierto ning\u00fan ataque de este tipo. Graylog 5.1.11 y 5.2.4, y cualquier versi\u00f3n de la rama de desarrollo 6.0, contienen parches para no reutilizar sesiones bajo ninguna circunstancia. Algunos workarounds est\u00e1n disponibles. El uso de una caducidad corta de la sesi\u00f3n y cierres de sesi\u00f3n expl\u00edcitos de las sesiones no utilizadas pueden ayudar a limitar el vector de ataque. Esta vulnerabilidad no est\u00e1 parcheada, pero es relativamente dif\u00edcil de explotar. Se podr\u00eda aprovechar un proxy para borrar la cookie de \"autenticaci\u00f3n\" para la URL del servidor Graylog para el endpoint \"/api/system/sessions\", ya que ese es el \u00fanico vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "5.1.11",
"matchCriteriaId": "924684AB-5E3A-4A6B-B607-1DB1124848EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.4",
"matchCriteriaId": "4A343880-1202-4534-AE60-F314473EABD9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-248xx/CVE-2024-24824.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24824",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T18:15:55.330",
"lastModified": "2024-02-07T18:16:22.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:40:51.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue."
},
{
"lang": "es",
"value": "Graylog es una plataforma de gesti\u00f3n de registros abierta y gratuita. A partir de la versi\u00f3n 2.0.0 y anteriores a las versiones 5.1.11 y 5.2.4, se pueden cargar y crear instancias de clases arbitrarias mediante una solicitud HTTP PUT al endpoint `/api/system/cluster_config/`. El sistema de configuraci\u00f3n del cl\u00faster de Graylog utiliza nombres de clases completos como claves de configuraci\u00f3n. Para validar la existencia de la clase solicitada antes de usarlas, Graylog carga la clase usando el cargador de clases. Si un usuario con los permisos adecuados realiza la solicitud, se pueden crear instancias de clases arbitrarias con constructores String de 1 argumento. Esto ejecutar\u00e1 c\u00f3digo arbitrario que se ejecuta durante la creaci\u00f3n de instancias de clase. En el caso de uso espec\u00edfico de `java.io.File`, el comportamiento de la pila interna del servidor web provocar\u00e1 la exposici\u00f3n de la informaci\u00f3n al incluir todo el contenido del archivo en la respuesta a la solicitud REST. Las versiones 5.1.11 y 5.2.4 contienen una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +84,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "5.1.11",
"matchCriteriaId": "4FF51673-2704-4414-B5D1-2B49F75635B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.4",
"matchCriteriaId": "4A343880-1202-4534-AE60-F314473EABD9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

241
CVE-2024/CVE-2024-251xx/CVE-2024-25145.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-25145",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-07T15:15:09.097",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:10:35.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) almacenado en la aplicaci\u00f3n Resultados de b\u00fasqueda del m\u00f3dulo Portal Search en Liferay Portal 7.2.0 a 7.4.3.11 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 8, 7.3 antes de la actualizaci\u00f3n 4, 7.2 antes del fixpack 17 y versiones anteriores no compatibles permiten a los usuarios autenticados remotamente inyectar scripts web o HTML arbitrario en el resultado de b\u00fasqueda de la aplicaci\u00f3n Resultados de b\u00fasqueda si el resaltado est\u00e1 deshabilitado agregando cualquier contenido que permita realizar b\u00fasquedas (por ejemplo, blog, mensaje en el tablero de mensajes, art\u00edculo de contenido web) a la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -46,10 +80,211 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2",
"matchCriteriaId": "5BC18F4F-2284-4E3E-B8AC-8EDE1649C635"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:*",
"matchCriteriaId": "74FAF597-EAAD-4BB5-AB99-8129476A7E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "50EA838E-E234-4EE1-8193-5FAD0E093940"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*",
"matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*",
"matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*",
"matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "ADB5F13C-EE1E-4448-8FCF-5966F6874440"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "46AF397F-A95C-4FAD-A6EA-CB623B7A262A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_2:*:*:*:*:*:*",
"matchCriteriaId": "C2C2351E-BDEE-4A79-A00C-6520B54996EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*",
"matchCriteriaId": "25F5C3E9-CBB0-4114-91A4-41F0E666026A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_4:*:*:*:*:*:*",
"matchCriteriaId": "5E2B5687-B311-460E-A562-D754AF271F8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B49D0CB9-8ED7-46AB-9BA5-7235A2CD9117"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_6:*:*:*:*:*:*",
"matchCriteriaId": "DF169364-096C-4294-B89F-C07AF1DCC9C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_7:*:*:*:*:*:*",
"matchCriteriaId": "30CB2C54-1A20-4226-ACC6-AC8131899AE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.2.1",
"matchCriteriaId": "345F6776-E492-489C-AC23-760BBC693A4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndIncluding": "7.3.7",
"matchCriteriaId": "13F59EAA-9EC8-44CC-8F56-BC26981F584F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.3.12",
"matchCriteriaId": "9DCE033F-5706-4060-8ED1-BB386019325D"
}
]
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145",
"source": "security@liferay.com"
"source": "security@liferay.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-252xx/CVE-2024-25200.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-25200",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:53.013",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:22:25.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espruino 2v20 (commit fcc9ba4) conten\u00eda un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s de jspeFactorFunctionCall en src/jsparse.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:espruino:espruino:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEF8D93-5F22-4DB9-B15D-EA860BD3F688"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espruino/Espruino/issues/2457",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-252xx/CVE-2024-25201.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2024-25201",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T14:15:53.060",
"lastModified": "2024-02-07T17:04:54.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T15:21:30.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Espruino 2v20 (commit fcc9ba4) conten\u00eda una lectura fuera de los l\u00edmites a trav\u00e9s de jsvStringIteratorPrintfCallback en src/jsvar.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:espruino:espruino:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEF8D93-5F22-4DB9-B15D-EA860BD3F688"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espruino/Espruino/issues/2456",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

88
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-15T15:01:55.619710+00:00
2024-02-15T17:00:30.542461+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-15T14:54:09.117000+00:00
2024-02-15T16:59:41.410000+00:00
```
### Last Data Feed Release
@ -29,68 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238685
238689
```
### CVEs added in the last Commit
Recently added CVEs: `32`
Recently added CVEs: `4`
* [CVE-2023-39244](CVE-2023/CVE-2023-392xx/CVE-2023-39244.json) (`2024-02-15T13:15:45.770`)
* [CVE-2023-39245](CVE-2023/CVE-2023-392xx/CVE-2023-39245.json) (`2024-02-15T13:15:46.000`)
* [CVE-2024-20733](CVE-2024/CVE-2024-207xx/CVE-2024-20733.json) (`2024-02-15T13:15:47.700`)
* [CVE-2024-20734](CVE-2024/CVE-2024-207xx/CVE-2024-20734.json) (`2024-02-15T13:15:47.897`)
* [CVE-2024-20735](CVE-2024/CVE-2024-207xx/CVE-2024-20735.json) (`2024-02-15T13:15:48.100`)
* [CVE-2024-20736](CVE-2024/CVE-2024-207xx/CVE-2024-20736.json) (`2024-02-15T13:15:48.280`)
* [CVE-2024-20738](CVE-2024/CVE-2024-207xx/CVE-2024-20738.json) (`2024-02-15T13:15:48.473`)
* [CVE-2024-20739](CVE-2024/CVE-2024-207xx/CVE-2024-20739.json) (`2024-02-15T13:15:48.670`)
* [CVE-2024-20747](CVE-2024/CVE-2024-207xx/CVE-2024-20747.json) (`2024-02-15T13:15:48.860`)
* [CVE-2024-20748](CVE-2024/CVE-2024-207xx/CVE-2024-20748.json) (`2024-02-15T13:15:49.050`)
* [CVE-2024-20749](CVE-2024/CVE-2024-207xx/CVE-2024-20749.json) (`2024-02-15T13:15:49.237`)
* [CVE-2024-20750](CVE-2024/CVE-2024-207xx/CVE-2024-20750.json) (`2024-02-15T13:15:49.427`)
* [CVE-2024-20716](CVE-2024/CVE-2024-207xx/CVE-2024-20716.json) (`2024-02-15T14:15:45.463`)
* [CVE-2024-20717](CVE-2024/CVE-2024-207xx/CVE-2024-20717.json) (`2024-02-15T14:15:45.663`)
* [CVE-2024-20718](CVE-2024/CVE-2024-207xx/CVE-2024-20718.json) (`2024-02-15T14:15:45.870`)
* [CVE-2024-20719](CVE-2024/CVE-2024-207xx/CVE-2024-20719.json) (`2024-02-15T14:15:46.077`)
* [CVE-2024-20720](CVE-2024/CVE-2024-207xx/CVE-2024-20720.json) (`2024-02-15T14:15:46.283`)
* [CVE-2024-23113](CVE-2024/CVE-2024-231xx/CVE-2024-23113.json) (`2024-02-15T14:15:46.503`)
* [CVE-2024-1530](CVE-2024/CVE-2024-15xx/CVE-2024-1530.json) (`2024-02-15T13:15:46.210`)
* [CVE-2024-20726](CVE-2024/CVE-2024-207xx/CVE-2024-20726.json) (`2024-02-15T13:15:46.500`)
* [CVE-2024-20727](CVE-2024/CVE-2024-207xx/CVE-2024-20727.json) (`2024-02-15T13:15:46.697`)
* [CVE-2024-20728](CVE-2024/CVE-2024-207xx/CVE-2024-20728.json) (`2024-02-15T13:15:46.893`)
* [CVE-2024-20729](CVE-2024/CVE-2024-207xx/CVE-2024-20729.json) (`2024-02-15T13:15:47.087`)
* [CVE-2024-20730](CVE-2024/CVE-2024-207xx/CVE-2024-20730.json) (`2024-02-15T13:15:47.303`)
* [CVE-2024-20731](CVE-2024/CVE-2024-207xx/CVE-2024-20731.json) (`2024-02-15T13:15:47.500`)
* [CVE-2023-4993](CVE-2023/CVE-2023-49xx/CVE-2023-4993.json) (`2024-02-15T16:15:45.643`)
* [CVE-2023-5155](CVE-2023/CVE-2023-51xx/CVE-2023-5155.json) (`2024-02-15T16:15:45.910`)
* [CVE-2023-6255](CVE-2023/CVE-2023-62xx/CVE-2023-6255.json) (`2024-02-15T16:15:46.117`)
* [CVE-2023-7081](CVE-2023/CVE-2023-70xx/CVE-2023-7081.json) (`2024-02-15T16:15:46.373`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `56`
* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-15T14:21:14.870`)
* [CVE-2023-4537](CVE-2023/CVE-2023-45xx/CVE-2023-4537.json) (`2024-02-15T14:28:31.380`)
* [CVE-2023-4538](CVE-2023/CVE-2023-45xx/CVE-2023-4538.json) (`2024-02-15T14:28:31.380`)
* [CVE-2023-4539](CVE-2023/CVE-2023-45xx/CVE-2023-4539.json) (`2024-02-15T14:28:31.380`)
* [CVE-2023-43609](CVE-2023/CVE-2023-436xx/CVE-2023-43609.json) (`2024-02-15T14:45:17.063`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2024-02-15T14:46:21.340`)
* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-15T14:23:55.580`)
* [CVE-2024-20723](CVE-2024/CVE-2024-207xx/CVE-2024-20723.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20724](CVE-2024/CVE-2024-207xx/CVE-2024-20724.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20725](CVE-2024/CVE-2024-207xx/CVE-2024-20725.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20740](CVE-2024/CVE-2024-207xx/CVE-2024-20740.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20741](CVE-2024/CVE-2024-207xx/CVE-2024-20741.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20742](CVE-2024/CVE-2024-207xx/CVE-2024-20742.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20743](CVE-2024/CVE-2024-207xx/CVE-2024-20743.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-20744](CVE-2024/CVE-2024-207xx/CVE-2024-20744.json) (`2024-02-15T14:28:26.433`)
* [CVE-2024-0708](CVE-2024/CVE-2024-07xx/CVE-2024-0708.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-21727](CVE-2024/CVE-2024-217xx/CVE-2024-21727.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-0353](CVE-2024/CVE-2024-03xx/CVE-2024-0353.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-24256](CVE-2024/CVE-2024-242xx/CVE-2024-24256.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-24386](CVE-2024/CVE-2024-243xx/CVE-2024-24386.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-0390](CVE-2024/CVE-2024-03xx/CVE-2024-0390.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-20722](CVE-2024/CVE-2024-207xx/CVE-2024-20722.json) (`2024-02-15T14:28:31.380`)
* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-15T14:31:50.893`)
* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-15T14:54:09.117`)
* [CVE-2024-24202](CVE-2024/CVE-2024-242xx/CVE-2024-24202.json) (`2024-02-15T15:24:30.247`)
* [CVE-2024-23448](CVE-2024/CVE-2024-234xx/CVE-2024-23448.json) (`2024-02-15T15:39:14.317`)
* [CVE-2024-23769](CVE-2024/CVE-2024-237xx/CVE-2024-23769.json) (`2024-02-15T15:40:20.690`)
* [CVE-2024-24824](CVE-2024/CVE-2024-248xx/CVE-2024-24824.json) (`2024-02-15T15:40:51.680`)
* [CVE-2024-24823](CVE-2024/CVE-2024-248xx/CVE-2024-24823.json) (`2024-02-15T15:41:48.550`)
* [CVE-2024-24822](CVE-2024/CVE-2024-248xx/CVE-2024-24822.json) (`2024-02-15T15:43:07.647`)
* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-15T15:43:23.723`)
* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-15T15:43:27.240`)
* [CVE-2024-20255](CVE-2024/CVE-2024-202xx/CVE-2024-20255.json) (`2024-02-15T15:54:19.960`)
* [CVE-2024-20254](CVE-2024/CVE-2024-202xx/CVE-2024-20254.json) (`2024-02-15T15:54:33.153`)
* [CVE-2024-20252](CVE-2024/CVE-2024-202xx/CVE-2024-20252.json) (`2024-02-15T15:54:43.420`)
* [CVE-2024-24213](CVE-2024/CVE-2024-242xx/CVE-2024-24213.json) (`2024-02-15T16:00:32.213`)
* [CVE-2024-22836](CVE-2024/CVE-2024-228xx/CVE-2024-22836.json) (`2024-02-15T16:00:38.090`)
* [CVE-2024-23756](CVE-2024/CVE-2024-237xx/CVE-2024-23756.json) (`2024-02-15T16:01:08.870`)
* [CVE-2024-24115](CVE-2024/CVE-2024-241xx/CVE-2024-24115.json) (`2024-02-15T16:01:23.457`)
* [CVE-2024-23660](CVE-2024/CVE-2024-236xx/CVE-2024-23660.json) (`2024-02-15T16:01:29.370`)
* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-15T16:14:26.243`)
* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-15T16:47:17.213`)
* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-15T16:55:09.417`)
* [CVE-2024-0170](CVE-2024/CVE-2024-01xx/CVE-2024-0170.json) (`2024-02-15T16:55:09.957`)
* [CVE-2024-0167](CVE-2024/CVE-2024-01xx/CVE-2024-0167.json) (`2024-02-15T16:55:14.213`)
* [CVE-2024-0166](CVE-2024/CVE-2024-01xx/CVE-2024-0166.json) (`2024-02-15T16:55:20.360`)
* [CVE-2024-0165](CVE-2024/CVE-2024-01xx/CVE-2024-0165.json) (`2024-02-15T16:55:25.687`)
* [CVE-2024-0164](CVE-2024/CVE-2024-01xx/CVE-2024-0164.json) (`2024-02-15T16:55:31.620`)
* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-15T16:57:44.677`)
## Download and Usage